Five Wordpress sites hacked (servage.net)

Forums › IT Pro and developers › Five Wordpress sites hacked (servage.net)

1 | 2 | 3 | 4 | 5

456 posts

Ultimate Geek

#469267 15-May-2011 12:39

Well it looks like Servage are now taking this seriously. I just got the following email:

Dear Geoffrey,

Unfortunately we have to notify you about suspicious activities we have seen on our
FTP servers in conjunction with at least one of your FTP accounts.

It seems like an FTP account that belongs to your account, has been abused to modify
files in your account.
Those modifications are code injections of malware or other unwanted code that are
affecting the visitors of your websites.

We have run a tool to automatically detect and remove some of the inserted code
lines, but the automatic system unfortunately does not detect and remove any code
that might have been inserted, so please review all your files that recently has
been modified.

In addition we disabled the FTP Account for security reasons to prevent any
further file modifications.

As it seems that 3'rd party got knowledge of your FTP accounts password please also
consider to remove the FTP account access data specified in any Installed
application like Joomla or Wordpress, as they might get hacked and the FTP login
details stolen.
Please also scan your local Computer for Viruses as those also can be a reason for
the hack.

Your FTP Account will automatically be re-enabled, when your change the password for
that account.

Backblaze

Backblaze Unlimited Backup. World’s easiest cloud backup. Get peace of mind knowing your files are backed up securely in the cloud (affiliate link).

GeoffisPure

456 posts

Ultimate Geek

#469268 15-May-2011 12:40

We have run a tool to automatically detect and remove some of the inserted code
lines, but the automatic system unfortunately does not detect and remove any code
that might have been inserted

lol what?

mattwnz

19380 posts

Uber Geek

#469303 15-May-2011 15:05

GeoffisPure:

We have run a tool to automatically detect and remove some of the inserted code
lines, but the automatic system unfortunately does not detect and remove any code
that might have been inserted

lol what?

They havn't told you how someone may have got your password, and whether the flaw is at their end or yours.

mattwnz

19380 posts

Uber Geek

#469304 15-May-2011 15:06

GeoffisPure: The attraction of servage was basically unlimited storage, unlimited traffic, unlimited domains....

There is no such thing as unlimited...

dman

946 posts

Ultimate Geek

#469321 15-May-2011 15:51

GeoffisPure: The attraction of servage was basically unlimited storage, unlimited traffic, unlimited domains....

everybody knows that is just marketing nonsense, they'll have "fair use" clauses or similar

and as soon as you hit any kind of usage above quite moderate usage they'll kick you off.

AND/OR

They pack their servers loaded up with lots of people exploiting these "cheap deals" to the point it becomes unworkable, because sure you might have unlimited traffic in theory but the speed becomes so terribly slow that in practise it worse than if you'd gone with somebody else.

Additionally do you really need such features as unlimited storage for instance? Unless you're trying to store all of mankind's knowledge in one place then I doubt it. Most average websites only require a fraction of a single gigabyte.

https://www.youtube.com/c/SoundSpeeding

mattwnz

19380 posts

Uber Geek

#469323 15-May-2011 15:58

dman:
GeoffisPure: The attraction of servage was basically unlimited storage, unlimited traffic, unlimited domains....

everybody knows that is just marketing nonsense, they'll have "fair use" clauses or similar

and as soon as you hit any kind of usage above quite moderate usage they'll kick you off.

AND/OR

They pack their servers loaded up with lots of people exploiting these "cheap deals" to the point it becomes unworkable, because sure you might have unlimited traffic in theory but the speed becomes so terribly slow that in practise it worse than if you'd gone with somebody else.

Additionally do you really need such features as unlimited storage for instance? Unless you're trying to store all of mankind's knowledge in one place then I doubt it. Most average websites only require a fraction of a single gigabyte.

Absolutely right. I think you are best to get dedicated quotas, so at least you know what you are getting. But even then there are many companies that oversell. Most websites do use very little in the way of diskspace and traffic anyway, and if you need that diskspace for email, you are best to use Gmail for your email, which provdes GB's of data on a very reliable network at no cost.

puttitat

11 posts

Geek
Inactive user

#469430 15-May-2011 22:47

Well, Servage is quite a lot faster than HostGator when you live in the EU. HostGator responds with 150ms ping, where Servage clocks in at 47 ms.

There is no doubt that HostGater is faster in the US (or what?) than Servage, but for EU customers, Servage is the place to be hosted.

I got the same email as the one posted in here, and when you contact them after you see over 1000 files of yours has been compromised, it is YOUR problem to get them fixed, and that is editing the files MANUALLY in a text editor and reuploading.

That is one sucky task to do!

ChrisR

16 posts

Geek

#469435 15-May-2011 22:58

Servage have been very good for us in terms of up-time and speed and it seems like they have closed the FTP-brute-force-attack problem but not necessarily in a way that I would do it. Their system disables the attacked FTP account - pushing the responsibility onto the customer, while I would have just slowed down any attacker that fails a login 3 times and reported the attacker to the customer.

Also, their lack of a backup system is worrying because I believe that all hosts should archive the customer's sites on a daily basis and allow them to revert the site, databases & settings if they have to recover from a hack. It's just lucky that the hacker didn't delete the whole site. Most people can recover their scripts and the site structure easily but databases and uploaded files are much harder to keep backed up if you only have an FTP client to do it with.

puttitat

11 posts

Geek
Inactive user

#469438 15-May-2011 23:02

It is not the hosting providers task to provide backup. As the end user, it's just a single click to backup your MySQL databases.

Nevertheless, the log ons were done with the correct username and password the first time, maybe they used an exploit in WordPress to get the usernames and passwords, who knows.

ChrisR

16 posts

Geek

#469448 16-May-2011 00:23

puttitat: It is not the hosting providers task to provide backup. As the end user, it's just a single click to backup your MySQL databases.

Nevertheless, the log ons were done with the correct username and password the first time, maybe they used an exploit in WordPress to get the usernames and passwords, who knows.

Yes, but any provider that uses CPanelX has been offering customers a backup that backs up all
files, databases and hosting settings with 1 click. The host I use for my own personal sites cost
me $70/year and they do an automatic backup daily. I think it is fair to expect the customer to
decide which level of backup to do and to configure backups but I believe that the host should
provide a better system than "you must use an FTP client". If you have GBs of data to copy this
just isn't a realistic option for commercial sites, in my opinion.

If you read up in the thread you'll see that WordPress has been ruled out as the point of entry
and it seems to have been a brute-force attack on the FTP server.

mattwnz

19380 posts

Uber Geek

#469449 16-May-2011 00:32

ChrisR:

Yes, but any provider that uses CPanelX has been offering customers a backup that backs up all
files, databases and hosting settings with 1 click. The host I use for my own personal sites cost
me $70/year and they do an automatic backup daily. I think it is fair to expect the customer to
decide which level of backup to do and to configure backups but I believe that the host should
provide a better system than "you must use an FTP client". If you have GBs of data to copy this
just isn't a realistic option for commercial sites, in my opinion.

If you read up in the thread you'll see that WordPress has been ruled out as the point of entry
and it seems to have been a brute-force attack on the FTP server.

When you do your research on a web host, you look what their backup systems are, and whether you want to go with one that has a decent backup system, or you want to fully manage all the backups yourself (usually the cheaper option). Just a daily back in my opinion is not much use, as it might take you a few days to find that there is a problem, and by that time it will already be overwritten. Also some will charge you a huge fee to restore data from backups, while some charge very little or will do it for free.

puttitat

11 posts

Geek
Inactive user

#469450 16-May-2011 00:33

Brute force, yeah right.

My password was a random selection of characters:

17 characters long:

1 special character
2 numbers
1 uppercase character
and the rest lowercase. NO WORDS USED, it was complete nonsense!

So nope, it wasn't brute force... It would take too long for my password to be "guessed".

michaelmurfy

cat
12224 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#469456 16-May-2011 01:14

I hear about this sort of thing all the time with Shared Hosting Providers and all I can say is if it's a important site avoid them like the plague. I would recommend grabbing a Virtual Server which gives you control over the whole server at a affordable rate. My site has been hosted on one for years + I am also hosting a few high traffic websites without issues.

It may be more work, but it's totally worth it. The 2 Virtual Server providers I recommend are Unleash and Linode - While Unleash might be a tad more expensive since it's hosted in NZ the staff are very knowledgeable and the servers are fast. Linode is about the same, the staff are always there to help you out + the servers are fast, the only downside is they are hosted in America but I do find that the speeds are excellent netherless - Both of these providers offer free native IPv6 too ;)

If you can afford $20US per month to host your site, go Virtual! I am sure you have a friend that can help you out in exchange for you hosting their site too ;)

Michael Murphy | https://murfy.nz
Referral Links: Tessie | Tesla | Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

ChrisR

16 posts

Geek

#469460 16-May-2011 01:49

puttitat: Brute force, yeah right.

My password was a random selection of characters:

17 characters long:

1 special character
2 numbers
1 uppercase character
and the rest lowercase. NO WORDS USED, it was complete nonsense!

So nope, it wasn't brute force... It would take too long for my password to be "guessed".

That's pretty convincing ... what did Servage say when you pressed them on how that password could have been cracked?

puttitat

11 posts

Geek
Inactive user

#469461 16-May-2011 02:10

ChrisR:
That's pretty convincing ... what did Servage say when you pressed them on how that password could have been cracked?

Servage Support:

Hello Troels,

We are sorry for the incident. And, no, we don\'t have back ups. But, also, please understand that Servage is not in charge if FTP accounts are hacked. The user is in charge for using long and elaborated passwords and to change the passwords from time to time to increase the security.

We ask you to clean the application from malicious code and to secure your account. Thank you.

Kind Regards
Helge, Support
Servage Hosting

Please do laugh out loud! That must be a joke.

Can you guys recommend some Virtual Server host in the EU? I live i Denmark, so NZ / US servers are out of the question.

1 | 2 | 3 | 4 | 5