Page 1 of 5 1234 ... LastLast
Results 1 to 25 of 116
  1. #1
    Join Date
    Aug 2003
    Location
    Pittsburgh
    Posts
    3,490

    ASmallOrange (ASO) compromised/hacked!

    Via e-mail:
    Dear ASO Customer,

    Last night, several of our hosting servers were compromised and a number of customer accounts were deleted. While not all customers are affected, we feel that all customers should be aware of the incident.

    The attack happened through a compromised password/computer used by one of the techs to access/support/maintain servers. We've disabled access from that computer and account until we can investigate the matter thoroughly.




    The servers affected were server names starting with the letters A through D. We've posted a notice on our customer forums and will update it with more information:

    http://forums.asmallorange.com/index...howtopic=12908

    If your server isn't listed, your site wasn't affected by this.
    If you don't know the server your site is hosted on, you can use our server lookup tool:
    http://www.asmallorange.com/extras/server.php




    Based on the log data, it does not appear that customer password files were downloaded or accessed, or that any data was transferred. Instead, the attacker simply deleted the customer accounts, and on some servers, critical system files. If you account is on a server that was attacked, we recommend changing your passwords as soon as you have access to your site again.

    Our overnight and morning teams have been restoring data, but this is a slow process. For customers affected, please be patient as we work to get through this problem. We understand that many of you host sites for your clients and many of you run your website as a business. Our support team is working as hard as they can to get the data back online as soon as possible.

    Once this is behind us, we will be reviewing many of the security systems currently in place and start building improvements. We certainly don't want an incident like this to happen again. We sincerely regret that this happened, and apologize to all customers who were affected by this.

    Thanks for being our customer, and we appreciate your patience as we work to get this resolved.


    --
    Andrew Boring
    Director of Customer Relations
    A Small Orrange - Hosting, Design, Software
    I just checked my site, and it appears to be fine. I am on the server Christian, which was "fully restored". I didn't see a thread on this already, so I figured I'd pass the word along in case anyone here uses ASO. It's probably a good idea to change any site passwords.

    I don't plan on moving away from ASO as this could really have happened to anyone, and they've fully restored my data. Still, if this happened last evening, I would have expected a notification e-mail a little sooner than now.
    Last edited by CArmstrong; 07-09-2009 at 05:28 PM.

  2. #2
    Join Date
    Aug 2003
    Location
    Pittsburgh
    Posts
    3,490
    Interesting. Looks like this wasn't their only issue recently: http://forums.asmallorange.com/index...howtopic=12878

    Maybe it is time to find a new provider.

  3. #3
    Join Date
    Nov 2008
    Location
    Florida, U.S
    Posts
    1,738
    Man, that's ruff.

    I hope they can restore all of their client's accounts.
    HOSTLEET.COM, LLC - Elite Website Hosting Since 2008!
    Fast Reliable Affordable Secure Friendly & Courteous
    RISK-FREE Money Back Guarantee U.S.A Based & Operated
    Read Through Our Most F.A.Q's!

  4. #4
    Join Date
    Apr 2006
    Posts
    1,128
    I haven't used these guys in years and they still send me this crap in their mailing list, even though I have asked on several occasions to have my account deleted.

    I cannot, for the life of me, understand why hosting companies insist on retaining customers data (billing accounts etc) for years after they leave.

    Isn't there some sort of legislation in the US that forces companies to delete unnecessary customer data (we have the Data Protection Act in the UK for this job)?

  5. #5
    Join Date
    Jan 2007
    Location
    Lisbon, Portugal
    Posts
    103
    If there are invoices associated with your account, that account cannot be deleted, since companies are forced to retain billing information for a number of years (it changes from country to country). What can be done is close the account so the client wont receive any more emails, but deleting, i would think not.
    TekSuporte - Server and Security Management
    Dedicated support staff 24x7x365 fluent in Portuguese, Spanish and English
    Free server audit

  6. #6
    Join Date
    Apr 2006
    Posts
    1,128
    Quote Originally Posted by PTWS View Post
    If there are invoices associated with your account, that account cannot be deleted, since companies are forced to retain billing information for a number of years (it changes from country to country). What can be done is close the account so the client wont receive any more emails, but deleting, i would think not.
    Forgive my ignorance when it comes to the USA, but why on earth would a company need to keep details of a small customer for years? I can understand the reason for keeping it until the end of the tax year, but for years, why?

  7. #7
    Join Date
    May 2008
    Location
    Philadelphia, PA
    Posts
    250
    ^^^^ AUDIT

    IRS can go back 7 years
    Database By Design, LLC
    Philadelphia, PA Datacenter (401 North Broad)
    Premium Dedicated Server Hosting, Complex Hosting Solutions and Public/Private Cloud.
    866.488.7770 | Contact Us | www.databasebydesignllc.com

  8. #8
    Quote Originally Posted by CArmstrong View Post
    Interesting. Looks like this wasn't their only issue recently: http://forums.asmallorange.com/index...howtopic=12878

    Maybe it is time to find a new provider.
    As much as I understand your point of customers having an accessible website at all times, issues like these can always occur. A hacker intruding one or multiple servers and deleting files isn't exactly something one likes to deal with nor have issues with. Sure, it could've been prevented by taking extra security precautions but even with a firewall and virusscanner installed you still have the risk of being hacked.

    Advising one to leave said host for this issue on short-notice seems like an overreaction. Like the topicstarter said, his website seems to be unaffected by this and he/she did not report any other problems so I presume this user is content.

    Edit: I did not realize you were the topicstarter. In this case, if you have been affected by other issues then yes it would be advised to switch. Yet you did not mention being affected by anything else so I presume everything is A OK

  9. #9
    Quote Originally Posted by Daniel_G View Post
    Forgive my ignorance when it comes to the USA, but why on earth would a company need to keep details of a small customer for years? I can understand the reason for keeping it until the end of the tax year, but for years, why?
    If they don't save records on all the "small customers" then they can get into a lot of trouble with the Internal Revenue Service (IRS) if they were to get audited by them.

  10. #10
    Wow that'ss ruff, but seems like a very professional response and act on there behalf. Hope everything works out for ASO. Menatime yes legally some information must be kept to protect threr butt as a provider
    http://www.caperhosting.net - web/shells/ircd/shoutcast hosting!
    Live Chat sales/support on website
    WHMCS billing system and client login
    CaperHosting.net We care about everyone!

  11. #11
    Join Date
    Apr 2006
    Posts
    1,128
    Quote Originally Posted by DatabaseByDesignLLC View Post
    ^^^^ AUDIT

    IRS can go back 7 years
    The upper arrow spam and capslocks are not required...

    So are you really trying to tell me that every single US company keeps a record of every single transaction they make for 7 years? Somehow, I think not...

    I am no longer an ASO customer, and have not been for some years, yet my details are still subject to being stolen by an intruder just because they don't feel like deleting past customers from their databases.

    The same applies to WHT, they simply refuse to delete user accounts, taking the high ground, etc etc, and yet their entire database gets compromised and before I know I'm received 1'000 more spam emails a day. A situation that could have been avoided if WHT had just removed their head from their ass and deleted customer accounts on request.

  12. #12
    Join Date
    May 2008
    Location
    Philadelphia, PA
    Posts
    250
    That came off wrong, it was more directed at the IRS and the hellish time any company would experience under an audit.
    Database By Design, LLC
    Philadelphia, PA Datacenter (401 North Broad)
    Premium Dedicated Server Hosting, Complex Hosting Solutions and Public/Private Cloud.
    866.488.7770 | Contact Us | www.databasebydesignllc.com

  13. #13
    Join Date
    Oct 2002
    Location
    EU - east side
    Posts
    21,920
    ^^^^ AUDIT

    IRS can go back 7 years
    That makes sense, but information could be archived, rather than left "live" and actively used for purposes unrelated to the IRS.

  14. #14
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    19,196
    Quote Originally Posted by ldcdc View Post
    That makes sense, but information could be archived, rather than left "live" and actively used for purposes unrelated to the IRS.
    Although this is a good idea - depending on what billing system they are using this may not be the easiest thing to do without hiring a developer to provide a system to archive the data.

    I know that in WHMCS you can mark a client as inactive and when you go to send a mail to all of your customers you would set it to go only to "active" customers.

    Another thing that is even better is in WHMCS you can send an email to all hosting customers and then you can even filter it by whether their hosting plan is active or not, what server they are on, etc...

    If they are using WHMCS then it's probably the best way to do it - if they're using something else I'm not sure.
    Michael Denney - MDDHosting.com - Proudly hosting more than 37,700 websites since 2007.
    Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
    cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
    Class-leading support that responds in minutes, not days.

  15. #15
    Join Date
    Sep 2004
    Location
    Fairborn, ohio
    Posts
    923
    Quote Originally Posted by Daniel_G View Post
    So are you really trying to tell me that every single US company keeps a record of every single transaction they make for 7 years? Somehow, I think not.
    Just because everyone doesn't do something, doesn't mean it's not the correct thing to do. Not EVERYONE refrains from killing people, but that doesn't mean murder is acceptable.
    Imeanwebhosting.com - Shared cpanel hosting, 99.9% uptime.
    10 min average ticket responses, softaculous, rvsitebuilder, and more!
    Reliable, affordable shared hosting. I Mean Web Hosting!

  16. #16
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    19,196
    Quote Originally Posted by IMeanWebHosting View Post
    Just because everyone doesn't do something, doesn't mean it's not the correct thing to do. Not EVERYONE refrains from killing people, but that doesn't mean murder is acceptable.
    I... think I understand the point you were trying to make

    Your response doesn't make much sense to me in the context of replying to the message you have quoted... Maybe I just need to go to bed lol.

  17. #17
    Join Date
    Nov 2007
    Location
    Dallas, TX
    Posts
    9,064
    Quote Originally Posted by CArmstrong View Post
    Via e-mail:


    I just checked my site, and it appears to be fine. I am on the server Christian, which was "fully restored". I didn't see a thread on this already, so I figured I'd pass the word along in case anyone here uses ASO. It's probably a good idea to change any site passwords.

    I don't plan on moving away from ASO as this could really have happened to anyone, and they've fully restored my data. Still, if this happened last evening, I would have expected a notification e-mail a little sooner than now.
    Oddly enough... I never received this email from ASO, and I am an ASO client (random small web site). I may send them a note and inquire.

    -mike
    Mike G. - Limestone Networks - Account Specialist
    Cloud - Dedicated - Colocation - Premium Network - Passionate Support
    DDoS Protection Available - Reseller Program @LimestoneInc - 877.586.0555

  18. #18
    Join Date
    Sep 2004
    Location
    Fairborn, ohio
    Posts
    923
    Quote Originally Posted by MikeDVB View Post
    I... think I understand the point you were trying to make

    Your response doesn't make much sense to me in the context of replying to the message you have quoted... Maybe I just need to go to bed lol.
    He was saying "well not everyone keeps financial records" and I was just saying "well just because everyone doesn't do the right thing, that doesn't change right to wrong". For example, not EVERYONE pays their taxes properly, but that doesn't mean it's ok to dodge taxes.

    It's possible I just worded that poorly though, as I'm fairly sleep deprived myself.
    Imeanwebhosting.com - Shared cpanel hosting, 99.9% uptime.
    10 min average ticket responses, softaculous, rvsitebuilder, and more!
    Reliable, affordable shared hosting. I Mean Web Hosting!

  19. #19
    Join Date
    Jan 2007
    Location
    Lisbon, Portugal
    Posts
    103
    Quote Originally Posted by Daniel_G View Post
    Forgive my ignorance when it comes to the USA, but why on earth would a company need to keep details of a small customer for years? I can understand the reason for keeping it until the end of the tax year, but for years, why?
    I am not in the USA. Here we need to keep all financial documents for 5 years. It varies from country to country, but by law, i think most countries have something like this for accounting audit by authorities.

    Cheers
    TekSuporte - Server and Security Management
    Dedicated support staff 24x7x365 fluent in Portuguese, Spanish and English
    Free server audit

  20. #20
    Join Date
    Jun 2004
    Location
    Canada
    Posts
    132
    Quote Originally Posted by [GD]Flying View Post
    As much as I understand your point of customers having an accessible website at all times, issues like these can always occur. A hacker intruding one or multiple servers and deleting files isn't exactly something one likes to deal with nor have issues with. Sure, it could've been prevented by taking extra security precautions but even with a firewall and virusscanner installed you still have the risk of being hacked.
    Script kiddies exploit code and use trojans/viruses, and typically use shared/dedicated accounts for numerous reasons. Sending spam, scanning other servers for vulnerabilities, DoS/dDoS, spamming forums. The list can go on.

    Real hackers, that actually want to get information like credit cards and possibly access to internal systems. They don't let you know they're there, they get access to systems over time and without notice by social engineering or looking for weaknesses. This is most likely the case, and all started off with an insecure password, active directory account, keylogger. Some people seem to think that a lack of security can save time. For instance, having the same root password on all of their shared servers. Instead of using an ssh key for each support person and a sshkey deployment system.

    Quote Originally Posted by [GD]Flying View Post
    Advising one to leave said host for this issue on short-notice seems like an overreaction. Like the topicstarter said, his website seems to be unaffected by this and he/she did not report any other problems so I presume this user is content.
    Emails and private data is of one concern, however it looks like data was just delete but who knows what was extracted. Even if they did investigate, there are many ways to extract data and hide your tracks. Install 'snoopy' and run syslog on another host and keep a running log on a secured server. This is something that should be done with all large server setups.


    Quote Originally Posted by Daniel_G View Post
    I am no longer an ASO customer, and have not been for some years, yet my details are still subject to being stolen by an intruder just because they don't feel like deleting past customers from their databases.

    The same applies to WHT, they simply refuse to delete user accounts, taking the high ground, etc etc, and yet their entire database gets compromised and before I know I'm received 1'000 more spam emails a day. A situation that could have been avoided if WHT had just removed their head from their ass and deleted customer accounts on request.
    I agree with you on specific points. However, you can protect yourself. Setting up aliases for each website you submit your email to is a sure way to find out where your email got leaked. I use a catchall for this and sign up wht@domain.com or forum@domain.com

    Then you just trash the email and signup wht2@domain.com or turn it into a honeypot. Which works great for spam reporting.

    I also have different passwords for forums depending on certain criteria. Simple to remember, but they're never used for banking or other details so when they're compromised they're useless.

  21. #21
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    19,196
    Quote Originally Posted by IMeanWebHosting View Post
    He was saying "well not everyone keeps financial records" and I was just saying "well just because everyone doesn't do the right thing, that doesn't change right to wrong". For example, not EVERYONE pays their taxes properly, but that doesn't mean it's ok to dodge taxes.

    It's possible I just worded that poorly though, as I'm fairly sleep deprived myself.
    Ok - I understand and that is what I thought you were getting at but I wasn't 100% sure

    Just because most companies may not do it does not mean that it's not the right thing to do Got it!
    Michael Denney - MDDHosting.com - Proudly hosting more than 37,700 websites since 2007.
    Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
    cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
    Class-leading support that responds in minutes, not days.

  22. #22
    I am sorry. Maybe I am missing a point here. Twice in one month servers get hacked and we, as customers, are not supposed to get concerned. What about private, secure, or sensitive data. Did this hacker download prior to deleting?

    I have been with ASO since the very early days of the company. I believe I am one of the longest running original clients. But, this year has been rough, for me and others. Too many server changes required to avoid constant downtime. Too many techical support 'glitches'. And, honestly, when I do talk to technical support, they seem to have a very strong 'defensive attack' approach. That pretty much tells me that I am not the only one who is complaining about the same things.

    Maybe it is my imagination, but it seems to me that when Tim was resident and actively involved in all aspects, the company ran like a well oiled machine (from a customer's viewpoint). When his constant 'hands on' activity stopped, the company started sliding.

    I think he needs to find a couple of Tim clones to replace himself and maybe we could get back to ASO being a user friendly hosting service again.

    Yes, I know, I can leave. But, I used ASO for a lot of years with GREAT service. I guess I keep waiting for Tim to wake up and bring back the quality service that took his company to the top.

  23. #23
    Quote Originally Posted by lanesharon View Post
    I am sorry. Maybe I am missing a point here. Twice in one month servers get hacked and we, as customers, are not supposed to get concerned. What about private, secure, or sensitive data. Did this hacker download prior to deleting?

    I have been with ASO since the very early days of the company. I believe I am one of the longest running original clients. But, this year has been rough, for me and others. Too many server changes required to avoid constant downtime. Too many techical support 'glitches'. And, honestly, when I do talk to technical support, they seem to have a very strong 'defensive attack' approach. That pretty much tells me that I am not the only one who is complaining about the same things.

    Maybe it is my imagination, but it seems to me that when Tim was resident and actively involved in all aspects, the company ran like a well oiled machine (from a customer's viewpoint). When his constant 'hands on' activity stopped, the company started sliding.

    I think he needs to find a couple of Tim clones to replace himself and maybe we could get back to ASO being a user friendly hosting service again.

    Yes, I know, I can leave. But, I used ASO for a lot of years with GREAT service. I guess I keep waiting for Tim to wake up and bring back the quality service that took his company to the top.
    I never hear much from Tim, or even about ASO really on these forums any more

  24. #24
    Join Date
    Jun 2004
    Location
    Northwest Colorado
    Posts
    4,636
    If my shared hosting provider were to be hacked, I would take my business elsewhere. Either a host takes security seriously or they don't. I've been with canadawebhosting.com for seven years, they've never had an issue like this. I was with newyorkinternet.com for five years, they've never had an issue like this either. This isn't a "luck of the draw" issue. If CWH were to be hacked, then I'd be gone in a heartbeat despite years of being a happy customer of theirs, because I think it's inexcusable for a host to be compromised -- let alone by script kiddies. Just my $0.02.
    Eric J. Bowman, principal
    Bison Systems Corporation coming soon: a new sig!
    I'm just a poor, unfrozen caveman Webmaster. Your new 'standards' frighten, and confuse me...

  25. #25
    The sad part is that in their forum posts they say they 'tracked' the person. But, they did not pass on that information to us, the customers. We don't know every server that was hit. We don't know what areas of each server were hit. In fact, the only info we received is in the email in the first post here.

    I changed my own login and am hoping that others will be smart enough to do the same. But, there was confidential info on my server. So, how much info can I pass on to my own users when the info that I would need to do that is not being passed on to me?? Were my user's forum accounts compromised? I will keep vigilant eyes on my logs....

Page 1 of 5 1234 ... LastLast

Similar Threads

  1. ASmallOrange (ASO)
    By albopf in forum Web Hosting
    Replies: 14
    Last Post: 01-31-2009, 11:47 PM
  2. asmallorange
    By kaihao96 in forum Web Hosting
    Replies: 12
    Last Post: 11-23-2007, 06:51 PM
  3. asmallorange.com
    By RossH in forum Providers and Network Outages and Updates
    Replies: 4
    Last Post: 09-14-2006, 10:20 PM
  4. What about asmallorange?
    By softak in forum Web Hosting
    Replies: 14
    Last Post: 03-31-2005, 03:06 PM
  5. CCBill Hacked/Compromised
    By JeremyL in forum Running a Web Hosting Business
    Replies: 5
    Last Post: 12-31-2001, 03:29 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •