Results 26 to 36 of 36
-
10-01-2011, 05:06 PM #26Web Hosting Master
- Join Date
- Mar 2007
- Location
- Phoenix, AZ, United State
- Posts
- 1,525
This wasn't a script kiddie. Thinking so is what makes this whole topic ridiculous. This wasn't an entire datacenter run by incompetent employees who just happened to never bother to update their their servers to the latest public security threats. How on earth you think someone compromised an entire datacenter with thousands of servers, without knowing any programming is beyond me. What script did this kiddie run? These were either exploits private to the hacker, or zero day exploits. There is no reason to think this wouldn't have worked on any of the small hosts boasting better security in this thread.
drew@slicie.com - Vertical Scaling Servers
30 Minute Backups - Pay for what you use
-
10-02-2011, 07:09 PM #27Newbie
- Join Date
- Aug 2011
- Posts
- 10
my friends website was hacked few days ago allso
-
10-03-2011, 01:31 PM #28Newbie
- Join Date
- Apr 2011
- Location
- Virginia Beach
- Posts
- 13
No, not 700,000 sites
Hi WireNine,
This is Brad with InMotion Hosting.
Question: Is it indeed a world record?
I don't have specifics on this one, but the hacker was off by quite a bit on his 700,000 mark. From what I hear from our Systems Team, he counted many domains. For example, he counted domain and www domain as 2 different sites. It does seem like his 700,000 target is actually quite lower.
Thanks,
- Brad
-
10-03-2011, 01:33 PM #29Web Hosting Master
- Join Date
- Mar 2007
- Location
- Phoenix, AZ, United State
- Posts
- 1,525
drew@slicie.com - Vertical Scaling Servers
30 Minute Backups - Pay for what you use
-
10-03-2011, 01:39 PM #30Newbie
- Join Date
- Apr 2011
- Location
- Virginia Beach
- Posts
- 13
Hi kpmedia,
This is Brad with InMotion Hosting.
I've been with InMotion Hosting for over 4 years now. I've seen our company grow from roughly 30 employees to now over 150+. It is great that some people think of us as "big unlimited hosts", (yes I understand the 'unlimited' reference, looks a little off when I quote it). While it is not an excuse, many large companies (not just web hosts) have been hit very hard by hackers, which goes to show how tough it can be to be 100% secure (if that even exists).
We take security very seriously. I'd like to state that we have very technical System Administrators, but unfortunately sometimes these things happen. We have learned quite a bit from this experience, and as a hosting company, we are taking a lot from this.
-
10-03-2011, 02:13 PM #31Newbie
- Join Date
- Apr 2011
- Location
- Virginia Beach
- Posts
- 13
Hi HostSentry,
The main exploit path was through an internal management server that can control Cpanel on other servers. Cpanel keys (not ssh keys) used to do this are stored on the internal management server. The hacker then used those Cpanel keys to change passwords on the Cpanel servers then login with those passwords. It does not appear that gaining passwords was a goal or was accomplished, just password changes were used. Access to the management server was gained from an exploited customer's server that was within our network.
-
10-03-2011, 02:20 PM #32Web Hosting Master
- Join Date
- Mar 2007
- Location
- Phoenix, AZ, United State
- Posts
- 1,525
Correct me if I'm wrong, I'm just trying to understand.
- Hacker gets access to a "management server"
- Hacker goes from that server, to a server which has a database of remote access keys
- Hacker uses these keys, which gives him the ability to change the root password on the servers
- Changes root passwords, executes code that defaces customer sites
Or are you saying he used the remote key to change individual customer site passwords, then defaced those individual sites using those individual accounts?
Can you elaborate on that? Whether or not the customer's server was exploited, why wasit allowed access to the management server? Are you saying any customer who had a server within your network could have gained access to your management server?Last edited by Drew@Slicie; 10-03-2011 at 02:26 PM.
drew@slicie.com - Vertical Scaling Servers
30 Minute Backups - Pay for what you use
-
10-03-2011, 02:44 PM #33Newbie
- Join Date
- Apr 2011
- Location
- Virginia Beach
- Posts
- 13
Hi HostSentry,
I don't have more specifics other than what I posted. I know you're looking for clarification on exactly what happened, but I don't have that right now. The hacker gained access to the management server, and from there was able to obtain the cPanel keys.
In regard to your last question, the compromised dedicated server had access to the management server due to the fact that it wasn't blocked at the firewall level. The management server was not "open" as in you could simply walk in and take what you wanted, it was open as in the internal networked IPs were not denied by the firewall.
Thanks,
- Brad
-
10-03-2011, 02:47 PM #34Web Hosting Master
- Join Date
- Mar 2007
- Location
- Phoenix, AZ, United State
- Posts
- 1,525
I understand. I'm sure only a few people actually know what happened at this point.
That still sounds kind of open
... anyway, thanks for shedding some light on the situation for me. Interesting stuff.
Edit:
http://www.ngenuity-is.com/Last edited by Drew@Slicie; 10-03-2011 at 02:51 PM.
drew@slicie.com - Vertical Scaling Servers
30 Minute Backups - Pay for what you use
-
10-03-2011, 02:57 PM #35Web Hosting Master
- Join Date
- Oct 2003
- Posts
- 9,264
From what I'm aware, a sysadmin's external VPS was exploited (A 3rd party vps) which had access to an internal network within inmotion -- one that didn't have any outside access beyond that.
From there, they gained access to the internal network which held all of the keys to the kingdom, so to speak. Note 100% of this is hearsay though.
-
10-03-2011, 03:01 PM #36Web Hosting Master
- Join Date
- Mar 2007
- Location
- Phoenix, AZ, United State
- Posts
- 1,525
drew@slicie.com - Vertical Scaling Servers
30 Minute Backups - Pay for what you use
Similar Threads
-
Dedicated Inmotion Server Hacked: 9-25-11
By Larry_D in forum Dedicated ServerReplies: 6Last Post: 09-28-2011, 12:13 PM -
Advertising/Link Exchange Available: 225,000 uniques/2,700,000 page views
By CLKeenan in forum Other Offers & RequestsReplies: 1Last Post: 04-06-2005, 06:32 PM -
Advertising/Link Exchange Available: 225,000 uniques/2,700,000 page views
By CLKeenan in forum Other Offers & RequestsReplies: 2Last Post: 03-28-2005, 01:42 PM -
Link Exchange/Advertising Available: 225,000 uniques/2,700,000 page views
By CLKeenan in forum Other Offers & RequestsReplies: 0Last Post: 02-20-2005, 01:39 AM -
Link Exchange/Advertising Available: 225,000 uniques/2,700,000 page views
By CLKeenan in forum Other Offers & RequestsReplies: 4Last Post: 02-07-2005, 11:14 PM