Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5


412 posts

Ultimate Geek
+1 received by user: 64


  Reply # 469267 15-May-2011 12:39
Send private message

Well it looks like Servage are now taking this seriously. I just got the following email:

Dear Geoffrey,

Unfortunately we have to notify you about suspicious activities we have seen on our
FTP servers in conjunction with at least one of your FTP accounts.

It seems like an FTP account that belongs to your account, has been abused to modify
files in your account.
Those modifications are code injections of malware or other unwanted code that are
affecting the visitors of your websites.

We have run a tool to automatically detect and remove some of the inserted code
lines, but the automatic system unfortunately does not detect and remove any code
that might have been inserted, so please review all your files that recently has
been modified.

In addition we disabled the FTP Account for security reasons to prevent any
further file modifications.

As it seems that 3'rd party got knowledge of your FTP accounts password please also
consider to remove the FTP account access data specified in any Installed
application like Joomla or Wordpress, as they might get hacked and the FTP login
details stolen.
Please also scan your local Computer for Viruses as those also can be a reason for
the hack.

Your FTP Account will automatically be re-enabled, when your change the password for
that account.



412 posts

Ultimate Geek
+1 received by user: 64


  Reply # 469268 15-May-2011 12:40
Send private message



We have run a tool to automatically detect and remove some of the inserted code
lines, but the automatic system unfortunately does not detect and remove any code
that might have been inserted


lol what?

 
 
 
 


13086 posts

Uber Geek
+1 received by user: 1532


  Reply # 469303 15-May-2011 15:05
Send private message

GeoffisPure:


We have run a tool to automatically detect and remove some of the inserted code
lines, but the automatic system unfortunately does not detect and remove any code
that might have been inserted


lol what?



 

They havn't told you how someone may have got your password, and whether the flaw is at their end or yours. 

13086 posts

Uber Geek
+1 received by user: 1532


  Reply # 469304 15-May-2011 15:06
Send private message

GeoffisPure: The attraction of servage was basically unlimited storage, unlimited traffic, unlimited domains....


 

There is no such thing as unlimited...

928 posts

Ultimate Geek
+1 received by user: 25


  Reply # 469321 15-May-2011 15:51
Send private message

GeoffisPure: The attraction of servage was basically unlimited storage, unlimited traffic, unlimited domains....


everybody knows that is just marketing nonsense, they'll have "fair use" clauses or similar

and as soon as you hit any kind of usage above quite moderate usage they'll kick you off.

AND/OR

They pack their servers loaded up with lots of people exploiting these "cheap deals" to the point it becomes unworkable, because sure you might have unlimited traffic in theory but the speed becomes so terribly slow that in practise it worse than if you'd gone with somebody else.


Additionally do you really need such features as unlimited storage for instance? Unless you're trying to store all of mankind's knowledge in one place then I doubt it. Most average websites only require a fraction of a single gigabyte.




Who I am: multi time Ironman finisher, University of Auckland graduate, Freelancer (mainly focused on website development, message me for work).

twitter.com/TersoIT

13086 posts

Uber Geek
+1 received by user: 1532


  Reply # 469323 15-May-2011 15:58
Send private message

dman:
GeoffisPure: The attraction of servage was basically unlimited storage, unlimited traffic, unlimited domains....


everybody knows that is just marketing nonsense, they'll have "fair use" clauses or similar

and as soon as you hit any kind of usage above quite moderate usage they'll kick you off.

AND/OR

They pack their servers loaded up with lots of people exploiting these "cheap deals" to the point it becomes unworkable, because sure you might have unlimited traffic in theory but the speed becomes so terribly slow that in practise it worse than if you'd gone with somebody else.



Additionally do you really need such features as unlimited storage for instance? Unless you're trying to store all of mankind's knowledge in one place then I doubt it. Most average websites only require a fraction of a single gigabyte.


 

Absolutely right. I think you are best to get dedicated quotas, so at least you know what you are getting. But even then there are many companies that oversell. Most websites do use very little in the way of diskspace and traffic anyway, and if you need that diskspace for email, you are best to use Gmail for your email, which provdes GB's of data on a very reliable network at no cost. 

11 posts

Geek


  Reply # 469430 15-May-2011 22:47
Send private message

Well, Servage is quite a lot faster than HostGator when you live in the EU. HostGator responds with 150ms ping, where Servage clocks in at 47 ms.

There is no doubt that HostGater is faster in the US (or what?) than Servage, but for EU customers, Servage is the place to be hosted.

I got the same email as the one posted in here, and when you contact them after you see over 1000 files of yours has been compromised, it is YOUR problem to get them fixed, and that is editing the files MANUALLY in a text editor and reuploading.

That is one sucky task to do!

16 posts

Geek


  Reply # 469435 15-May-2011 22:58
Send private message

Servage have been very good for us in terms of up-time and speed and it seems like they have closed the FTP-brute-force-attack problem but not necessarily in a way that I would do it. Their system disables the attacked FTP account - pushing the responsibility onto the customer, while I would have just slowed down any attacker that fails a login 3 times and reported the attacker to the customer.

Also, their lack of a backup system is worrying because I believe that all hosts should archive the customer's sites on a daily basis and allow them to revert the site, databases & settings if they have to recover from a hack. It's just lucky that the hacker didn't delete the whole site. Most people can recover their scripts and the site structure easily but databases and uploaded files are much harder to keep backed up if you only have an FTP client to do it with.

11 posts

Geek


  Reply # 469438 15-May-2011 23:02
Send private message

It is not the hosting providers task to provide backup. As the end user, it's just a single click to backup your MySQL databases.

Nevertheless, the log ons were done with the correct username and password the first time, maybe they used an exploit in WordPress to get the usernames and passwords, who knows.

16 posts

Geek


  Reply # 469448 16-May-2011 00:23
Send private message

puttitat: It is not the hosting providers task to provide backup. As the end user, it's just a single click to backup your MySQL databases.

Nevertheless, the log ons were done with the correct username and password the first time, maybe they used an exploit in WordPress to get the usernames and passwords, who knows.



Yes, but any provider that uses CPanelX has been offering customers a backup that backs up all
files, databases and hosting settings with 1 click. The host I use for my own personal sites cost
me $70/year and they do an automatic backup daily. I think it is fair to expect the customer to
decide which level of backup to do and to configure backups but I believe that the host should
provide a better system than "you must use an FTP client". If you have GBs of data to copy this
just isn't a realistic option for commercial sites, in my opinion.

If you read up in the thread you'll see that WordPress has been ruled out as the point of entry
and it seems to have been a brute-force attack on the FTP server.

13086 posts

Uber Geek
+1 received by user: 1532


  Reply # 469449 16-May-2011 00:32
Send private message

ChrisR: 


Yes, but any provider that uses CPanelX has been offering customers a backup that backs up all
files, databases and hosting settings with 1 click. The host I use for my own personal sites cost
me $70/year and they do an automatic backup daily. I think it is fair to expect the customer to
decide which level of backup to do and to configure backups but I believe that the host should
provide a better system than "you must use an FTP client". If you have GBs of data to copy this
just isn't a realistic option for commercial sites, in my opinion.

If you read up in the thread you'll see that WordPress has been ruled out as the point of entry
and it seems to have been a brute-force attack on the FTP server.



 

When you do your research on a web host, you look what their backup systems are, and whether you want to go with one that has  a decent backup system, or you want to fully manage all the backups yourself (usually the cheaper option). Just a daily back in my opinion is not much use, as it might take you a few days to find that there is a problem, and by that time it will already be overwritten. Also some will charge you a huge fee to restore data from backups, while some charge very little or will do it for free.

11 posts

Geek


  Reply # 469450 16-May-2011 00:33
Send private message

Brute force, yeah right.

My password was a random selection of characters:

17 characters long:

1 special character
2 numbers
1 uppercase character
and the rest lowercase. NO WORDS USED, it was complete nonsense!

So nope, it wasn't brute force... It would take too long for my password to be "guessed".

6536 posts

Uber Geek
+1 received by user: 2943

Moderator
Trusted
Subscriber

  Reply # 469456 16-May-2011 01:14
Send private message

I hear about this sort of thing all the time with Shared Hosting Providers and all I can say is if it's a important site avoid them like the plague. I would recommend grabbing a Virtual Server which gives you control over the whole server at a affordable rate. My site has been hosted on one for years + I am also hosting a few high traffic websites without issues.

It may be more work, but it's totally worth it. The 2 Virtual Server providers I recommend are Unleash and Linode - While Unleash might be a tad more expensive since it's hosted in NZ the staff are very knowledgeable and the servers are fast. Linode is about the same, the staff are always there to help you out + the servers are fast, the only downside is they are hosted in America but I do find that the speeds are excellent netherless - Both of these providers offer free native IPv6 too ;)

If you can afford $20US per month to host your site, go Virtual! I am sure you have a friend that can help you out in exchange for you hosting their site too ;) 




Michael Murphy | https://murfy.nz
Want to be with an epic ISP? Want $20 to join them too? Well, use this link to sign up to BigPipe!
The Router Guide | Electric KiwiCommunity UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial


16 posts

Geek


  Reply # 469460 16-May-2011 01:49
Send private message

puttitat: Brute force, yeah right.

My password was a random selection of characters:

17 characters long:

1 special character
2 numbers
1 uppercase character
and the rest lowercase. NO WORDS USED, it was complete nonsense!

So nope, it wasn't brute force... It would take too long for my password to be "guessed".

That's pretty convincing ... what did Servage say when you pressed them on how that password could have been cracked?  

11 posts

Geek


  Reply # 469461 16-May-2011 02:10
Send private message

ChrisR:
That's pretty convincing ... what did Servage say when you pressed them on how that password could have been cracked?  


Servage Support:



Hello Troels,

We are sorry for the incident. And, no, we don\'t have back ups. But, also, please understand that Servage is not in charge if FTP accounts are hacked. The user is in charge for using long and elaborated passwords and to change the passwords from time to time to increase the security.

We ask you to clean the application from malicious code and to secure your account. Thank you.

Kind Regards
Helge, Support
Servage Hosting


Please do laugh out loud! That must be a joke.

Can you guys recommend some Virtual Server host in the EU? I live i Denmark, so NZ / US servers are out of the question.




1 | 2 | 3 | 4 | 5
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

FUJIFILM introduces X-E3 mirrorless camera with wireless connectivity
Posted 18-Sep-2017 13:53


Vodafone announces new plans with bigger data bundles
Posted 15-Sep-2017 10:51


Skinny launches phone with support for te reo Maori
Posted 14-Sep-2017 08:39


If Vodafone dropping mail worries you, you’re doing online wrong
Posted 11-Sep-2017 13:54


Vodafone New Zealand deploy live 400 gigabit system
Posted 11-Sep-2017 11:07


OPPO camera phones now available at PB Tech
Posted 11-Sep-2017 09:56


Norton Wi-Fi Privacy — Easy, flawed VPN
Posted 11-Sep-2017 09:48


Lenovo reveals new ThinkPad A Series
Posted 8-Sep-2017 14:37


Huawei passes Apple for the first time to capture the second spot globally
Posted 8-Sep-2017 10:45


Vodafone initiative enhances te reo Maori pronunciation on Google Maps
Posted 8-Sep-2017 10:40


Voyager Internet expand local internet phone services company with Conversant acquisition
Posted 6-Sep-2017 18:27


NOW Expands in to Tauranga
Posted 5-Sep-2017 18:16


Windows 10 Fall Creators Update coming Oct. 17
Posted 4-Sep-2017 14:10


Garmin introduce Garmin vivoactive 3
Posted 1-Sep-2017 18:38


Kiwibank wastes $90 million on software – Reseller News
Posted 1-Sep-2017 13:45



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.