What happened with Gallant FX ? On May 30/2010 several people on the internet posted images and messages pertaining to the fact that they were observing the picture showed below within their Virtual Private Servers and the GallantFX main website (both gallantfx and gallatnvps.com domains got hacked). The websites and VPS browser requests read “hacked by Aseroh” and later displayed the admin entry login screen of the Joomla control panel. Some users confirmed that they could access the content manager by using the default administrator username and password something that exposed the websites’ html content to manipulation by anyone. I checked this myself that day and found it to be true.
I have to tell you that I was shocked when I read about this on several websites. It was the first time ever that I had seen a forex broker fall prey to the attack of what appears to be a hacker who targets Joomla exploits. The hacker made it clear on the VPS that he had gained root access to the servers, meaning that he could manipulate anything he wanted within the network. However people noticed that their accounts were intact as well as their VPS contents. So no harm done right ? Wrong ! The fact that this broker was exposed to this hacking means that it was vulnerable to the implantation of third party applications that could be used for a WIDE variety of things. From logging trading activity to wiping all accounts during a certain date to whatever other creative evil use you want it to have.
The fact is that this breach of security exposed all the content’s of people’s VPS severs and by extension, their trading platform passwords, expert advisors, etc. Nobody knows if there is not a guy out there with thousands of forex account passwords waiting to use them in a single day or if there is a secret bot within GallantFX right now waiting for that little event that will trigger a very nasty destructive frency. The fact is : Who knows. For this reason I consider right now that everyone running on this broker should definitely change to a different broker, merely because of the security breach they had which is simply unacceptable for any company dealing with sensitive financial data.
This event makes us reflect upon the importance of our broker’s security and the fact that brokers should use non-standard solutions for content management instead of a free widely used and well-known content management system like joomla. Not because Joomla is bad but because it is under constant study by hackers world-wide and vulnerabilities are easily exploited by a wide sector of this community. Using a third party propietary solution is a good line of defense since hacker attacks would take considerably more study due to the custom character of the solution used.
What this shows is that low budget brokers have low budget solutions to their content management, web hosting and probably VPS offerings so I would advice you to think twice before using a broker that you consider extremely new or not very well known. Using brokers that have a good reputation and adequate regulation that forces them to comply with some basic internet security standards should be a basic thing we should look for. All NFA and UK regulated brokers have to abide by these standards while some brokers like FXDD (malta) comply with these regulations on their own accord, outside NFA ruling. Whatever the case, I advice you to research your brokers security so that you can rest assured that an event like the one happening at GallantFX will be extremely unlikely.
If you would like to read more about automated trading and how you too can create likely long term profitable automated trading systems please consider buying my ebook on automated trading or joining Asirikuy to receive all ebook purchase benefits, weekly updates, check the live accounts I am running with several expert advisors and get in the road towards long term success in the forex market using automated trading systems. I hope you enjoyed the article !