Page 1 of 2 12 LastLast
Results 1 to 25 of 31
  1. #1
    Join Date
    Apr 2003
    Location
    Garden City, SC
    Posts
    39

    Hostrocket server got hacked?

    I get a call from a client saying their site had been hacked. I went there and yes it had been hacked. I of course contact Hostrockets tech support and get this response:

    Question:
    --------------------------------------------------------------------------------
    Other

    Our server has been hacked. What is going on?
    --------------------------------------------------------------------------------
    On 2004-06-14 at 17:52:39, Support wrote:
    --------------------------------------------------------------------------------
    There was a server issue the other night and it was hacked
    into. There was/is no lack of
    security. Maintenemce was being done on the servers and
    someone slipped through. At
    this time, our servers are running at 100%. I would advise
    that you change any &
    all passwords and restore your site from any personal
    backups you have. Unfortunately,
    we do backups only when it is requested by the customer and
    they pay the $10 backup fee.
    If you would like to take advantage of this in the future,
    or if you have any other
    questions/concerns, please let us know.

    XXXXXXXXXXXX
    HostRocket Support
    There was no lack of security but yet someone hacked the server while they were performing maintenance?

    Does anyone else see something wrong with that statement? If that is the attitude of their system administrators then my confidence level in HostRockets security just dropped. It was just a few years ago when their servers got hacked and thieves stole customers credit card numbers.

    How does a hacker just slip through, as they stated, when maintenance is being done on the server?

    The thing that ticks me off is since they allowed the security breach that wiped out my clients website they should be offering to restore the sites from backup for free but no they want to charge us for that.

    Thoughts, opinions? Is it time to start looking for a more reliable and secure webhost to put my clients on?

  2. #2
    Join Date
    Dec 2003
    Location
    Miami, FL
    Posts
    3,262
    HostRocket has been in business for years, they are a respected company in the hosting industry. When a server is compromised, it's never fun for the clients or the host.

    It doesn't matter who your host is or how rich they are, servers can be compromised. The important thing is that they take care of the problem as soon as possible and prevent any further problems.

  3. #3
    Join Date
    Mar 2003
    Location
    United States
    Posts
    3,683
    In their defense, if anyone with the knowledge wants to get into a server - they will. I'm sure that HR probably did follow typical procedures for protecting the server, but it goes to the above statement and it depends upon the situation.

    It's also typical for a company to charge for backups unless otherwise stated. It's technically not their responsibility (see their TOS - usually) if the server is hacked to offer a backup.

  4. #4
    Join Date
    Apr 2003
    Location
    Garden City, SC
    Posts
    39
    I've been with Hostrocket for 3 or 4 years now. I've been happy with them for the most part but it's mistakes like this that start putting doubts into my head.

    From what I can gather from responses they gave to other customers they took down their firewall while they were doing maintenance on the server. Is it a typical procedure to lower the defenses on a server while you are conducting maintenance?

  5. #5
    Join Date
    Jun 2004
    Location
    New York, NY
    Posts
    376
    Originally posted by CrazyTech
    In their defense, if anyone with the knowledge wants to get into a server - they will. I'm sure that HR probably did follow typical procedures for protecting the server, but it goes to the above statement and it depends upon the situation.

    It's also typical for a company to charge for backups unless otherwise stated. It's technically not their responsibility (see their TOS - usually) if the server is hacked to offer a backup.

  6. #6
    Join Date
    Dec 2002
    Location
    Los Angeles
    Posts
    559
    interesting that they have their support admitting to a hack. you have to hand it to them for honesty (and crappy security measures).

    but this struck me as odd; "we do backups only when it is requested by the customer..." --- are they saying that they don't have any backups of client data?

    i can understand charging $10 to restore from a backup, but to run a hosting company without any backups is flat out insane.

    "yeah, well, your server crashed last night, so you better upload your site again." ha ha ha. jesus.
    datapimp - You only get one soul, ya dig?

  7. #7
    Originally posted by datapimp.com
    interesting that they have their support admitting to a hack. you have to hand it to them for honesty (and crappy security measures).

    but this struck me as odd; "we do backups only when it is requested by the customer..." --- are they saying that they don't have any backups of client data?

    i can understand charging $10 to restore from a backup, but to run a hosting company without any backups is flat out insane.

    "yeah, well, your server crashed last night, so you better upload your site again." ha ha ha. jesus.
    You have a good point there.

    My current host's server died last summer and they lost all sites and updates to sites 3 months old - they did nothing about this and insisted that it is not their responsibility to make backups.

    Whilst this may be partially true, it doesn't do much for business!

    Brad.

  8. #8
    Join Date
    Apr 2003
    Location
    Garden City, SC
    Posts
    39
    Here is the rest of the conversation but the latest response is from a different tech support member. They at least now apologized. The previous tech support person could probably take a lesson from this person about customer relations.

    On 2004-06-14 at 18:40:23, you wrote:
    --------------------------------------------------------------------------------
    Please explain to me if there was no lack of security then
    how did someone slip through? If the hacker got in
    because of sometbing that Hostrocket staff did or did not
    do then the least that Hostrocket can do is restore our
    sites from backup without charge.
    --------------------------------------------------------------------------------
    On 2004-06-14 at 19:24:23, Support wrote:
    --------------------------------------------------------------------------------
    Hi,

    I'm truly sorry for the inconvenience you have experienced.
    I've gone ahead and credited your account 1 month free for
    web hosting. Necessary firewall and security steps are
    being implemented so this does not happen again.

    We provide our customers with daily backups of their site
    at the control panel by clicking on the daily backup icon.
    Unfortunately we do not have backups of the material that
    was lost. Please let me know if there's anything else I
    could assist you with.

    Kindest Regards,

    XXXXXXXXXXXXXX
    HostRocket Support
    So to answer the question about backups. No they do not backup your site unless you pay them extra.

  9. #9
    How do you figure that? They are using an automatic backup solution that gives you daily backups with their hosting prices. Where in the ticket are they charging you? Just out the door, but curious why you're saying that, not defending them either =)
    dotGig
    <:<: [Fruit eating linux administrator]

  10. #10
    1 month free though - at least they know they were in the wrong .

    Perhaps you couldoffer your client a free month - to compensate for their loss?

    Just a sugestion.

    Brad.

  11. #11
    Join Date
    Apr 2003
    Location
    Garden City, SC
    Posts
    39
    Originally posted by Samuel
    How do you figure that? They are using an automatic backup solution that gives you daily backups with their hosting prices. Where in the ticket are they charging you? Just out the door, but curious why you're saying that, not defending them either =)
    They said it in their first response

    Unfortunately,
    we do backups only when it is requested by the customer and
    they pay the $10 backup fee.

  12. #12
    Join Date
    Apr 2003
    Location
    Garden City, SC
    Posts
    39
    Originally posted by SNGUK
    1 month free though - at least they know they were in the wrong .

    Perhaps you couldoffer your client a free month - to compensate for their loss?

    Just a sugestion.

    Brad.
    I always pass along any compensation to my clients. They are the ones that are paying for their website and hosting and it was not their fault that it happened.

  13. #13
    Good aproach

    One i like to share - It's always better to put yourself out a bit to ensure customers receive the service they deserver (if not more ).

    Good luck with HR.

    Brad.

  14. #14
    Join Date
    Jun 2004
    Location
    New York, NY
    Posts
    376
    My freinds gallery software was just hacked on host rocket http://www.brettevan.com/cpg/ :-(

  15. #15
    Join Date
    Nov 2000
    Location
    Newport Beach CA
    Posts
    609
    As always, HostRocket is committed to providing a high-quality service coupled with superb technical support and customer service. As part of our commitment to help our customers achieve online success, various security mechanisms are in place on our servers, on our network, and throughout our company. While these security measures do encompass every aspect of our company and its offerings, nothing can ever be 100% secure. Even with the most comprehensive and stringent security measures, all systems are always vulnerable somewhere at some point.

    In this case, a customer was running an insecure and exploitable script which allowed the individual(s) responsible for this incident access to take advantage of the situation. Once this was determined, the script was immediately disabled and removed from the server; the customer associated with that account was notified. The staff member that stated there was a problem during a maintenance window was severely mistaken and perhaps misinformed. Additionally, HostRocket acknowledges that any similar event is a breach of security regardless of the server usage situation at a given point. However, I'll stress once again that that fact does not apply to this incident though since there was no maintenance. Even during periodic maintenance, our servers are still extremely secure. Our security team is continuing to investigate the situation to ensure continued security for the affected clients. The same staff members are also taking necessary steps to guarantee the security of all accounts on other HostRocket servers.

    In this situation, “index files” were the only files tampered with; all other files, databases, and e-mail accounts are in tact and untouched. While the entire situation is a large inconvenience for everyone involved, all we can now do is ensure a quick resolution for any lingering issues and take measures to prevent such events from reoccurring.

    If you have any additional or specific questions or concerns regarding this issue, please do not hesitate to bring them to our attention. Our onsite staff is available to assist you 24/7. If you feel your issue is not being appropriately resolved by a member of our staff, please feel free to contact me or another member of our management team. I can be reached directly at timothy@hostrocket.com. Our Customer Service Manager, Melissa, can be reached directly at melissa@hostrocket.com.

    Have a great week and thank you for your continued confidence in HostRocket.
    Last edited by Timothy; 06-14-2004 at 11:41 PM.
    VOIPO - VoIP Telephone Service

  16. #16
    So was the 10 dollar backup fee a "special event backup" or the normal daily bsackup? HR uses CPanel and the backup is automatica and available 24 hours a day or did the hacker rm -f?
    dotGig
    <:<: [Fruit eating linux administrator]

  17. #17
    Join Date
    Nov 2000
    Location
    Newport Beach CA
    Posts
    609
    Originally posted by Samuel
    So was the 10 dollar backup fee a "special event backup" or the normal daily bsackup? HR uses CPanel and the backup is automatica and available 24 hours a day or did the hacker rm -f?
    HostRocket has an advanced and comprehensive backup system in place for times when a full-system recovery is needed due to extreme circumstances such as hardware or drive failures. Those specific backups are not intended to restore individual files or portions of a user site.

    Daily backups are made available every day for users to download from their control panel. It is solely the responsibility of the customer to download such backups if they they forsee a need to restore individual files in instances such as the one today. This is clearly outlined in our Terms of Service.

    Some customers would prefer for us to manage the entire backup process, but would like an option to restore individual files upon request. The fee referenced is associated with another one our services that allows just that. The fee for such a service is $10.00 and that is the referenced price above.

    I hope that is clear.
    VOIPO - VoIP Telephone Service

  18. #18
    Join Date
    Jun 2004
    Location
    New York, NY
    Posts
    376
    Timothy I'm not blaming Host Rocket for that hacked web site, just wanted to warn people who are running same gallery script.



  19. #19
    Join Date
    Aug 2001
    Posts
    1,210
    I would be more concerned with the fact that DesignQueue had to find out that the server had been compromised from a client rather than from hostrocket. IMO, anyone with an account on that machine should have been notified immediately.

    -B
    iptables -I INPUT -s 64.88.128.0/19 -j DROP
    iptables -I INPUT -s 66.111.192.0/18 -j DROP
    iptables-save > /etc/sysconfig/iptables

  20. #20
    Join Date
    Nov 2000
    Location
    Newport Beach CA
    Posts
    609
    Originally posted by TMX
    I would be more concerned with the fact that DesignQueue had to find out that the server had been compromised from a client rather than from hostrocket. IMO, anyone with an account on that machine should have been notified immediately.

    -B
    Actually clients were/are being notified. I didn't personally send the notifications, but when I left the office, another member of our staff had started the process. Obviously great communication is imperative to providing the level of service HostRocket strives to maintain.
    VOIPO - VoIP Telephone Service

  21. #21
    Join Date
    Dec 2002
    Location
    Los Angeles
    Posts
    559
    Originally posted by HRTimothy
    The staff member that stated there was a problem during a maintenance window was severely mistaken and perhaps misinformed.
    damn outsourcing...

    datapimp - You only get one soul, ya dig?

  22. #22
    Join Date
    Apr 2004
    Posts
    338
    Yeah I got the email today as well. Makes me glad I did a backup this morning.
    Tim are we good to go as far as getting out home pages back up?

  23. #23
    Join Date
    Nov 2000
    Location
    Newport Beach CA
    Posts
    609
    Originally posted by datapimp.com
    damn outsourcing...


    [removed] we don't outsource any of our staffing. [removed]


    Originally posted by Cope
    Yeah I got the email today as well. Makes me glad I did a backup this morning.
    Tim are we good to go as far as getting out home pages back up?
    Absolutely.
    Last edited by SoftWareRevue; 06-16-2004 at 03:17 PM.
    VOIPO - VoIP Telephone Service

  24. #24
    Join Date
    Dec 2003
    Location
    New Zealand
    Posts
    1,265
    No servers are totally secure, They probably try there hardest to keep it secure.

    Be nice

  25. #25
    Join Date
    Aug 2003
    Location
    Edinburgh/London
    Posts
    5,789
    Considering a member of Hostrocket staff has come on here to post about the issues previously raised by DesignQueue.

    Personally, as always, I praise a host that takes the time to explain to their customers ( as well as publicly on here) the issue at hand, what steps have been taken to avoid a reoccurance and information surrounding the problem.

    I congratulate Hostrocket on their response and the way in which they've handled this situation and I see no reason why they can't explain to users of this forum about the type of service they offer.

    Big up to Hostrocket.


    .... and no, I'm not a customer and am in no way affiliated with them.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •