Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5
1350 posts

Uber Geek
+1 received by user: 15


  Reply # 468679 13-May-2011 11:44
Send private message

Seems to me like these are the facts:

-Some wordpress sites were injected with code, but also custom php sites were infected as well.
-It seems as though all the infected files were modified at the same time it was some sort of script that was uploaded and executed.
-This seems strange as more than one person on here has said all the file/folder permissions were correct - so it was clearly someone with knowledge of the savage setup.
-It seems as the way of entry for the attack was FTP although all users claim they have a complex password, i would say it is exteremly unlikely or even immpossible that all the passwords were hacked so quickly.


This leads me to the conclusion that it is an ex staff member or someone currently working inside savage who is somewhat disgruntled.

I mean who else would know all about their setup and able to bypass all the FTP accounts.

They must have either had a master passsword/backdoor employee entry or the managed to have a look see inside the password database.

1163 posts

Uber Geek


  Reply # 468854 13-May-2011 17:40

Probably a good reason to use a local provider.

 
 
 
 


16 posts

Geek


  Reply # 468884 13-May-2011 19:13
Send private message

The admins seem convinced that the FTP server was the point of entry. I was further told that they have disabled the affected FTP accounts (they will be enabled when you reset the passwords) and scanned the customer's scripts for the hacker's code.

Interestingly though I was told by one Customer Sservices tech that they do not have any method of deterring brute-force attacks on the FTP server, which I find amazing - and very worrying. Repeated failed attempts to access FTP accounts are not being logged or discouraged. It seems fairly logical to me that any point of entry into the server should either have CAPTCHA if it is human-entered or have some means of blocking repeated attacks ... in the same way that I can make a user wait 15 minutes if he fails to log into an SSH server 3 times.

Does anyone know other hosts that do have brute-force prevention on their FTP accounts?

11 posts

Geek


  Reply # 468904 13-May-2011 20:37
Send private message

I confronted them too, and got the expected "it's not our fault, it's yours!" response.

 "Hello Troels,

We are sorry for the incident. And, no, we don\'t have back ups. But, also, please understand that Servage is not in charge if FTP accounts are hacked. The user is in charge for using long and elaborated passwords and to change the passwords from time to time to increase the security.

We ask you to clean the application from malicious code and to secure your account. Thank you.

Kind Regards
Helge, Support
Servage Hosting"

My password would not be on any dictionary brute-force password list, as it's a random selection of characters! 

299 posts

Ultimate Geek
+1 received by user: 1


  Reply # 468910 13-May-2011 20:54
Send private message

I don't think you can simply rely on your hosting provider to backup your sites.  Even if a provider did have this sort of service I would still be inclined to set up my own backup solution.  As I mentioned earlier in this thread there are good backup options to offsite services like Amazon S3.

Also HostGator have a manual Full Backup option where all files and databases are backed up and then zipped up on your shared instance.  You can then download this file locally which is also a good thing to do every few months.




Red Jet Web Services
- Affordable websites for small businesses
- Google Email setup and Migrations

16 posts

Geek


  Reply # 468913 13-May-2011 21:01
Send private message

The problem with customer-instigated backups is that they are often done manually (so can be forgotten) and when you have Tera-bytes of data and databases to back up it just doesn't make sense to back those up over the net.

928 posts

Ultimate Geek
+1 received by user: 25


  Reply # 468926 13-May-2011 21:43
Send private message

it is very important to determine the source, just skimming over the history and replies it seems like your host is the primary suspect

As for restoring wordpress sites, if you just want to bring over the content to a fresh installation that is quite simple as they have build in import function in WP




Who I am: multi time Ironman finisher, University of Auckland graduate, Freelancer (mainly focused on website development, message me for work).

twitter.com/TersoIT

1163 posts

Uber Geek


  Reply # 468929 13-May-2011 21:53

puttitat: I confronted them too, and got the expected "it's not our fault, it's yours!" response.

 "Hello Troels,

We are sorry for the incident. And, no, we don\'t have back ups. But, also, please understand that Servage is not in charge if FTP accounts are hacked. The user is in charge for using long and elaborated passwords and to change the passwords from time to time to increase the security.

We ask you to clean the application from malicious code and to secure your account. Thank you.

Kind Regards
Helge, Support
Servage Hosting"


My password would not be on any dictionary brute-force password list, as it's a random selection of characters! 


 

I thought all hosts had some form of backup. The main one I use have 14 days of backups stored, but even the others I use do daily weekly and monthly offsite backups. But obviously people should be doing their own backups too, and they can be setup to do automatic ones using a cron job.

 

 

11 posts

Geek


  Reply # 468930 13-May-2011 22:02
Send private message

robbyp: 
 
I thought all hosts had some form of backup. The main one I use have 14 days of backups stored, but even the others I use do daily weekly and monthly offsite backups. But obviously people should be doing their own backups too, and they can be setup to do automatic ones using a cron job.


Quote from Servage wiki:

"The cronjob must complete in 30 sec or our server will kill the script. This is done in order to protect servers from stalling." 

So - that's of no use.

16 posts

Geek


  Reply # 468935 13-May-2011 22:12
Send private message

Hmm ... so looking at the facts, as explained by Servage staff:

- they don't have any method of alerting users that their FTP accounts are being brute-force attacked
- they don't have any system to delay or slow down brute-force attacks on the FTP system
- once breached, the FTP system gives any hacker complete control over all the files in the account and the ability to upload and then run rogue scripts
- they do not take their own backups of custom's valuable data
- they do not have a system for automatic customer-instigated backups
- their only manual backup option is to download the site using an FTP client

I think I'll be contacting HostGator unless the above issues aren't addressed.

11 posts

Geek


  Reply # 468962 13-May-2011 23:32
Send private message

Why not HostGator right away? Wasn't aware of them...

How are they performing regarding these issues? Backup plans? etc etc...

I'd love to hear from people using HostGator!!!

How do their Control Panel look? I kind of like the control panel at Servage, but if HostGator is equally good, I'll change host in a jiffy.

Edit: Just signed up at HostGator for one of my domains, just to check them out.

299 posts

Ultimate Geek
+1 received by user: 1


  Reply # 468963 13-May-2011 23:38
Send private message

puttitat: Why not HostGator right away? Wasn't aware of them...

How are they performing regarding these issues? Backup plans? etc etc...

I'd love to hear from people using HostGator!!!

How do their Control Panel look? I kind of like the control panel at Servage, but if HostGator is equally good, I'll change host in a jiffy. 


HostGator are one of the best  hosting providers IMO.  Their support is second to none and their control panel and one click installers are excellent.  You can demo the control panel by clicking on the "TRY CPANEL DEMO" link on this page: http://www.hostgator.com/shared.shtml

You have to implement your own backup solution, but you do have the option of doing a manual full backup, but as I mentioned before you shouldn't rely on your host to back up your sites.




Red Jet Web Services
- Affordable websites for small businesses
- Google Email setup and Migrations

1163 posts

Uber Geek


  Reply # 468967 13-May-2011 23:52

redjet:
puttitat: Why not HostGator right away? Wasn't aware of them...

How are they performing regarding these issues? Backup plans? etc etc...

I'd love to hear from people using HostGator!!!

How do their Control Panel look? I kind of like the control panel at Servage, but if HostGator is equally good, I'll change host in a jiffy. 


HostGator are one of the best  hosting providers IMO.  Their support is second to none and their control panel and one click installers are excellent.  You can demo the control panel by clicking on the "TRY CPANEL DEMO" link on this page: http://www.hostgator.com/shared.shtml


You have to implement your own backup solution, but you do have the option of doing a manual full backup, but as I mentioned before you shouldn't rely on your host to back up your sites.


 

Or people could support NZ companies. I have found the NZ hosts I use have excellent support. You do pay a bit more, but it is worth it, especially in these types of situations which do happen, which end up costing a lot of money in lost time.

928 posts

Ultimate Geek
+1 received by user: 25


  Reply # 469258 15-May-2011 12:25
Send private message

robbyp:  

Or people could support NZ companies. I have found the NZ hosts I use have excellent support. You do pay a bit more, but it is worth it, especially in these types of situations which do happen, which end up costing a lot of money in lost time.


True, from the support side of things I'd recommend this NZ company:
http://hostingnow.co.nz/web-hosting/ (& starting at $7/month that is kinda reasonable even compared to overseas sites) 




Who I am: multi time Ironman finisher, University of Auckland graduate, Freelancer (mainly focused on website development, message me for work).

twitter.com/TersoIT



412 posts

Ultimate Geek
+1 received by user: 64


  Reply # 469263 15-May-2011 12:31
Send private message

The attraction of servage was basically unlimited storage, unlimited traffic, unlimited domains....

1 | 2 | 3 | 4 | 5
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Symantec protects data everywhere with Information Centric Security
Posted 21-Sep-2017 15:33


FUJIFILM introduces X-E3 mirrorless camera with wireless connectivity
Posted 18-Sep-2017 13:53


Vodafone announces new plans with bigger data bundles
Posted 15-Sep-2017 10:51


Skinny launches phone with support for te reo Maori
Posted 14-Sep-2017 08:39


If Vodafone dropping mail worries you, you’re doing online wrong
Posted 11-Sep-2017 13:54


Vodafone New Zealand deploy live 400 gigabit system
Posted 11-Sep-2017 11:07


OPPO camera phones now available at PB Tech
Posted 11-Sep-2017 09:56


Norton Wi-Fi Privacy — Easy, flawed VPN
Posted 11-Sep-2017 09:48


Lenovo reveals new ThinkPad A Series
Posted 8-Sep-2017 14:37


Huawei passes Apple for the first time to capture the second spot globally
Posted 8-Sep-2017 10:45


Vodafone initiative enhances te reo Maori pronunciation on Google Maps
Posted 8-Sep-2017 10:40


Voyager Internet expand local internet phone services company with Conversant acquisition
Posted 6-Sep-2017 18:27


NOW Expands in to Tauranga
Posted 5-Sep-2017 18:16


Windows 10 Fall Creators Update coming Oct. 17
Posted 4-Sep-2017 14:10


Garmin introduce Garmin vivoactive 3
Posted 1-Sep-2017 18:38



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.