Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5
1371 posts

Uber Geek


  # 468679 13-May-2011 11:44
Send private message

Seems to me like these are the facts:

-Some wordpress sites were injected with code, but also custom php sites were infected as well.
-It seems as though all the infected files were modified at the same time it was some sort of script that was uploaded and executed.
-This seems strange as more than one person on here has said all the file/folder permissions were correct - so it was clearly someone with knowledge of the savage setup.
-It seems as the way of entry for the attack was FTP although all users claim they have a complex password, i would say it is exteremly unlikely or even immpossible that all the passwords were hacked so quickly.


This leads me to the conclusion that it is an ex staff member or someone currently working inside savage who is somewhat disgruntled.

I mean who else would know all about their setup and able to bypass all the FTP accounts.

They must have either had a master passsword/backdoor employee entry or the managed to have a look see inside the password database.

1163 posts

Uber Geek


  # 468854 13-May-2011 17:40

Probably a good reason to use a local provider.

 
 
 
 


16 posts

Geek


  # 468884 13-May-2011 19:13
Send private message

The admins seem convinced that the FTP server was the point of entry. I was further told that they have disabled the affected FTP accounts (they will be enabled when you reset the passwords) and scanned the customer's scripts for the hacker's code.

Interestingly though I was told by one Customer Sservices tech that they do not have any method of deterring brute-force attacks on the FTP server, which I find amazing - and very worrying. Repeated failed attempts to access FTP accounts are not being logged or discouraged. It seems fairly logical to me that any point of entry into the server should either have CAPTCHA if it is human-entered or have some means of blocking repeated attacks ... in the same way that I can make a user wait 15 minutes if he fails to log into an SSH server 3 times.

Does anyone know other hosts that do have brute-force prevention on their FTP accounts?

11 posts

Geek


  # 468904 13-May-2011 20:37
Send private message

I confronted them too, and got the expected "it's not our fault, it's yours!" response.

 "Hello Troels,

We are sorry for the incident. And, no, we don\'t have back ups. But, also, please understand that Servage is not in charge if FTP accounts are hacked. The user is in charge for using long and elaborated passwords and to change the passwords from time to time to increase the security.

We ask you to clean the application from malicious code and to secure your account. Thank you.

Kind Regards
Helge, Support
Servage Hosting"

My password would not be on any dictionary brute-force password list, as it's a random selection of characters! 

299 posts

Ultimate Geek


  # 468910 13-May-2011 20:54
Send private message

I don't think you can simply rely on your hosting provider to backup your sites.  Even if a provider did have this sort of service I would still be inclined to set up my own backup solution.  As I mentioned earlier in this thread there are good backup options to offsite services like Amazon S3.

Also HostGator have a manual Full Backup option where all files and databases are backed up and then zipped up on your shared instance.  You can then download this file locally which is also a good thing to do every few months.




Red Jet Web Services
- Affordable websites for small businesses
- Google Email setup and Migrations

16 posts

Geek


  # 468913 13-May-2011 21:01
Send private message

The problem with customer-instigated backups is that they are often done manually (so can be forgotten) and when you have Tera-bytes of data and databases to back up it just doesn't make sense to back those up over the net.

944 posts

Ultimate Geek


  # 468926 13-May-2011 21:43
Send private message

it is very important to determine the source, just skimming over the history and replies it seems like your host is the primary suspect

As for restoring wordpress sites, if you just want to bring over the content to a fresh installation that is quite simple as they have build in import function in WP




 
 
 
 


1163 posts

Uber Geek


  # 468929 13-May-2011 21:53

puttitat: I confronted them too, and got the expected "it's not our fault, it's yours!" response.

 "Hello Troels,

We are sorry for the incident. And, no, we don\'t have back ups. But, also, please understand that Servage is not in charge if FTP accounts are hacked. The user is in charge for using long and elaborated passwords and to change the passwords from time to time to increase the security.

We ask you to clean the application from malicious code and to secure your account. Thank you.

Kind Regards
Helge, Support
Servage Hosting"


My password would not be on any dictionary brute-force password list, as it's a random selection of characters! 


 

I thought all hosts had some form of backup. The main one I use have 14 days of backups stored, but even the others I use do daily weekly and monthly offsite backups. But obviously people should be doing their own backups too, and they can be setup to do automatic ones using a cron job.

 

 

11 posts

Geek


  # 468930 13-May-2011 22:02
Send private message

robbyp: 
 
I thought all hosts had some form of backup. The main one I use have 14 days of backups stored, but even the others I use do daily weekly and monthly offsite backups. But obviously people should be doing their own backups too, and they can be setup to do automatic ones using a cron job.


Quote from Servage wiki:

"The cronjob must complete in 30 sec or our server will kill the script. This is done in order to protect servers from stalling." 

So - that's of no use.

16 posts

Geek


  # 468935 13-May-2011 22:12
Send private message

Hmm ... so looking at the facts, as explained by Servage staff:

- they don't have any method of alerting users that their FTP accounts are being brute-force attacked
- they don't have any system to delay or slow down brute-force attacks on the FTP system
- once breached, the FTP system gives any hacker complete control over all the files in the account and the ability to upload and then run rogue scripts
- they do not take their own backups of custom's valuable data
- they do not have a system for automatic customer-instigated backups
- their only manual backup option is to download the site using an FTP client

I think I'll be contacting HostGator unless the above issues aren't addressed.

11 posts

Geek


  # 468962 13-May-2011 23:32
Send private message

Why not HostGator right away? Wasn't aware of them...

How are they performing regarding these issues? Backup plans? etc etc...

I'd love to hear from people using HostGator!!!

How do their Control Panel look? I kind of like the control panel at Servage, but if HostGator is equally good, I'll change host in a jiffy.

Edit: Just signed up at HostGator for one of my domains, just to check them out.

299 posts

Ultimate Geek


  # 468963 13-May-2011 23:38
Send private message

puttitat: Why not HostGator right away? Wasn't aware of them...

How are they performing regarding these issues? Backup plans? etc etc...

I'd love to hear from people using HostGator!!!

How do their Control Panel look? I kind of like the control panel at Servage, but if HostGator is equally good, I'll change host in a jiffy. 


HostGator are one of the best  hosting providers IMO.  Their support is second to none and their control panel and one click installers are excellent.  You can demo the control panel by clicking on the "TRY CPANEL DEMO" link on this page: http://www.hostgator.com/shared.shtml

You have to implement your own backup solution, but you do have the option of doing a manual full backup, but as I mentioned before you shouldn't rely on your host to back up your sites.




Red Jet Web Services
- Affordable websites for small businesses
- Google Email setup and Migrations

1163 posts

Uber Geek


  # 468967 13-May-2011 23:52

redjet:
puttitat: Why not HostGator right away? Wasn't aware of them...

How are they performing regarding these issues? Backup plans? etc etc...

I'd love to hear from people using HostGator!!!

How do their Control Panel look? I kind of like the control panel at Servage, but if HostGator is equally good, I'll change host in a jiffy. 


HostGator are one of the best  hosting providers IMO.  Their support is second to none and their control panel and one click installers are excellent.  You can demo the control panel by clicking on the "TRY CPANEL DEMO" link on this page: http://www.hostgator.com/shared.shtml


You have to implement your own backup solution, but you do have the option of doing a manual full backup, but as I mentioned before you shouldn't rely on your host to back up your sites.


 

Or people could support NZ companies. I have found the NZ hosts I use have excellent support. You do pay a bit more, but it is worth it, especially in these types of situations which do happen, which end up costing a lot of money in lost time.

944 posts

Ultimate Geek


  # 469258 15-May-2011 12:25
Send private message

robbyp:  

Or people could support NZ companies. I have found the NZ hosts I use have excellent support. You do pay a bit more, but it is worth it, especially in these types of situations which do happen, which end up costing a lot of money in lost time.


True, from the support side of things I'd recommend this NZ company:
http://hostingnow.co.nz/web-hosting/ (& starting at $7/month that is kinda reasonable even compared to overseas sites) 






435 posts

Ultimate Geek


  # 469263 15-May-2011 12:31
Send private message

The attraction of servage was basically unlimited storage, unlimited traffic, unlimited domains....

1 | 2 | 3 | 4 | 5
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Ring launches indoor-only security camera
Posted 23-Jan-2020 17:26


New report findings will help schools implement the digital technologies curriculum content
Posted 23-Jan-2020 17:25


N4L to upgrade & support wireless internet inside schools
Posted 23-Jan-2020 17:22


Netflix releases 21 Studio Ghibli works
Posted 22-Jan-2020 11:42


Vodafone integrates eSIM into device and wearable roadmap
Posted 17-Jan-2020 09:45


Do you need this camera app? Group investigates privacy implications
Posted 16-Jan-2020 03:30


JBL launches headphones range designed for gaming
Posted 13-Jan-2020 09:59


Withings introduces ScanWatch wearable combining ECG and sleep apnea detection
Posted 9-Jan-2020 18:34


NZ Police releases public app
Posted 8-Jan-2020 11:43


Suunto 7 combine sports and smart features on new smartwatch generation
Posted 7-Jan-2020 16:06


Intel brings innovation with technology spanning the cloud, network, edge and PC
Posted 7-Jan-2020 15:54


AMD announces high performance desktop and ultrathin laptop processors
Posted 7-Jan-2020 15:42


AMD unveils four new desktop and mobile GPUs including AMD Radeon RX 5600
Posted 7-Jan-2020 15:32


Consolidation in video streaming market with Spark selling Lightbox to Sky
Posted 19-Dec-2019 09:09


Intel introduces cryogenic control chip to enable quantum computers
Posted 10-Dec-2019 21:32



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.