Haya

I have 3 reseller accounts on mchost.com but I have no way but to leave them.

A few days ago lasvegas server was down for about 14 hours and data were at risk.

Yesterday chicago crashed by a hacker (as mchost tells) and very interesting, all customer, mysql, account, email datas are gone.

No one knows how many sites have lost everything. Someone told on board that his 12M Mysql database is gone and he has lost weeks of eforts of users and owners. Hundreds of other websites are gone.

They have told in their TOS that they have backup of all data but now they say backups were on another hard disk on the same computer and backup is gone as well.

Some of the resellers have more than 100 websites all gone. (I estimate that something about 500 websites are gone)

Painful , isn't it. How we can rebuild our reputation?

I will leave as soon as possible as it seems they are not responsible hosts despite of things I read here before purchasing my reseller account.

People , be aware. Think twice before chosing them. They will say you that you are responsible yourself as you have not backed up your customer accounts, mysql and mails of your customers one by one


One may think so what are those tape backups etc on the market.


Two servers in a week.

People think twice before going with them.

Reseller.

Hello-

I'm sorry to hear of your problems--and the other resellers' problems. Have you decided what you are going to do?

-Lamar

Not sure anything woulda really helped McHost in this situation, even if using tape backups or not.

What woulda really helped them................................Not offerring SSH / Telnet out of the blue like they have been.

Because of what I heard, I urged Darkorb to implement the new ssh security feature which requires a host to checkmark if a reseller has authoriz. to setup a reseller which can offer SSH

We also changed our policy and removed all current customers SSH access and changed our policies to a temporary, per customer, per need basis.

Because of what I heard, I urged Darkorb to implement the new ssh security feature which requires a host to checkmark if a reseller has authoriz. to setup a reseller which can offer SSH

We also changed our policy and removed all current customers SSH access and changed our policies to a temporary, per customer, per need basis. [/B]

Yeah, I know what you mean. We give shell access to our resellers, but everyone else has to send the photo ID. We've noticed that those who actually need shell do not have a problem with the red tape. We disabled straight telnet all together.

-Lamar

What has happened is bad there's no two ways about it but is it really all Mchost's fault?
You complain that they have not done sensible backups but have YOU?
When you signed up you read the TOS (you did read it didn't you?) which CLEARLY states that backup of data is YOUR responsibility.
If YOU didn't backup YOUR data, whose responsibility is that - you have learned a hard lesson but don't pass the buck and endeavour to commercially damage Mchost because of YOUR failure to take proper precautions with YOUR data. :mad:

MCHost's policy on SSH (as I was told by Kiwi) is to let resellers assign it to customer of a per need basis (reseller has to send in a support ticket to activate SSh on an account).

MCHost hold the reseller responsible for SSH, and the resller in turn passes on the wrath to the client.

I have 3 reseller accounts on mchost.com but I have no way but to leave them.

I am sorry for what happened and i would just like to say that its not been easy for us either. Most staff members have been working on helping clients recover for over 30 hours, but i understand your decision, if you need any help transferring your sites, please let me know.

A few days ago lasvegas server was down for about 14 hours and data were at risk.

There was a software failure and the system was virtually inaccessible. We wanted to make sure the data is safe before restoring the machine, which unfortunately takes quite some time with only 5% of the system functioning.

Yesterday chicago crashed by a hacker (as mchost tells) and very interesting, all customer, mysql, account, email datas are gone.

Correct. We are not the first company this has happened to, not the only one and not the last one. There is no company or server that is 100% secure from hackers. The WhiteHouse isn't, the Pentagon isn't and NASA isn't either. We are, however, implementing additional security measures to prevent someone from rm -rf'ing the backup data.

One may think so what are those tape backups etc on the market.

With what happened yesterday, it was definately an attack from a malicious user on trying to delete all data from the server - tape backups would have slowed down the process, but not stopped it.

We are a hosting company, not a backup storage. We do offer backups and did our best in recovering as much as possible. We have contacted the FBI about this issue and will give them access to all the evidence we have in order to track down those responsible. If you have not yet done so, please request a refund at our helpdesk.

I am deeply sorry about the problems you just encountered. Seems success and visibility have a high price in making one a target sometimes.

I also reiterate to everyone....all webmasters....all customers....once again....BACKUP YOUR OWN SITE IN ADDITION TO ANYTHING THE HOST IS DOING.

I know you expect hosts backups to be usable and accessible, but I hear the following and find them incongruous.

1-I had no backup-depended on the host
2-I lost hundreds of hours of work and huge amounts of money.

Insure yourself with your own backup. If your data is precious, protect it as such. I can't say it often enough. And, I'm not trying to excuse any host, just saying take out insurance by doing your own backup.

Again, very sorry to hear about McHost's problems and extremely sympathetic to the problems of the resellers and customers. It makes us all take pause and readdress our security and backup.

I also wonder if this is a little like automobile safety. Everyone wanted it, but no one was willing to pay until the government stepped in. I ask all now, "What are you willing to pay?" for extended firewall protection and off-site backup if they are made available.

Originally posted by grandad
What has happened is bad there's no two ways about it but is it really all Mchost's fault?
You complain that they have not done sensible backups but have YOU?
When you signed up you read the TOS (you did read it didn't you?) which CLEARLY states that backup of data is YOUR responsibility.
If YOU didn't backup YOUR data, whose responsibility is that - you have learned a hard lesson but don't pass the buck and endeavour to commercially damage Mchost because of YOUR failure to take proper precautions with YOUR data. :mad:

How I am supposed to backup customer accounts when they have changed their passwords? How a reseller can do this?

How can I backup more than a hundred sites one by one manually? While they can do this by a tape schadule?

Is it possible to backup say 60 customer's MySQL databases? (for example if some have 2-3 or even 5 databases) again I do not have password for customers.

What about emails? Passwords of emails? Hosting accounts? Can I backup account settings? Mail passwords?

These all need root access and a backup tape or other backup equipmnt.

So it is not possible for a reseller to have backup of sites. A customer has paid for being sure of backups. It is not his work to backup his Mysql and mails everyday. Hosting company receives money for these.

And how a reseller can pay for so many loses?

Resellerhost,

Just a thought:
A tape backup solution costs money. Not only for the drive and media itself but also for the space (usually you need a bigger case which costs monthly in the noc) and for someone rotating tapes.
If more customers would ask for such a feature and are willing to pay a higher price more hosts would implement tape backup.

Having the latest kernals helps as well ;)

I repeat, each person is responsible for THEIR OWN DATA - You are responsible for yours and your customers are responsible for theirs.
Granted, some things may inevitably be lost but the lesson of backing up is so basic, it is amazing that so frequently supposed professional data users just do not do it and get caught out by their own neglect - just like you have.

It is YOUR responsibility to backup YOUR data - the buck stops there ... with you ... at your computer. If you cannot take care of YOUR data, what are you doing in business based on data?

Your hosting company is just that, a place to host your sites - it is not a data bank.

Ultimately, as a reseller, I have to answer to my clients. So in the end, it's my bacon on the line. That's why I make local copies of my client's sites, including dbs. I wouldn't be able to sleep otherwise.

Originally posted by grandad
I repeat, each person is responsible for THEIR OWN DATA - You are responsible for yours and your customers are responsible for theirs.
Granted, some things may inevitably be lost but the lesson of backing up is so basic, it is amazing that so frequently supposed professional data users just do not do it and get caught out by their own neglect - just like you have.

It is YOUR responsibility to backup YOUR data - the buck stops there ... with you ... at your computer. If you cannot take care of YOUR data, what are you doing in business based on data?

Your hosting company is just that, a place to host your sites - it is not a data bank.

He said he did not have access to back up all the data..did you not read what he said! So where does the buck stop then!

Its the end users responsbility, no matter if they are a customer of a host or a reseller...thats where the buck stops.

Nothing McHost coulda done in this situation, plain and simple. If someone is out to hack your system, they will spend hours if not days or weeks trying to gain access on way or another.

Its the end users responsbility not the hosts

Yes I read his post.
I said "..."Granted, some things may inevitably be lost" and that will always be the case.
If he can't backup because he doesn't have customers passwords etc, or the means to do so, why did he take that responsibility on himself?
Why did he not ensure that each customer knew that that was their responsibility?
If he claimed to be able to ensure the safety of his customers data and could not do so has he not been fraudulent in the service he offers?
Why do you think that hosting companies include a statement regarding backup responsibilities in their TOS?

I repeat it is each persons responsibility to backup their own data - it is the easiest thing in the world to blame someone else for your own failures.

Kiwi,

Sorry to hear about your troubles.

All I can say to McHost customers is I'm sure they are doing their best to resolve the matter. I went through recent downtime with SplashHost due to malicious attacks and while frustrating, all I can say is no one right now wants to make you happier more than your host.

A tape backup vs. a hard drive backup in a situation like this likely would have made little difference. Since it was a deliberate hack rather than a machine or hardware failure, the tape would have likely been wiped as well. And as someone else pointed out, rotating/taking tapes off site isn't always practical/possible when someone else hosts your machines.

The best thing any host or reseller can do is familiarize his or her clients with the backup option! Cpanel makes this fairly easy for customers and phpMyAdmin can dump mySQL databases relatively easily as well... show your clients and put the monkey on their back.

What is this thread going to solve.

MCHost is vigilant and predictable. They honestly care.

Every host has experienced this and can happen to anyone with a dedicated box with shared type accounts.

This poster is obviously upset but nothing is gained by attacking a premiere host with such a negative thread.

How many hosts actually joke with you on their helpdesk, or forums consistently.

I have sent several people to MCHost, and will continue to, know why? They rock.

Yes, I would also have to take MChost's side on this one. I personally knew Marc Wyss from a couple of years ago and he was a nice guy then, and he still is. Just remember, NO server can be completely immuned to hackers, viruses ect.

NO server can be completely immuned to hackers, viruses ect


just turn it off :D

Originally posted by SplashHost.com


just turn it off :D


That is a highly progressive comment! lol

Originally posted by SimonMc


He said he did not have access to back up all the data..did you not read what he said! So where does the buck stop then!

What he was trying to say is that it is the customer's responisiblity to backup his own data BUT it is also our responsibility as a reseller to advice and remind our clients to backup their data.

I think that the whole thing has tought us all that it is very important to backup everything.

In relation to Marc and Mchost:

"I am sure that they will implement an efficient backup policy to prevent things like this from happening in the future."

BTW: This sort of things happens on a daily basis around the world but at least Mchost are very open about it.



:cartman: :cartman: :cartman: ;)

Tape backups rotated weekly with unmounted hidden partitions works great to backup data. If they had a week old tape of user's data, not that big a deal, some recent stuff lost, but 90%+ recoverable.

It may be the user's repsonsibility to have backups, but the host should have in place recovery measures such as this to prevent total loss of data.

Everyone says it costs the host more money...duh! Security does cost. "You get what you pay for" comes to mind, but the addage "Charge high enough prices to cover these expenses" also rings true.

Just my measely two cents as an outsider looking in, playing armchair quarterback, from the back seat.

John C.

I was wondering how this happened - someone logged in via Telnet/SSH and gained root access, and deleted stuff? Was this related to the management system they use?

Looking at things from a user's point of view, Telnet/SSH is useful when performing mySQL related tasks such as dumps and importing a file full of SQL queries into the db, so I'd be disappointed if my host suddenly stopped offering this.

Now, looking at things from a provider's point of view, the less vulerabilities the better - if people need Telnet/SSH, they can get temporary access.

We should try to figure out how to better secure / backup our systems before we start reducing the features we offer...

TM

Originally posted by TheMatrix
I was wondering how this happened - someone logged in via Telnet/SSH and gained root access, and deleted stuff? Was this related to the management system they use?

Looking at things from a user's point of view, Telnet/SSH is useful when performing mySQL related tasks such as dumps and importing a file full of SQL queries into the db, so I'd be disappointed if my host suddenly stopped offering this.

Now, looking at things from a provider's point of view, the less vulerabilities the better - if people need Telnet/SSH, they can get temporary access.

We should try to figure out how to better secure / backup our systems before we start reducing the features we offer...

TM

There was a vulnerability found recently in SSH that made it possible for a normal user to get access to files that normally only root could. This might have been the cause. MCHost, may not have gotten around to upgrading that server in time.

I don't know the cause myself. Im just guessing.

Hmm... I'd go off on my own trying to find a patch for it, but I think it'd be beneficial for me to ask here so others may learn of it.

When was this discovered, and what can I do to patch my server?

Thanks.

TM

http://www.webhostingtalk.com/showthread.php?threadid=38991

Couple of things...

1. Don't know if anyone else noticed but whoever it was who started this thread is just a troll.. Pure and simple! I mean, c'mon... starting a new ID just to slate MCHost. Hardly very upstanding of them :eek:

2. What people don't appear to realise is that MCHost managed to stop the hacker repeating his attack on a series of other servers. By all accounts they were setup to blow a large number of the servers apart. So credit where it's due please.

3. The attack appears to have been very much waiting in the wings and whoever they are is definitely out to target MCHost. From all accounts the perpetrator was sitting pretty with things ready to roll, waiting for just such an opportunity as the SSH hole to arise and then strike. So in those circumstances we were damned lucky that they didn't get further.


All in all I've gotta say that MCHost did bloody well to manage and whilst things could have been done better (backups,etc..), what will be the telling point is if any future attacks are handled better (and I imagine there will be until someone(s) is/are locked away) .


Also with regard to this...A customer has paid for being sure of backups. It is not his work to backup his Mysql and mails everyday. Hosting company receives money for these.....point about clients paying extra for backup services... Where exactly does it say that in MCHost terms and Conditions? It's certainly not offered as a service. AUP clearly states that end users are responsible for their own data backups.

If you were offering that service and people were paying you for it as an extra, then I believe you were in breach of your contract with your clients because you blatantly weren't providing it...

Enough said I feel...

Originally posted by Walter
Just a thought:
A tape backup solution costs money. Not only for the drive and media itself but also for the space (usually you need a bigger case which costs monthly in the noc) and for someone rotating tapes.
If more customers would ask for such a feature and are willing to pay a higher price more hosts would implement tape backup.

As an example, Cable & Wireless hosting centers charge an additional $300/month per server for tape back-ups and storage. And still, from my experience, it's not always done.

Originally posted by WebSnail.net
3. The attack appears to have been very much waiting in the wings and whoever they are is definitely out to target MCHost. From all accounts the perpetrator was sitting pretty with things ready to roll, waiting for just such an opportunity as the SSH hole to arise and then strike. So in those circumstances we were damned lucky that they didn't get further.

That's what 'hackers' do (if you can call them that..).

Serious hosting companies employ security admins to stop these. I bet that McHost doesn't even have a single full-time security admin - as in a hacker, but playing for the good side. When did McHost do their last complete security audit?

Most of you are so quick to trash the person who started this thread. Why? because Marc is known to be a friendly person who does his company's PR very well. So what? This whole ordeal could have been prevented. I am sure of it.

This guy probably lost his reputation. His business is kaput. Other people's companies are kaput. Why is mchost so 'right' ? They could have done more to prevent something like this from happening, and they SHOULD have. Nuff said.

Originally posted by papillon


That's what 'hackers' do (if you can call them that..).

Serious hosting companies employ security admins to stop these. I bet that McHost doesn't even have a single full-time security admin - as in a hacker, but playing for the good side. When did McHost do their last complete security audit?




I'd be willing to bet the majority of hosting companies don't have full time security admins.

am I wrong? If so - I stand corrected.

-neil

Originally posted by papillon
Serious hosting companies employ security admins to stop these. I bet that McHost doesn't even have a single full-time security admin - as in a hacker, but playing for the good side. When did McHost do their last complete security audit?Excuse me for pointing this out but how many "serious" hosting companies are there on these boards who don't have a full time security admin.. Around 90-95% I'll wager.
Most of you are so quick to trash the person who started this thread. Why? Because he was blatantly a coward who had registered specifically a new Identity for the purpose of slamming MCHost... I'd say there's a 90% certainty that were Chicken to do search on the IP and compare it to other IP's used by members then there'd be a match. It had absolutely NOTHING to do with Marc's personality or otherwise. If he'd been open, honest and up front Marc would be trying to alleviate the problem and/or compensate him.

I believe in the past many members on these forums have made the point that without proving your case ie: by providing your URL, account name, etc... that you could be a cat with exquisite typing skills for all anyone knows... I've seen nothing that constitutes that the original poster was even a genuine customer beyond the fact that he posted what happened to Chicago. Who's to say it's not a competitor just trying to cash in... Who's to say it isn't you, me or someone else...
This whole ordeal could have been prevented. I am sure of it.As I've already noted, lessons were no doubt learned and in hindsight it's easy to start posing "what if's"... Anyone can play armchair quarterback.
This guy probably lost his reputation. His business is kaput. Other people's companies are kaput. Why is mchost so 'right' ? I think we agree that MChost has been damaged, but kaput? I doubt it... even if the person responsible for attacking the servers has succeeded in doing serious damage.


At the end of the day, yes things could, in view of events, have been done... BUT, how many hosting services have suffered similar setbacks or worse on WHT. The proof of the pudding is what lessons were learned and whether it happens again...

If you want to find one thing to pin this attack on it's the fact that MCHost got very popular, very fast...

Originally posted by papillon
When did McHost do their last complete security audit?

Two weeks ago. If you wish, i'd be happy to send you the name of the company and person that performed it in case you need any security consulting for your servers. If you don't know anything about whats going on inside a company ...

Thank you :)

Kiwi, is that person i sent to you?

Originally posted by Kiwi
Two weeks ago. If you wish, i'd be happy to send you the name of the company and person that performed it in case you need any security consulting for your servers.

By the looks of it, you should be asking for your money back as he didn't do much of a job, did he?

Next time, get a real security audit and not a cosmetic one. :)

Sarah

My dad always use to say that the purpose of locks were to help keep honest people honest. A thief or someone wanting to cause harm will find another way in. Same thing with servers...

If someone wants to get in badly enough, they will.

Originally posted by SplashHost.com
Kiwi, is that person i sent to you?

We had 2 done. One from that on 2 machines only and one from a large security consulting firm in Chicago. They did a great job but, as far as we have it tracked down, the server was most probably exploited with a new security hole discovered in Linux that leaves pretty much all servers vulnerable. With that said, we're not the only hosting company affected and not the last one to be hit.

Originally posted by Kiwi

we're not the only hosting company affected and not the last one to be hit.

I agree with you.

Isn't it interesting that the original thread starter had zero or no posts, and the later nay sayers have very little posts.


:Note that

Originally posted by Hostbust
Isn't it interesting that the original thread starter had zero or no posts, and the later nay sayers have very little posts.


Could it be because they're finally fed up with how things have been going and are tired of giving MCHost more chances?

Hi,
MCHost may now be one of the securest hosting companies out there, because of what happened. I'm sure that they cannot afford another attack like this, so they will take extra precautions to prevent a "next time". Other hosts may have never been tested.

I'm realtively new to this forum, but I think that a forum like this keeps most of the hosting companies (i.e. splashost, mchost, voxtreme etc.) at their best. If any company starts taking shortcuts it will be voiced here. I also think that the original poster should not be austersized for voicing his opinion. He is upset and has a right to be, and I am sure MChosts is upset aswell. But once the situation calms down both he and MChosts will be better for it and both will be better companies.

Take it as a learning experience.

Even though I don't have my own reseller account (just yet;)), this post has taught me a little bit more about the webhosting biz and security. And I look forward to working with one of the hosts (including MChost) in the future.

ciao :D

Hi,

These days all the big resellers have major problems. They try to buget between profit and service and most of them go for profit. I think the best service is always from the smaller resellers or less known resellers.

:bawling: At least your safer from attacks..

Paul Hughes

Originally posted by ukhost4u
Hi,

These days all the big resellers have major problems. They try to buget between profit and service and most of them go for profit. I think the best service is always from the smaller resellers or less known resellers.

:bawling: At least your safer from attacks..

Paul Hughes
http://www.ukhost4u.com/

Put yourself into the mind of a cracker for a second ..who are you going to attack ...a large hosting company or James' Family Hosting ?

If i was, i would go for the following:

1) Big and secure Servers

2) Company with Good rep

3) Competitor

Im guessing this in general what a hacker would look for! and about the james family hosting would be under the microscope too! Why wouldnt they be.

They would start small on simple servers known system flaws and exploit.. then make there way to anything and any company! Its not how good you hack its probably how many you have hacked!

Ahh this make me feel 13 again...

Marc seriously you did well... 14 hours downtime and still recovering your server is something to be shouted a drink for! (Maybe more than one) They would have tried to destroy everything not just data!

Good job Mate,

Kind regards