Page 1 of 2 12 LastLast
Results 1 to 25 of 43
  1. #1

    Server Hacked - by niroda

    My VPS with EUK Host got hacked yesterday. All sites on it have had all content deleted and replaced with a hacked message. EUK can't restore any of the sites as their backups were also compromised. Luckily I have a recent backup of the most important site that I DL'd on Saturday. The rest of the sites have no backups, sadly.

    I am interested to know if I have been misled with the circumstances of the hack. The support people tell me that it's my fault and my problem as my root password is weak (it was not weak at all) plus I was running wordpress sites and that's where the breach took place. I was under the impression that sites COULD get hacked but that hack could not gain access to the server itself. This was my understanding anyway. Also, I note that their VPS Node : EL58 is under attack and that "Mar 05, 2012 Urgent Maintenance : backup4 server". Coincidence that all my sites have no backups? Any advice on what I can or should do? Suspect you will all say it's my own fault for not taking backups for the other sites etc!

    I will be looking for a new host. I have been messed about all day. Promised info, calls and ticket updates. Just had one of the chat operators getting quite terse with me too. EUK were OK but the end of last year and this year have been terrible.

    Can anyone recommend a good UK host? I do need it to be UK though.

  2. #2
    Join Date
    Mar 2009
    Location
    Miami, Florida
    Posts
    20,777
    Quote Originally Posted by Jezsez View Post
    My VPS with EUK Host got hacked yesterday. All sites on it have had all content deleted and replaced with a hacked message. EUK can't restore any of the sites as their backups were also compromised. Luckily I have a recent backup of the most important site that I DL'd on Saturday. The rest of the sites have no backups, sadly.

    I am interested to know if I have been misled with the circumstances of the hack. The support people tell me that it's my fault and my problem as my root password is weak (it was not weak at all) plus I was running wordpress sites and that's where the breach took place. I was under the impression that sites COULD get hacked but that hack could not gain access to the server itself. This was my understanding anyway. Also, I note that their VPS Node : EL58 is under attack and that "Mar 05, 2012 Urgent Maintenance : backup4 server". Coincidence that all my sites have no backups? Any advice on what I can or should do? Suspect you will all say it's my own fault for not taking backups for the other sites etc!

    I will be looking for a new host. I have been messed about all day. Promised info, calls and ticket updates. Just had one of the chat operators getting quite terse with me too. EUK were OK but the end of last year and this year have been terrible.

    Can anyone recommend a good UK host? I do need it to be UK though.
    Hello,
    When a provider posts that a server is under attack, it typically involves a DDoS attack, not a defacement. May I ask if you were running a control panel and using a strong password. It almost sounds like the attacker managed to get your root codes.
    Keith I Myers
    KMyers.me The rantings of a lunatic
    Join me on Technical.chat

  3. #3
    If their backups got compromised too, doesn't that mean their server was hacked? If that is the case, it wasn't your fault at all. Seems they need to do server audits a bit more often and setup their servers better.

  4. #4
    Quote Originally Posted by KMyers View Post
    Hello,
    When a provider posts that a server is under attack, it typically involves a DDoS attack, not a defacement. May I ask if you were running a control panel and using a strong password. It almost sounds like the attacker managed to get your root codes.
    Yes, it has control panel. I would say that the password was very strong.

    It's alwasy possible that somehow my security has been compromised locally. I would be surprised though. Why go for the server (just one server ((so far!!)) at that) and not the paypal account or something worse? My local machine has good security but I doubt it would stop something new or really good, if any security would.

  5. #5
    Join Date
    Mar 2009
    Location
    Miami, Florida
    Posts
    20,777
    Quote Originally Posted by JoeBates View Post
    If their backups got compromised too, doesn't that mean their server was hacked? If that is the case, it wasn't your fault at all. Seems they need to do server audits a bit more often and setup their servers better.
    That may not be the case. A backup server is often a separate machine. I not see if they did backups of the VMs so I asked and confirmed they do
    Keith I Myers
    KMyers.me The rantings of a lunatic
    Join me on Technical.chat

  6. #6
    Quote Originally Posted by JoeBates View Post
    If their backups got compromised too, doesn't that mean their server was hacked? If that is the case, it wasn't your fault at all. Seems they need to do server audits a bit more often and setup their servers better.
    That was my thought too. But they are merely saying that their backup was taken after the hack. Conveniently.

  7. #7
    Join Date
    Jun 2003
    Location
    Spain
    Posts
    4,251
    Quote Originally Posted by Jezsez View Post

    Can anyone recommend a good UK host? I do need it to be UK though.
    FutureHosting without a doubt!

  8. #8
    Join Date
    Jun 2011
    Location
    Internet
    Posts
    2,985
    Quote Originally Posted by Jezsez View Post
    That was my thought too. But they are merely saying that their backup was taken after the hack. Conveniently.
    Was your VPS control panel password where you start the backup the same as any other that you use elsewhere?

  9. #9
    Quote Originally Posted by Jezsez View Post
    That was my thought too. But they are merely saying that their backup was taken after the hack. Conveniently.
    That would make more sense, that sucks!

  10. #10
    Quote Originally Posted by Flapadar View Post
    Was your VPS control panel password where you start the backup the same as any other that you use elsewhere?
    I think it may be the same password for the mail server, possibly.

  11. #11
    Join Date
    Dec 2011
    Posts
    91
    Quote Originally Posted by Jezsez View Post
    My VPS with EUK Host got hacked yesterday. All sites on it have had all content deleted and replaced with a hacked message. EUK can't restore any of the sites as their backups were also compromised. Luckily I have a recent backup of the most important site that I DL'd on Saturday. The rest of the sites have no backups, sadly.

    I am interested to know if I have been misled with the circumstances of the hack. The support people tell me that it's my fault and my problem as my root password is weak (it was not weak at all) plus I was running wordpress sites and that's where the breach took place. I was under the impression that sites COULD get hacked but that hack could not gain access to the server itself. This was my understanding anyway. Also, I note that their VPS Node : EL58 is under attack and that "Mar 05, 2012 Urgent Maintenance : backup4 server". Coincidence that all my sites have no backups? Any advice on what I can or should do? Suspect you will all say it's my own fault for not taking backups for the other sites etc!

    I will be looking for a new host. I have been messed about all day. Promised info, calls and ticket updates. Just had one of the chat operators getting quite terse with me too. EUK were OK but the end of last year and this year have been terrible.

    Can anyone recommend a good UK host? I do need it to be UK though.

    Sounds fishy. Backups compromised!?! C'mon. Really? Only way to have compromised backups is not taking them frequently. Check out /var/log/messages. Compare root login IPs against your own. Unless that was compromised too.
    BigInstance.com
    [+] VPS - KVM HVM - 4GB & up
    [+] Dedicated CPU core(s)
    sales [@] biginstance.com

  12. #12
    Join Date
    Feb 2012
    Posts
    156
    Quote Originally Posted by XTremo View Post
    FutureHosting without a doubt!
    I was going to recommend them too, they also will be able to ensure that your VPS is up to date, secure, and give you proper managed support and security, along with monitoring. I would check 'em out.

  13. #13
    This is the incomprehensible support ticket reply:

    "As per your telephonic conversation with Suzanne, we have tried to restored data from our backup system but unfortunately, there are the same files available as they are on your VPS.

    We can do one thing, if sites on your VPS other than the sites available in backup with you are not important for you then we can create a new VPS for you with the same configuration, apply all the security tweaks and then restore important sites backup on it. This way, you will get secured VPS with all important data."

    Seems to me that the last VPS was not secure, by their own admission.

    Thanks for the recommendation on host - but it needs to be a UK host I'm afraid.

  14. #14
    Join Date
    Apr 2010
    Location
    North Carolina
    Posts
    442
    Quote Originally Posted by Jezsez View Post
    Seems to me that the last VPS was not secure, by their own admission.
    Is this a managed VPS? If not, securing your VPS is your job.

  15. #15
    Quote Originally Posted by Jezsez View Post
    My VPS with EUK Host got hacked yesterday. All sites on it have had all content deleted and replaced with a hacked message. EUK can't restore any of the sites as their backups were also compromised. Luckily I have a recent backup of the most important site that I DL'd on Saturday. The rest of the sites have no backups, sadly.

    I am interested to know if I have been misled with the circumstances of the hack. The support people tell me that it's my fault and my problem as my root password is weak (it was not weak at all) plus I was running wordpress sites and that's where the breach took place. I was under the impression that sites COULD get hacked but that hack could not gain access to the server itself. This was my understanding anyway. Also, I note that their VPS Node : EL58 is under attack and that "Mar 05, 2012 Urgent Maintenance : backup4 server". Coincidence that all my sites have no backups? Any advice on what I can or should do? Suspect you will all say it's my own fault for not taking backups for the other sites etc!

    I will be looking for a new host. I have been messed about all day. Promised info, calls and ticket updates. Just had one of the chat operators getting quite terse with me too. EUK were OK but the end of last year and this year have been terrible.

    Can anyone recommend a good UK host? I do need it to be UK though.

    This happened to a client of mine. They were using Avail[-bleep-]. Their VPS software had a vulnerability in it and all of my client's domains were hacked. Had nothing to do with negligence of my client. No weak passwords, vulnerable software, etc.

  16. #16
    Join Date
    Feb 2006
    Location
    Kepler 62f
    Posts
    16,703
    I'm seeing more and more hosts blame customers, and not take responsibility for the craptastic non-security of their own servers. It's ghastly how many "hosts" are not running suexec, complex server security, etc. Just plop up a box with a default deploy, fill it up, rake in the dough. When it crashes, for whatever reason, blame the customers.

    This is why I'm so selective about which hosts I'll use (or recommend to others).
    || Need a good host?
    || See my Suggested Hosts List || Editorial: EIG/Site5/Arvixe/Hostgator Alternatives
    ||

  17. #17
    Join Date
    Jul 2008
    Location
    Seminole, Oklahoma
    Posts
    1,665
    Sorry to hear your VPS got hacked. But if your root pass was the issue be sure to check your logs. I suggest you quit using your root password and setup SSH to use a key + pass phrase authentication. Gives you a bit more security.

  18. #18
    Join Date
    Jul 2002
    Location
    London, United Kingdom
    Posts
    4,455
    Quote Originally Posted by Jezsez View Post
    Seems to me that the last VPS was not secure, by their own admission.
    They didn't say that at all.

    The offered to setup a new VPS for you and perform initial securing of it - ongoing security and management will be your responsibility, and (from the posts) it sounds like you allowed something nasty through one of your wordpress sites.
    Rob Golding Astutium Ltd - UK based ICANN Accredited Domain Registrar - proud to accept BitCoins
    Buying Web Hosts and Domain Registrars Today @ hostacquisitions.co.uk
    UK Web Hosting | UK VPS | UK Dedicated Servers | ADSL/FTTC | Backup/DR | Cloud
    UK Colocation | Reseller Accounts | IPv6 Transit | Secondary MX | DNS | WHMCS Modules

  19. #19
    Quote Originally Posted by othellotech View Post
    They didn't say that at all.

    The offered to setup a new VPS for you and perform initial securing of it - ongoing security and management will be your responsibility, and (from the posts) it sounds like you allowed something nasty through one of your wordpress sites.
    I'm gald you were able to glean some actual sense out of that mesage, as I struggled.

    Actually, in the telephone conversation they alluded to the security not being as good as it should have been. "We will tighten up the security on your VPS" is what they said they would do. How does it sound like I let something in via a WP site?

  20. #20
    Update on this:

    All my sites, emails and everything magically came back at 10pm last night. Even though they didn't have any usable backups! I have asked in the ticket how they managed this. Glad they are all back, but now I trust this host even less. They really seem to have no clue at all. I don't see how they could make a mistake like that and then suddenly find that they did, in fact, have all the backups after all.

    I have paid for the year for this VPS (mistake I now realise, that will never happen again) so I will try and swap it with my other more relaible VPS and put much less important sites on this one and get rid of the whole thing when the paid term finishes.

    I'll let you know what they say in the ticket later.

  21. #21
    Quote Originally Posted by kpmedia View Post
    I'm seeing more and more hosts blame customers, and not take responsibility for the craptastic non-security of their own servers. It's ghastly how many "hosts" are not running suexec, complex server security, etc. Just plop up a box with a default deploy, fill it up, rake in the dough. When it crashes, for whatever reason, blame the customers.

    This is why I'm so selective about which hosts I'll use (or recommend to others).
    Reading up on EUK Host on review sites and forums this has happened to a lot of people - lots of complaints and issues like mine (though not quite as drastic).

  22. #22
    Join Date
    Apr 2010
    Posts
    65
    I'd suggest posting a message in their forums outlining the problems and asking them how they're going to prevent it happening again.

    As an ex-customer, I learnt that you can kick up a fuss on their forums and it will remain there - they don't delete/censor genuine complaints. You'll also get the attention of the guys higher up. EUK's first level techs are standard level, crappy, read from script, low level employees - but they have some solid techs higher up.

    But, as a company that prides itself in being FULLY managed (they'll install 3rd party scripts going the extra mile over many managed providers), how they can blame you for poor security is beyond me, unless your root pw really was pants.
    www.SneakSMS.com
    Anonymous text messaging
    Send SMS messages from anybody's number

  23. #23
    Quote Originally Posted by sneaksms View Post
    I'd suggest posting a message in their forums outlining the problems and asking them how they're going to prevent it happening again.

    As an ex-customer, I learnt that you can kick up a fuss on their forums and it will remain there - they don't delete/censor genuine complaints. You'll also get the attention of the guys higher up. EUK's first level techs are standard level, crappy, read from script, low level employees - but they have some solid techs higher up.

    But, as a company that prides itself in being FULLY managed (they'll install 3rd party scripts going the extra mile over many managed providers), how they can blame you for poor security is beyond me, unless your root pw really was pants.
    Thanks sneaksms. The root password was in no way whatsoever weak. Strong to the point of being incredibly difficult to a, remember and b, type!

  24. #24
    Join Date
    Jul 2002
    Location
    London, United Kingdom
    Posts
    4,455
    Quote Originally Posted by Jezsez View Post
    How does it sound like I let something in via a WP site?
    You said thats how you were exploited in the first post
    Rob Golding Astutium Ltd - UK based ICANN Accredited Domain Registrar - proud to accept BitCoins
    Buying Web Hosts and Domain Registrars Today @ hostacquisitions.co.uk
    UK Web Hosting | UK VPS | UK Dedicated Servers | ADSL/FTTC | Backup/DR | Cloud
    UK Colocation | Reseller Accounts | IPv6 Transit | Secondary MX | DNS | WHMCS Modules

  25. #25
    Quote Originally Posted by othellotech View Post
    You said thats how you were exploited in the first post
    No, that's what EUK Host said. A sort of belt and braces type blaming. They said root password was weak AND I was using wordpress sites. I don't actually know how I was exploited yet. Doubt I will unless they are honest and tell me. Which I don't think they will as I think they were at fault.

Page 1 of 2 12 LastLast

Similar Threads

  1. Can my blog be hacked on shared hosting if my neighbour is hacked?
    By zobe in forum Hosting Security and Technology
    Replies: 17
    Last Post: 03-10-2011, 04:09 AM
  2. Server hacked : how can I find out how they are uploading files to my server?
    By listenmirndt in forum Hosting Security and Technology
    Replies: 4
    Last Post: 04-14-2007, 12:44 PM
  3. Replies: 6
    Last Post: 08-24-2006, 04:11 PM
  4. Plesk server hacked, hiring to move clients to new server
    By DaveNET in forum Employment / Job Offers
    Replies: 3
    Last Post: 07-30-2005, 09:56 PM
  5. Replies: 5
    Last Post: 08-05-2001, 10:50 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •