Results 1 to 25 of 43
Thread: Server Hacked - by niroda
-
03-05-2012, 02:07 PM #1Newbie
- Join Date
- Mar 2012
- Posts
- 16
Server Hacked - by niroda
My VPS with EUK Host got hacked yesterday. All sites on it have had all content deleted and replaced with a hacked message. EUK can't restore any of the sites as their backups were also compromised. Luckily I have a recent backup of the most important site that I DL'd on Saturday. The rest of the sites have no backups, sadly.
I am interested to know if I have been misled with the circumstances of the hack. The support people tell me that it's my fault and my problem as my root password is weak (it was not weak at all) plus I was running wordpress sites and that's where the breach took place. I was under the impression that sites COULD get hacked but that hack could not gain access to the server itself. This was my understanding anyway. Also, I note that their VPS Node : EL58 is under attack and that "Mar 05, 2012 Urgent Maintenance : backup4 server". Coincidence that all my sites have no backups? Any advice on what I can or should do? Suspect you will all say it's my own fault for not taking backups for the other sites etc!
I will be looking for a new host. I have been messed about all day. Promised info, calls and ticket updates. Just had one of the chat operators getting quite terse with me too. EUK were OK but the end of last year and this year have been terrible.
Can anyone recommend a good UK host? I do need it to be UK though.
-
03-05-2012, 02:12 PM #2Web Hosting Master
- Join Date
- Mar 2009
- Location
- Miami, Florida
- Posts
- 20,777
-
03-05-2012, 02:16 PM #3Disabled
- Join Date
- Jan 2012
- Posts
- 98
If their backups got compromised too, doesn't that mean their server was hacked? If that is the case, it wasn't your fault at all. Seems they need to do server audits a bit more often and setup their servers better.
-
03-05-2012, 02:18 PM #4Newbie
- Join Date
- Mar 2012
- Posts
- 16
Yes, it has control panel. I would say that the password was very strong.
It's alwasy possible that somehow my security has been compromised locally. I would be surprised though. Why go for the server (just one server ((so far!!)) at that) and not the paypal account or something worse? My local machine has good security but I doubt it would stop something new or really good, if any security would.
-
03-05-2012, 02:19 PM #5Web Hosting Master
- Join Date
- Mar 2009
- Location
- Miami, Florida
- Posts
- 20,777
-
03-05-2012, 02:22 PM #6Newbie
- Join Date
- Mar 2012
- Posts
- 16
-
03-05-2012, 02:34 PM #7ShillBuster
- Join Date
- Jun 2003
- Location
- Spain
- Posts
- 4,251
-
03-05-2012, 02:52 PM #8Web Hosting Master
- Join Date
- Jun 2011
- Location
- Internet
- Posts
- 2,985
-
03-05-2012, 02:54 PM #9Disabled
- Join Date
- Jan 2012
- Posts
- 98
-
03-05-2012, 03:10 PM #10Newbie
- Join Date
- Mar 2012
- Posts
- 16
-
03-05-2012, 03:13 PM #11Junior Guru Wannabe
- Join Date
- Dec 2011
- Posts
- 91
BigInstance.com
[+] VPS - KVM HVM - 4GB & up
[+] Dedicated CPU core(s)
sales [@] biginstance.com
-
03-05-2012, 03:20 PM #12Temporarily Suspended
- Join Date
- Feb 2012
- Posts
- 156
-
03-05-2012, 03:28 PM #13Newbie
- Join Date
- Mar 2012
- Posts
- 16
This is the incomprehensible support ticket reply:
"As per your telephonic conversation with Suzanne, we have tried to restored data from our backup system but unfortunately, there are the same files available as they are on your VPS.
We can do one thing, if sites on your VPS other than the sites available in backup with you are not important for you then we can create a new VPS for you with the same configuration, apply all the security tweaks and then restore important sites backup on it. This way, you will get secured VPS with all important data."
Seems to me that the last VPS was not secure, by their own admission.
Thanks for the recommendation on host - but it needs to be a UK host I'm afraid.
-
03-05-2012, 06:59 PM #14Aspiring Evangelist
- Join Date
- Apr 2010
- Location
- North Carolina
- Posts
- 442
-
03-05-2012, 07:02 PM #15Newbie
- Join Date
- Mar 2012
- Posts
- 11
-
03-05-2012, 07:12 PM #16Web Host Reviewer
- Join Date
- Feb 2006
- Location
- Kepler 62f
- Posts
- 16,703
I'm seeing more and more hosts blame customers, and not take responsibility for the craptastic non-security of their own servers. It's ghastly how many "hosts" are not running suexec, complex server security, etc. Just plop up a box with a default deploy, fill it up, rake in the dough. When it crashes, for whatever reason, blame the customers.
This is why I'm so selective about which hosts I'll use (or recommend to others).|| Need a good host?
|| See my Suggested Hosts List || Editorial: EIG/Site5/Arvixe/Hostgator Alternatives
||
-
03-05-2012, 09:01 PM #17Web Hosting Master
- Join Date
- Jul 2008
- Location
- Seminole, Oklahoma
- Posts
- 1,665
Sorry to hear your VPS got hacked. But if your root pass was the issue be sure to check your logs. I suggest you quit using your root password and setup SSH to use a key + pass phrase authentication. Gives you a bit more security.
-
03-05-2012, 09:10 PM #18Web Hosting Master
- Join Date
- Jul 2002
- Location
- London, United Kingdom
- Posts
- 4,455
Rob Golding Astutium Ltd - UK based ICANN Accredited Domain Registrar - proud to accept BitCoins
Buying Web Hosts and Domain Registrars Today @ hostacquisitions.co.uk
UK Web Hosting | UK VPS | UK Dedicated Servers | ADSL/FTTC | Backup/DR | Cloud
UK Colocation | Reseller Accounts | IPv6 Transit | Secondary MX | DNS | WHMCS Modules
-
03-06-2012, 04:50 AM #19Newbie
- Join Date
- Mar 2012
- Posts
- 16
I'm gald you were able to glean some actual sense out of that mesage, as I struggled.
Actually, in the telephone conversation they alluded to the security not being as good as it should have been. "We will tighten up the security on your VPS" is what they said they would do. How does it sound like I let something in via a WP site?
-
03-06-2012, 04:55 AM #20Newbie
- Join Date
- Mar 2012
- Posts
- 16
Update on this:
All my sites, emails and everything magically came back at 10pm last night. Even though they didn't have any usable backups! I have asked in the ticket how they managed this. Glad they are all back, but now I trust this host even less. They really seem to have no clue at all. I don't see how they could make a mistake like that and then suddenly find that they did, in fact, have all the backups after all.
I have paid for the year for this VPS (mistake I now realise, that will never happen again) so I will try and swap it with my other more relaible VPS and put much less important sites on this one and get rid of the whole thing when the paid term finishes.
I'll let you know what they say in the ticket later.
-
03-06-2012, 04:58 AM #21Newbie
- Join Date
- Mar 2012
- Posts
- 16
-
03-06-2012, 06:33 AM #22Junior Guru Wannabe
- Join Date
- Apr 2010
- Posts
- 65
I'd suggest posting a message in their forums outlining the problems and asking them how they're going to prevent it happening again.
As an ex-customer, I learnt that you can kick up a fuss on their forums and it will remain there - they don't delete/censor genuine complaints. You'll also get the attention of the guys higher up. EUK's first level techs are standard level, crappy, read from script, low level employees - but they have some solid techs higher up.
But, as a company that prides itself in being FULLY managed (they'll install 3rd party scripts going the extra mile over many managed providers), how they can blame you for poor security is beyond me, unless your root pw really was pants.
-
03-06-2012, 06:49 AM #23Newbie
- Join Date
- Mar 2012
- Posts
- 16
-
03-06-2012, 10:35 AM #24Web Hosting Master
- Join Date
- Jul 2002
- Location
- London, United Kingdom
- Posts
- 4,455
Rob Golding Astutium Ltd - UK based ICANN Accredited Domain Registrar - proud to accept BitCoins
Buying Web Hosts and Domain Registrars Today @ hostacquisitions.co.uk
UK Web Hosting | UK VPS | UK Dedicated Servers | ADSL/FTTC | Backup/DR | Cloud
UK Colocation | Reseller Accounts | IPv6 Transit | Secondary MX | DNS | WHMCS Modules
-
03-06-2012, 10:38 AM #25Newbie
- Join Date
- Mar 2012
- Posts
- 16
No, that's what EUK Host said. A sort of belt and braces type blaming. They said root password was weak AND I was using wordpress sites. I don't actually know how I was exploited yet. Doubt I will unless they are honest and tell me. Which I don't think they will as I think they were at fault.
Similar Threads
-
Can my blog be hacked on shared hosting if my neighbour is hacked?
By zobe in forum Hosting Security and TechnologyReplies: 17Last Post: 03-10-2011, 04:09 AM -
Server hacked : how can I find out how they are uploading files to my server?
By listenmirndt in forum Hosting Security and TechnologyReplies: 4Last Post: 04-14-2007, 12:44 PM -
Server is hacked!~ which company provide secure and fast VPS server?
By kittyyau in forum VPS HostingReplies: 6Last Post: 08-24-2006, 04:11 PM -
Plesk server hacked, hiring to move clients to new server
By DaveNET in forum Employment / Job OffersReplies: 3Last Post: 07-30-2005, 09:56 PM -
Is my server hacked? Huge data is uploaded from server !!
By wmac in forum Web HostingReplies: 5Last Post: 08-05-2001, 10:50 PM