Results 1 to 25 of 116
-
07-09-2009, 05:24 PM #1Retired Moderator
- Join Date
- Aug 2003
- Location
- Pittsburgh
- Posts
- 3,490
ASmallOrange (ASO) compromised/hacked!
Via e-mail:
Dear ASO Customer,
Last night, several of our hosting servers were compromised and a number of customer accounts were deleted. While not all customers are affected, we feel that all customers should be aware of the incident.
The attack happened through a compromised password/computer used by one of the techs to access/support/maintain servers. We've disabled access from that computer and account until we can investigate the matter thoroughly.
The servers affected were server names starting with the letters A through D. We've posted a notice on our customer forums and will update it with more information:
http://forums.asmallorange.com/index...howtopic=12908
If your server isn't listed, your site wasn't affected by this.
If you don't know the server your site is hosted on, you can use our server lookup tool:
http://www.asmallorange.com/extras/server.php
Based on the log data, it does not appear that customer password files were downloaded or accessed, or that any data was transferred. Instead, the attacker simply deleted the customer accounts, and on some servers, critical system files. If you account is on a server that was attacked, we recommend changing your passwords as soon as you have access to your site again.
Our overnight and morning teams have been restoring data, but this is a slow process. For customers affected, please be patient as we work to get through this problem. We understand that many of you host sites for your clients and many of you run your website as a business. Our support team is working as hard as they can to get the data back online as soon as possible.
Once this is behind us, we will be reviewing many of the security systems currently in place and start building improvements. We certainly don't want an incident like this to happen again. We sincerely regret that this happened, and apologize to all customers who were affected by this.
Thanks for being our customer, and we appreciate your patience as we work to get this resolved.
--
Andrew Boring
Director of Customer Relations
A Small Orrange - Hosting, Design, Software
I don't plan on moving away from ASO as this could really have happened to anyone, and they've fully restored my data. Still, if this happened last evening, I would have expected a notification e-mail a little sooner than now.Last edited by CArmstrong; 07-09-2009 at 05:28 PM.
-
07-09-2009, 05:30 PM #2Retired Moderator
- Join Date
- Aug 2003
- Location
- Pittsburgh
- Posts
- 3,490
Interesting. Looks like this wasn't their only issue recently: http://forums.asmallorange.com/index...howtopic=12878
Maybe it is time to find a new provider.
-
07-09-2009, 05:43 PM #3Elite Webmaster
- Join Date
- Nov 2008
- Location
- Florida, U.S
- Posts
- 1,738
Man, that's ruff.
I hope they can restore all of their client's accounts.HOSTLEET.COM, LLC - Elite Website Hosting Since 2008!
★ Fast ★ Reliable ★ Affordable ★ Secure ★ Friendly & Courteous
★ RISK-FREE Money Back Guarantee ★ U.S.A Based & Operated
★ Read Through Our Most F.A.Q's!
-
07-09-2009, 05:51 PM #4Web Hosting Master
- Join Date
- Apr 2006
- Posts
- 1,128
I haven't used these guys in years and they still send me this crap in their mailing list, even though I have asked on several occasions to have my account deleted.
I cannot, for the life of me, understand why hosting companies insist on retaining customers data (billing accounts etc) for years after they leave.
Isn't there some sort of legislation in the US that forces companies to delete unnecessary customer data (we have the Data Protection Act in the UK for this job)?
-
07-09-2009, 05:56 PM #5WHT Addict
- Join Date
- Jan 2007
- Location
- Lisbon, Portugal
- Posts
- 103
If there are invoices associated with your account, that account cannot be deleted, since companies are forced to retain billing information for a number of years (it changes from country to country). What can be done is close the account so the client wont receive any more emails, but deleting, i would think not.
TekSuporte - Server and Security Management
Dedicated support staff 24x7x365 fluent in Portuguese, Spanish and English
Free server audit
-
07-09-2009, 06:00 PM #6Web Hosting Master
- Join Date
- Apr 2006
- Posts
- 1,128
-
07-09-2009, 06:14 PM #7Web Hosting Guru
- Join Date
- May 2008
- Location
- Philadelphia, PA
- Posts
- 250
^^^^ AUDIT
IRS can go back 7 yearsDatabase By Design, LLC
Philadelphia, PA Datacenter (401 North Broad)
Premium Dedicated Server Hosting, Complex Hosting Solutions and Public/Private Cloud.
866.488.7770 | Contact Us | www.databasebydesignllc.com
-
07-09-2009, 06:42 PM #8Newbie
- Join Date
- Jan 2007
- Location
- Belgium
- Posts
- 12
As much as I understand your point of customers having an accessible website at all times, issues like these can always occur. A hacker intruding one or multiple servers and deleting files isn't exactly something one likes to deal with nor have issues with. Sure, it could've been prevented by taking extra security precautions but even with a firewall and virusscanner installed you still have the risk of being hacked.
Advising one to leave said host for this issue on short-notice seems like an overreaction. Like the topicstarter said, his website seems to be unaffected by this and he/she did not report any other problems so I presume this user is content.
Edit: I did not realize you were the topicstarter. In this case, if you have been affected by other issues then yes it would be advised to switch. Yet you did not mention being affected by anything else so I presume everything is A OK
-
07-09-2009, 07:13 PM #9Disabled
- Join Date
- Jul 2009
- Posts
- 110
-
07-09-2009, 07:19 PM #10Junior Guru
- Join Date
- Jun 2009
- Location
- Canada
- Posts
- 196
Wow that'ss ruff, but seems like a very professional response and act on there behalf. Hope everything works out for ASO. Menatime yes legally some information must be kept to protect threr butt as a provider
http://www.caperhosting.net - web/shells/ircd/shoutcast hosting!
Live Chat sales/support on website
WHMCS billing system and client login
CaperHosting.net We care about everyone!
-
07-09-2009, 07:24 PM #11Web Hosting Master
- Join Date
- Apr 2006
- Posts
- 1,128
The upper arrow spam and capslocks are not required...
So are you really trying to tell me that every single US company keeps a record of every single transaction they make for 7 years? Somehow, I think not...
I am no longer an ASO customer, and have not been for some years, yet my details are still subject to being stolen by an intruder just because they don't feel like deleting past customers from their databases.
The same applies to WHT, they simply refuse to delete user accounts, taking the high ground, etc etc, and yet their entire database gets compromised and before I know I'm received 1'000 more spam emails a day. A situation that could have been avoided if WHT had just removed their head from their ass and deleted customer accounts on request.
-
07-09-2009, 07:28 PM #12Web Hosting Guru
- Join Date
- May 2008
- Location
- Philadelphia, PA
- Posts
- 250
That came off wrong, it was more directed at the IRS and the hellish time any company would experience under an audit.
Database By Design, LLC
Philadelphia, PA Datacenter (401 North Broad)
Premium Dedicated Server Hosting, Complex Hosting Solutions and Public/Private Cloud.
866.488.7770 | Contact Us | www.databasebydesignllc.com
-
07-09-2009, 07:40 PM #13Retired Moderator
- Join Date
- Oct 2002
- Location
- EU - east side
- Posts
- 21,920
^^^^ AUDIT
IRS can go back 7 years
-
07-09-2009, 11:51 PM #14Web Hosting Industry Expert
- Join Date
- Dec 2007
- Location
- Indiana, USA
- Posts
- 19,196
Although this is a good idea - depending on what billing system they are using this may not be the easiest thing to do without hiring a developer to provide a system to archive the data.
I know that in WHMCS you can mark a client as inactive and when you go to send a mail to all of your customers you would set it to go only to "active" customers.
Another thing that is even better is in WHMCS you can send an email to all hosting customers and then you can even filter it by whether their hosting plan is active or not, what server they are on, etc...
If they are using WHMCS then it's probably the best way to do it - if they're using something else I'm not sure.█ Michael Denney - MDDHosting.com - Proudly hosting more than 37,700 websites since 2007.
█ Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
█ cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
█ Class-leading support that responds in minutes, not days.
-
07-09-2009, 11:58 PM #15Web Hosting Master
- Join Date
- Sep 2004
- Location
- Fairborn, ohio
- Posts
- 923
• Imeanwebhosting.com - Shared cpanel hosting, 99.9% uptime.
• 10 min average ticket responses, softaculous, rvsitebuilder, and more!
• Reliable, affordable shared hosting. I Mean Web Hosting!
-
07-10-2009, 01:18 AM #16Web Hosting Industry Expert
- Join Date
- Dec 2007
- Location
- Indiana, USA
- Posts
- 19,196
-
07-10-2009, 01:26 AM #17Web Hosting Master
- Join Date
- Nov 2007
- Location
- Dallas, TX
- Posts
- 9,064
-
07-10-2009, 06:56 AM #18Web Hosting Master
- Join Date
- Sep 2004
- Location
- Fairborn, ohio
- Posts
- 923
He was saying "well not everyone keeps financial records" and I was just saying "well just because everyone doesn't do the right thing, that doesn't change right to wrong". For example, not EVERYONE pays their taxes properly, but that doesn't mean it's ok to dodge taxes.
It's possible I just worded that poorly though, as I'm fairly sleep deprived myself.• Imeanwebhosting.com - Shared cpanel hosting, 99.9% uptime.
• 10 min average ticket responses, softaculous, rvsitebuilder, and more!
• Reliable, affordable shared hosting. I Mean Web Hosting!
-
07-10-2009, 07:59 AM #19WHT Addict
- Join Date
- Jan 2007
- Location
- Lisbon, Portugal
- Posts
- 103
TekSuporte - Server and Security Management
Dedicated support staff 24x7x365 fluent in Portuguese, Spanish and English
Free server audit
-
07-10-2009, 01:32 PM #20WHT Addict
- Join Date
- Jun 2004
- Location
- Canada
- Posts
- 132
Script kiddies exploit code and use trojans/viruses, and typically use shared/dedicated accounts for numerous reasons. Sending spam, scanning other servers for vulnerabilities, DoS/dDoS, spamming forums. The list can go on.
Real hackers, that actually want to get information like credit cards and possibly access to internal systems. They don't let you know they're there, they get access to systems over time and without notice by social engineering or looking for weaknesses. This is most likely the case, and all started off with an insecure password, active directory account, keylogger. Some people seem to think that a lack of security can save time. For instance, having the same root password on all of their shared servers. Instead of using an ssh key for each support person and a sshkey deployment system.
Emails and private data is of one concern, however it looks like data was just delete but who knows what was extracted. Even if they did investigate, there are many ways to extract data and hide your tracks. Install 'snoopy' and run syslog on another host and keep a running log on a secured server. This is something that should be done with all large server setups.
I agree with you on specific points. However, you can protect yourself. Setting up aliases for each website you submit your email to is a sure way to find out where your email got leaked. I use a catchall for this and sign up wht@domain.com or forum@domain.com
Then you just trash the email and signup wht2@domain.com or turn it into a honeypot. Which works great for spam reporting.
I also have different passwords for forums depending on certain criteria. Simple to remember, but they're never used for banking or other details so when they're compromised they're useless.
-
07-10-2009, 01:34 PM #21Web Hosting Industry Expert
- Join Date
- Dec 2007
- Location
- Indiana, USA
- Posts
- 19,196
█ Michael Denney - MDDHosting.com - Proudly hosting more than 37,700 websites since 2007.
█ Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
█ cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
█ Class-leading support that responds in minutes, not days.
-
07-10-2009, 01:59 PM #22WHT Addict
- Join Date
- Jun 2004
- Location
- AZ
- Posts
- 121
I am sorry. Maybe I am missing a point here. Twice in one month servers get hacked and we, as customers, are not supposed to get concerned. What about private, secure, or sensitive data. Did this hacker download prior to deleting?
I have been with ASO since the very early days of the company. I believe I am one of the longest running original clients. But, this year has been rough, for me and others. Too many server changes required to avoid constant downtime. Too many techical support 'glitches'. And, honestly, when I do talk to technical support, they seem to have a very strong 'defensive attack' approach. That pretty much tells me that I am not the only one who is complaining about the same things.
Maybe it is my imagination, but it seems to me that when Tim was resident and actively involved in all aspects, the company ran like a well oiled machine (from a customer's viewpoint). When his constant 'hands on' activity stopped, the company started sliding.
I think he needs to find a couple of Tim clones to replace himself and maybe we could get back to ASO being a user friendly hosting service again.
Yes, I know, I can leave. But, I used ASO for a lot of years with GREAT service. I guess I keep waiting for Tim to wake up and bring back the quality service that took his company to the top.
-
07-10-2009, 02:07 PM #23Disabled
- Join Date
- Sep 2005
- Location
- A box
- Posts
- 2,051
-
07-10-2009, 03:25 PM #24rogue element
- Join Date
- Jun 2004
- Location
- Northwest Colorado
- Posts
- 4,636
If my shared hosting provider were to be hacked, I would take my business elsewhere. Either a host takes security seriously or they don't. I've been with canadawebhosting.com for seven years, they've never had an issue like this. I was with newyorkinternet.com for five years, they've never had an issue like this either. This isn't a "luck of the draw" issue. If CWH were to be hacked, then I'd be gone in a heartbeat despite years of being a happy customer of theirs, because I think it's inexcusable for a host to be compromised -- let alone by script kiddies. Just my $0.02.
Eric J. Bowman, principal
Bison Systems Corporation coming soon: a new sig!
I'm just a poor, unfrozen caveman Webmaster. Your new 'standards' frighten, and confuse me...
-
07-10-2009, 03:40 PM #25WHT Addict
- Join Date
- Jun 2004
- Location
- AZ
- Posts
- 121
The sad part is that in their forum posts they say they 'tracked' the person. But, they did not pass on that information to us, the customers. We don't know every server that was hit. We don't know what areas of each server were hit. In fact, the only info we received is in the email in the first post here.
I changed my own login and am hoping that others will be smart enough to do the same. But, there was confidential info on my server. So, how much info can I pass on to my own users when the info that I would need to do that is not being passed on to me?? Were my user's forum accounts compromised? I will keep vigilant eyes on my logs....
Similar Threads
-
ASmallOrange (ASO)
By albopf in forum Web HostingReplies: 14Last Post: 01-31-2009, 11:47 PM -
asmallorange
By kaihao96 in forum Web HostingReplies: 12Last Post: 11-23-2007, 06:51 PM -
asmallorange.com
By RossH in forum Providers and Network Outages and UpdatesReplies: 4Last Post: 09-14-2006, 10:20 PM -
What about asmallorange?
By softak in forum Web HostingReplies: 14Last Post: 03-31-2005, 03:06 PM -
CCBill Hacked/Compromised
By JeremyL in forum Running a Web Hosting BusinessReplies: 5Last Post: 12-31-2001, 03:29 PM