Page 1 of 3 123 LastLast
Results 1 to 15 of 40
  1. #1

    HostGator rooted!?

    So, according to this article, Eric Gisse, a former employee of HostGator.com had rooted 2,700 of their servers.

    arstechnica.com/security/2013/04/former-employee-arrested-charged-with-rooting-2700-hostgator-servers/

    Thoughts?

  2. Thread Summary There is an ongoing investigation in which ArsTechnica reports an arrest has been made. The actual incident took place in February of 2012.

    Contributors: SajanP

  3. #2
    Join Date
    Jun 2009
    Location
    Warwick, RI, USA
    Posts
    273

    *

    what about the their customers?
    BD Web Services | Since 2009
    Affordable Linux & Windows Web Hosting | Alpha Master Reseller Hosting | Web Design | VOIP Server | SEO | USA and Germany
    Web and SEO Tools cPanel/WHM Proxy, DNS, SEO, GEO, QR Code, Website information AT-A-GLANCE

  4. #3
    Quote Originally Posted by bdwebservices View Post
    what about the their customers?
    This was over a year ago. The FBI just now picked him up at Rackspace in San Antonio where he was working as a DC Tech (he had worked for 2 other DC's in between HG & Rackspace)

    As the article says he abused his access bestowed upon to do his job, akin to leaving a window open at your buddies house and then sneaking back in later. There was no indication he had any time to do anything malicious before he was caught.

    Additionally, he had no access to any critical system, i.e: billing, tickets, etc.

    I can't say much more than that since this is an ongoing legal issue now.
    Patrick P.
    HostGator.com LLC
    patrick(@)hostgator(.)com

  5. #4
    Join Date
    Dec 2007
    Posts
    344
    Quote Originally Posted by gatorpatrick View Post
    This was over a year ago. The FBI just now picked him up at Rackspace in San Antonio where he was working as a DC Tech (he had worked for 2 other DC's in between HG & Rackspace)

    As the article says he abused his access bestowed upon to do his job, akin to leaving a window open at your buddies house and then sneaking back in later. There was no indication he had any time to do anything malicious before he was caught.

    Additionally, he had no access to any critical system, i.e: billing, tickets, etc.

    I can't say much more than that since this is an ongoing legal issue now.
    Makes you wonder how many more server are rooted at those other data centers.
    Onra Host | OnraHost.com
    Shared Hosting | Reseller Hosting | Dedicated Hosting | Pure SSD VPS
    45 Day Money
    Back Guarantee | 99.9% Uptime Guarantee | True 24/7/365 Support
    WHMCS | Domain + SSL Reseller

  6. #5
    Join Date
    Dec 2010
    Location
    127.0.0.1
    Posts
    5,229
    He better be sent down for years, that's his Internet career over now, no webhosting provider or any business / company which uses computers will trust him at all. He could of used it as a botnet and caused chaos for Hostgator and wrecked their reputation in our industry

    Glad his caught and action is being taken on him.
    Licensecart Certified Distribution for Blesta, Interworx, Softaculous, SolusVM, LiteSpeed, KernelCare & SSLs
    Billingbrawl.com Blesta vs WHMCS ~ Round 4 Battle of multi-currency || license.bid License Marketplace
    Rodney "If there is such a thing as reincarnation, knowing my luck I'll come back as me."

  7. #6
    Quote Originally Posted by gatorpatrick View Post
    This was over a year ago. The FBI just now picked him up at Rackspace in San Antonio where he was working as a DC Tech (he had worked for 2 other DC's in between HG & Rackspace)

    As the article says he abused his access bestowed upon to do his job, akin to leaving a window open at your buddies house and then sneaking back in later. There was no indication he had any time to do anything malicious before he was caught.

    Additionally, he had no access to any critical system, i.e: billing, tickets, etc.

    I can't say much more than that since this is an ongoing legal issue now.
    If this was over a year ago, how come no public notification was made during that time?

  8. #7
    See posts below
    Last edited by gatorpatrick; 04-19-2013 at 02:01 PM.
    Patrick P.
    HostGator.com LLC
    patrick(@)hostgator(.)com

  9. #8
    Join Date
    Dec 2007
    Posts
    344
    Quote Originally Posted by sewdough View Post
    If this was over a year ago, how come no public notification was made during that time?
    SImple two words....Ongoing investigation!

    First, you really can't talk or say anything during a investigation for a few reasons.

    What if he had another accomplice? He could of went in to all the servers since he already had access and taken everything off or down. Then theres no evidence!

    Second, if he did have someone else helping him or involved, that person could of stopped or left...if you wait and see who he is talking to, you could possibly be breaking up a entire ring/group of "rooters".

    Third, obstruction of justice. The law hates when things are public that aren't finished yet. Announcing or telling people about it could end you up in jail. If you ever noticed most news story's have "from anonymous source" or something similar and never someones actual name.
    Last edited by Onra Host; 04-19-2013 at 02:07 PM.
    Onra Host | OnraHost.com
    Shared Hosting | Reseller Hosting | Dedicated Hosting | Pure SSD VPS
    45 Day Money
    Back Guarantee | 99.9% Uptime Guarantee | True 24/7/365 Support
    WHMCS | Domain + SSL Reseller

  10. #9
    Join Date
    Dec 2010
    Location
    127.0.0.1
    Posts
    5,229
    Quote Originally Posted by sewdough View Post
    If this was over a year ago, how come no public notification was made during that time?
    Probably because they didn't want to alert anyone for no reason, if they believe nothing of their clients was compromised, if they made it public people would flee as a precaution.

    But every employee has a background check I believe.
    Licensecart Certified Distribution for Blesta, Interworx, Softaculous, SolusVM, LiteSpeed, KernelCare & SSLs
    Billingbrawl.com Blesta vs WHMCS ~ Round 4 Battle of multi-currency || license.bid License Marketplace
    Rodney "If there is such a thing as reincarnation, knowing my luck I'll come back as me."

  11. #10
    Join Date
    Jul 2005
    Location
    Belgium
    Posts
    506
    What's the punishment for something like that could be in the US?
    kept alive by vertaalbureau

  12. #11
    Join Date
    Aug 2004
    Location
    Austin, TX
    Posts
    3,361
    Quote Originally Posted by sash View Post
    What's the punishment for something like that could be in the US?
    Hopefully something like this.
    Incero's Enterprise Servers - Dallas, NYC, & Seattle Colocation
    e: sales(at)incero(dot)com 855.217.COLO (2656)
    Enterprise Servers, SATA/SAS/SSD, secure IPMI/KVM remote control, 100% U.S.A. Based Staff
    SSAE 16, SAS70, Redundant Power & Network, Fully Diverse Fiber

  13. #12
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    8,844
    Quote Originally Posted by sash View Post
    What's the punishment for something like that could be in the US?
    It is customary in Canada to punish criminals by forcing them to attend every Justin Bieber concert until he retires. The criminal is subjected to awful music and loud obnoxious girls who excessively scream.

    http://www.youtube.com/watch?v=C7Va4M44u28

    I'm not sure what the US does, I would assume something similar.
    Patrick William | RACK911 Labs | Software Security Auditing
    400+ Vulnerabilities Found - Free Quote @ https://www.RACK911Labs.com

    www.HostingSecList.com - Security notices for the hosting community.

  14. #13
    Join Date
    Mar 2011
    Posts
    630
    In this industry, it pleases me to see someone held accountable for their actions. Best of luck to the HostGator team, hats off to my fellow Texans!
    MXroute - E-mail Hosting for Your Domain.

  15. #14
    Join Date
    Apr 2008
    Location
    United States, MI
    Posts
    766
    Being a previous employee of HostGator and having my NDA well expired I'll share a few details to help people sleep at night.


    Pat, feel free to contact me if you want on my personal email. It should still be in your inbox.


    1. The way this most likely happened is the company jump box. It has root access to all servers using a custom ssh binary that Pat actually made. It records all SSH sessions to a file. So you essentially have replay on every single SSH session. So reversing anything this guy did was fairly trivial most likely.
    Changing out this key is later explained in their deployment system.

    2. The billing systems are not included in this jump box. Employees cannot jump into these machines as the jump boxes keys will NOT function on those servers. Period.

    3. There is an internal security team at HG, like any company some of them are morons. There are a few smart folks there though, who I would trust completely to secure anything. Who most likely detected whatever this kid did and informed their supervisor which probably went to Josh Banks and Dave Collins/Pat Pellanne.

    This employee was probably sweated out in one of the offices before fired by some rather intelligent folks to assess the damage done.

    Realistically, there is no damage still on any server as their architect James has been working on implementing a lot of configuration sync scripts and binary sync scripts (they can ensure each binary and library on the system matches a "Gold" image in about 25 minutes or so).

    And honestly, 2700 servers isn't really a lot. That's less than 1/4th of HG's total fleet. So, widespread problems are completely impossible.

    So stahp your worrying.
    Last edited by Crothers; 04-19-2013 at 04:33 PM.
    Steven Crothers
    No BS cloud engineer and Red Hat architect.

  16. #15
    Join Date
    Jul 2005
    Location
    Belgium
    Posts
    506
    Quote Originally Posted by Patrick View Post
    It is customary in Canada to punish criminals by forcing them to attend every Justin Bieber concert until he retires.
    Is Canada really that merciless?
    kept alive by vertaalbureau

Page 1 of 3 123 LastLast

Similar Threads

  1. ROOTED
    By Lost Eagle in forum Hosting Security and Technology
    Replies: 13
    Last Post: 03-22-2011, 05:48 PM
  2. server rooted twice !
    By Ramex in forum Hosting Security and Technology
    Replies: 45
    Last Post: 11-11-2010, 02:25 PM
  3. am i rooted ?
    By bosen in forum Hosting Security and Technology
    Replies: 5
    Last Post: 03-12-2006, 11:14 PM
  4. I got rooted
    By JetfireNetworks in forum Hosting Security and Technology
    Replies: 30
    Last Post: 02-17-2004, 12:07 AM
  5. rooted....?
    By zgoku in forum Hosting Security and Technology
    Replies: 2
    Last Post: 05-14-2003, 10:22 PM

Related Posts from theWHIR.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •