are they good?
how about hosturbo.com ??

Originally posted by hessan
are they good?
how about hosturbo.com ??

Hi,

While waiting for others to comment on your listed two hosts... you can do a search about them on this forum.

nuke.to -> Search Result (http://www.webhostingtalk.com/search.php?s=&action=showresults&searchid=160192&sortby=lastpost&sortorder=descending)

hosturbo.com -> Search Result (http://www.webhostingtalk.com/search.php?s=&action=showresults&searchid=160194&sortby=lastpost&sortorder=descending)

Hope this helps ;)

Cheers!

Regards,
Choon

Hosturbo has been excellent for me. I have their basic plan and so far uptime and server speed is perfect. I can't comment on their support since I haven't needed it yet (they did setup my account within hours though).

Good luck!

about hosturbo, i don't know, but about nuke.to , I suggest you consider my case:

Here (http://www.nuke.to/forum/showthread.php?s=&threadid=190) and Here (http://www.nuke.to/forum/showthread.php?s=&threadid=176)

I don't know how can the root pass can be in my bash , or they just lied . But anyway, you can be deleted you files (database) without warning ...

I saw your .bash_history ... the ln command is not an offending command, indeed ... but I am worry about the su command ... Why did you try to do that?

cheers,
:beer:

Originally posted by dektong
I saw your .bash_history ... the ln command is not an offending command, indeed ... but I am worry about the su command ... Why did you try to do that?

cheers,
:beer:

By reading the two given threads from WebUser...

This is just my thoughts...

Maybe WebUser is trying to become root and try a guessed password then surpricingly the guessed password is the right password :rolleyes:

or

Maybe someone logged into WebUser's account (can be WebUser's friend that WebUser give his/her account password) and try to become root with the correct guessed password :rolleyes:

If I can do that correct guess... I better go and buy some 4-D (just kidding) :D

Honestly, I don't even dare to try this on my account... meaning su (all by itself)... any attempt on this command might get my account terminated without advance notice or refund regardless whether my attempt is successful or not. :(

By the way, I hope you have found your ideal host by now WebUser :)

Cheers!

Choon

Just a guess.... But to maybe help WebUser's case:

If root would have su'd to your account, to either alter your files, for some reason, and didn't want to mess up your file permissions, and then su'ed back, the su would show up in your .bash_history.... Now why a sysadmin wouldn't own up to this is beyond me, unless he was doing something he wasn't supposed too.....

Indeed, I don't know where's that su command from (I even don't know what su command can do) . All my telnet commands I know just for uploading, downloading , mysql import/export ... That's all . And besides, if I wanted to hack, then I wouldn't waste my money on that test . I just needed to sign up 1 month (I paid them for the whole year) .

Besides, if I wanted to become root (supposed I did a hack, and knew how to hack) , then I wouldn't let that bash history there . Until now, I still don't know where that command su from (for sure my friend and I didn't do it ) . We don't have enough knowledge and skill for hacking (we are new on web) .

You said it's easy to guess a root pass? Man, it's more harder than to win a super lotto . You have 1/1M chance to win, but you have 1/M of M of M... chance to get a right root pass (and this is at the first time? . :mad: :stickout )

Maybe you won't believe me . But that's true . We don't have that ability .
btw, what's that su can do? Can any of you explain it for me?

My friend and I, because don't know what's the real reason, so just guess this : because they thought we were hosting company (at that time, we display webhosting button on our front page) , so maybe they thought we are a webhosting company . We have nothing else to guess the real reason , because , we even didn't know anything about it . I just knew the account got deleted after uploading all mysql database to nuke.to the first day , and the second day, they got deleted .

We are happy with aletia.com now .

Hi WebUser,

Originally posted by WebUser
Indeed, I don't know where's that su command from (I even don't know what su command can do) . All my telnet commands I know just for uploading, downloading , mysql import/export ... That's all . And besides, if I wanted to hack, then I wouldn't waste my money on that test . I just needed to sign up 1 month (I paid them for the whole year) .

Read this page for more information (http://www.redhat.com/docs/manuals/linux/RHL-6.2-Manual/getting-started-guide/s1-basics-bootdisk.html)

Besides, if I wanted to become root (supposed I did a hack, and knew how to hack) , then I wouldn't let that bash history there . Until now, I still don't know where that command su from (for sure my friend and I didn't do it ) . We don't have enough knowledge and skill for hacking (we are new on web) .

That's logical ;)

You said it's easy to guess a root pass? Man, it's more harder than to win a super lotto . You have 1/1M chance to win, but you have 1/M of M of M... chance to get a right root pass (and this is at the first time? . :mad: :stickout )

Nope... I NEVER said it is easy or otherwise I won't made such a comment of rather going to buy a 4-D :D

And for The Prohacker guess might be one of the possibilities ;)

WebUser, this is just personal thoughts and nothing against you. If I do offended you in any means, many apologies :(

Cheers!

Regards,
Choon

No, choon
You misunderstand me . I don't have any other thought or madness, or anger with what you said . It's just opinion and discussion about that, and that's all . :D :) If my words make you misunderstand , then I appologize for those .

Originally posted by WebUser
Indeed, I don't know where's that su command from (I even don't know what su command can do) .
<cut>

Maybe you won't believe me . But that's true . We don't have that ability . btw, what's that su can do? Can any of you explain it for me?

One possible scenario ... The root can login into your account using "su your_account_name" and the root then will become "you" without the need to know your shell password. Then the root (which is now 'you') may try to get the root access again. It can simply just type 'exit' or type "su " again ... If this scenario happens, then the whole process will be recorded into your .bash_history without you actually type it.

Anyway, 'su' stands for "switch user". You can try to switch to another user's ID if you know the other user's ID password (root can bypass this).

cheers,
:beer:


Hm... I am just repeating what prohacker just said ... ;)

Originally posted by WebUser
about hosturbo, i don't know, but about nuke.to , I suggest you consider my case:

Here (http://www.nuke.to/forum/showthread.php?s=&threadid=190) and Here (http://www.nuke.to/forum/showthread.php?s=&threadid=176)

I don't know how can the root pass can be in my bash , or they just lied . But anyway, you can be deleted you files (database) without warning ...


My question is: how did someone (you or else) get their root password??

Err... I think I better stop discussing WebUser's case in this thread or otherwise this is not really fair for the thread starter and I think this is a little off-topic :stickout

I better stop here before the moderators *kick* my butt :D

Sorry hessan ;)

Regards,
Choon

My question is: how did someone (you or else) get their root password??

My friend and I didn't know or have it until they deleted our account and said that . And you know, they never give it to us or anyone. Then what the hell we got it from ? At least, suppose we know that su command, we had to have that root pass before , right ? And this can't be happened if they didn't give it to us .

So , logically, we weren't the one at fault . Once they didn't give us the root pass, then how could we know it ? Alot of questions I still wonder until now , and the main one is : what really happened ?

Even someone else knew our password , and had good skill on hacking network , if they can hack their server , it means that their system isn't safe at all .

Anyway, nothing for me to do with them any more. But until now, we still don't accept and have good feeling when they said we hacked their system . Because we know that "We don't have that knowledge".

Originally posted by WebUser


My friend and I didn't know or have it until they deleted our account and said that . And you know, they never give it to us or anyone. Then what the hell we got it from ? At least, suppose we know that su command, we had to have that root pass before , right ? And this can't be happened if they didn't give it to us .

So , logically, we weren't the one at fault . Once they didn't give us the root pass, then how could we know it ? Alot of questions I still wonder until now , and the main one is : what really happened ?

Even someone else knew our password , and had good skill on hacking network , if they can hack their server , it means that their system isn't safe at all .

Anyway, nothing for me to do with them any more. But until now, we still don't accept and have good feeling when they said we hacked their system . Because we know that "We don't have that knowledge".


Did they provide you the login logs?? With IPs and timestamps.

No, they just said that we hacked, and when we asked for proof, they just gave that bash . That's all . They deleted our account that we didn't know . The first time I tried to logon , it said wrong pass or username , I thought it was my friend to change the pass . After trying some times without success , I tried to go to our website and saw that it disappeared . Then I asked them what happened to our account and got answer that they deleted the account because we hacked their system . I'm sure that my friend and I didn't have that knowledge (we are just new students at web) so I asked them to check again , and all of their team ran over us by that damn reason .

First , we thought that maybe the real reason they deleted our account because the upload/download bandwidth . Later they said that wasn't the reason, we guessed that maybe they thought we are a hosting company (because we put a hosting button on the index page to redirect to a hosting company) . And until now we still guess .

You know , even we know that su command (while we didn't, indeed) , we still couldn't get the root pass (how come? we are not the god) with just that (if we could get the rootpass just by a command like that, I'm sure this world has more than 1 millions hackers) . So today, I know what that command can do, we think that, maybe one of their tech logon to our account with the rootpass , by pass that , and the bash file just recorded that .

still a myth . man .

We are operating a honest webhosting business. We are a very very small compared to many other webhosting company.

I just don't understand why the fuss is about. 1 of our tech guys have found that he hack the system. I check with interserver.net who confirm that indeed it been hacked by him.

What did I do? I return him full refund the very next day. Not only he seem to annoyed, he accuse us of kicking him out because he uses so much bandwidth for a day.

We never kicked any of our client even if they used their full allocated bandwidth tranfers. His is the first and he's only with us for about a day.

I guess he feel sad that he can't find any other host that willing
to offer him that much bandwidth for the sum he's paying.

W.

You are dumb, webbie,
Our website just uses about 2-3 gig bandwidth (or less than that, never reach 5 ) every month, and we don't need much (just take a lood at your offer, is that unlimited?) . That's one of alot of reasons we left hostrocket for it because we don't want to waste money for the bandwidth we never use . Because we know for sure that, within 1 year, we won't touch that 10gig , that's why we chose you for a cheap host . A lot of hosts here offer arround 25, 30/year and our website fix what they offer (arround 5gig) but we didn't choose, because we didn't feel stable with them . We don't have much time to design our website, that's why it still has the basic things after we hosted with hostrocket a long time . You are wrong when saying that we need bandwidth so much .
Right now, after a half of month at aletia.com , we just still reach 1.2gig bandwidth .

We came to your host, because we felt that , with a small of customers, we would have a better support and uptime. But ... We don't waste money just for doing that stupid thing (sure you think we are stupid to waste our money just for one command in case you didn't return money back?) . Even the dumbest ass wouldn't pay you a whole year just for 1 command , ok ? And if we wanted to hack your system (if we had that much ability), then we did a hack (wonder if there is a stupid guy on this word that has the root pass by paying a whole year of hosting and doing nothing harm to your server). If you are dumb, it's your part, but don't think other people having the same problem like yours .

I don't know about other people, but with me, if I know how to hack, and if I had the root pass , for sure your system was down and harmed . But nothing happened . The bash file you showed that, just a su command. And that's all. Nothing else . Does that worth for a hack?

Next time, if you have that problem, I suggest you kept the log for time, ip.... and every information . Don't blame on the innocent ok? Let me ask you . If I give you one telnet account , can you get the root pass by just using that command ? If you say yes, maybe it's our fault (damn, I just learn what that command can do and result today) .

Interserver.net recommended that your account be terminated.

Since we leased the server from them and we don't see how a company with about 120 server would recommend this unless they are completely sure that you did hack into our system, we decided to terminate your account.

W.

IMHO

i'm hosting an account with nuke.to right now. the web site is on the "www" link of my post. so no i'm just a happy customer.

but i just wanna say that, I've never met any company that deals so willingly and easily with its customers. webbie and co. just recently experienced a slight bit of downtime.

and for that: EVERY customer who bore through with them was awarded a whole extra Gig of Bandwidth for free per month!

On top of that, webbie is giving you your FULL refund back. IMHO, if i were you, i'd just take my money and stop complaining.

I don't know of many companies who would give a full refund willingly for what was or could have been or could not have been (who knows) a hack attempt.

All i know is that you do a search in these forums and you'll see that a lot a lot a lot of companies would just rather terminate your account, delete your files, and give you a "pink slip" without so much as a cent back. On top of that, they'd probably charge your credit card again and again like CIJoke for months to come afterwards.

Massive ,
1 . Ok, let me ask you . If you just type (1 time for me as they said, but I can give you 1000 times) the su command, and you get the root pass ? If you say yes, I have no idea if it's right or wrong (because I don't know about networking much and just know some basic commands to do for website) , but people will know . Just answer me .

2. The bash file showed that only 1 time . This means that, we knew the root pass ( suppose we did that hack) . Then, who gave it to us ? And are they willing to give it to anyone else ? Answer this question for me .

3. The problem isn't about the money . It's about the responsibility . So you just want only nuke.to customers can talk about them, and no one can ? Then what's the aim of this forum ? Man, are you ok <edit> ? If they charge us again and again , I'm sure they will get trouble . We are just new students and major at business, so , just taking a look at our learning background about the web, 100% (I'm sure) people will know who are at fault . We make website for fun , not for business . If we did, we wouldn't say anything . But if what we didn't do, we won't accept with what people claim on us . Are you ready to stand with what people talk about you while you don't do anything ? If we did that hack, we are not stupid to bring it here for you and other people to know . Understood ? With us, everything should be in the sun .

Anyway, because you don't even know anything, so I understand what you say . He gave us back the money, it shows he's nice . But, you can't say a nice person can't be at fault .

Btw, this forum is webhostingtalk, ok? People can talk about any host . why people slag small hosting companies so often for small mistakes i have no clue. If you have no clue, then please don't say that .

:cool: be cool. chill. take a chill pill.

Just from what I read in the posts, I would bet a buffalo nickel that one of nuke.to's admins logged in to test the account and then su'd over to root.

The .bash_history shows the 'ln' commands he ran. Now from what it sounds like he is not very well-versed in shell, and simply closed his window rather than knowing to type "exit" or just simply forgot. Next, the sysadmin does a full login session to test his account and password. Then he su's over to root.

Completely explains the log. Could he have hacked? Sure, but I would say this is very weak evidence by itself. I bet IP logs would show the SU request coming from an admin's IP... or the logs will show it is definitely WebUser.

My explanation shows the .bash_history alone is completely worthless for conclusive evidence and that there was no security breach at all. (Except the sysadmin put the root password in the plaintext, easy-readable .bash_history... Always prompt for password, right?)

Oh man, now I'm sure this is the only thing that can explain that weird case. That log showed the ln commands that were done by me . I remember that after doing those ln commands , I upload my database using ftp (it's faster for me than doing by telnet) , and I left the comp like that . My habbit is never type Exit after being done with telnet , but just simply close the SecureSRT program (do we need to type exit before closing it?) .

For sure that damn admin log in to check my files . And they blame on us .
Now from what it sounds like he is not very well-versed in shell, and simply closed his window rather than knowing to type "exit" or just simply forgot.

You are right, I just knew using some shell commands from my friends (before I just use ftp to do it) . Like with the ln command on the admin folder, I did type 2 times (because I didn't know if it right or wrong) .

If they check the IP logs, and they agree, I want my buffalo nickel.

But it's bad they deleted , and their dumb head just blame on us for that .

poor hessan, the starter of the thread. this has gotten a bit off topic hasn't it. i hope that you find what you're looking for.