Page 1 of 2 12 LastLast
Results 1 to 25 of 40
  1. #1

    HostGator rooted!?

    So, according to this article, Eric Gisse, a former employee of HostGator.com had rooted 2,700 of their servers.

    arstechnica.com/security/2013/04/former-employee-arrested-charged-with-rooting-2700-hostgator-servers/

    Thoughts?

  2. Thread Summary There is an ongoing investigation in which ArsTechnica reports an arrest has been made. The actual incident took place in February of 2012.

    Contributors: SajanP

  3. #2
    Join Date
    Jun 2009
    Location
    Massachusetts, USA
    Posts
    273

    *

    what about the their customers?
    BD Web Services | Since 2009
    Affordable Linux & Windows Web Hosting | Alpha Master Reseller Hosting | Web Design | VOIP Server | SEO | USA and Germany
    Web and SEO Tools cPanel/WHM Proxy, DNS, SEO, GEO, QR Code, Website information AT-A-GLANCE

  4. #3
    Quote Originally Posted by bdwebservices View Post
    what about the their customers?
    This was over a year ago. The FBI just now picked him up at Rackspace in San Antonio where he was working as a DC Tech (he had worked for 2 other DC's in between HG & Rackspace)

    As the article says he abused his access bestowed upon to do his job, akin to leaving a window open at your buddies house and then sneaking back in later. There was no indication he had any time to do anything malicious before he was caught.

    Additionally, he had no access to any critical system, i.e: billing, tickets, etc.

    I can't say much more than that since this is an ongoing legal issue now.
    Patrick P.
    HostGator.com LLC
    patrick(@)hostgator(.)com

  5. #4
    Join Date
    Dec 2007
    Posts
    352
    Quote Originally Posted by gatorpatrick View Post
    This was over a year ago. The FBI just now picked him up at Rackspace in San Antonio where he was working as a DC Tech (he had worked for 2 other DC's in between HG & Rackspace)

    As the article says he abused his access bestowed upon to do his job, akin to leaving a window open at your buddies house and then sneaking back in later. There was no indication he had any time to do anything malicious before he was caught.

    Additionally, he had no access to any critical system, i.e: billing, tickets, etc.

    I can't say much more than that since this is an ongoing legal issue now.
    Makes you wonder how many more server are rooted at those other data centers.
    Onra Host | OnraHost.com
    Shared Hosting | Reseller Hosting | Dedicated Hosting | Pure SSD VPS
    45 Day Money
    Back Guarantee | 99.9% Uptime Guarantee | True 24/7/365 Support
    WHMCS | Domain + SSL Reseller

  6. #5
    Join Date
    Dec 2010
    Location
    127.0.0.1
    Posts
    5,299
    He better be sent down for years, that's his Internet career over now, no webhosting provider or any business / company which uses computers will trust him at all. He could of used it as a botnet and caused chaos for Hostgator and wrecked their reputation in our industry

    Glad his caught and action is being taken on him.
    Licensecart - We only sell High Quality licenses
    Products: Blesta ~ LiteSpeed ~ SolusVM ~ KernelCare ~ InterWorx ~ Webhost Bundle
    Billingbrawl.com:- Blesta vs WHMCS: Round 4 Battle of multi-currency
    Visit us @ Licensecart.com ~ sales(➾)licensecart.com ~ webhostbundle.com

  7. #6
    Quote Originally Posted by gatorpatrick View Post
    This was over a year ago. The FBI just now picked him up at Rackspace in San Antonio where he was working as a DC Tech (he had worked for 2 other DC's in between HG & Rackspace)

    As the article says he abused his access bestowed upon to do his job, akin to leaving a window open at your buddies house and then sneaking back in later. There was no indication he had any time to do anything malicious before he was caught.

    Additionally, he had no access to any critical system, i.e: billing, tickets, etc.

    I can't say much more than that since this is an ongoing legal issue now.
    If this was over a year ago, how come no public notification was made during that time?

  8. #7
    See posts below
    Last edited by gatorpatrick; 04-19-2013 at 02:01 PM.
    Patrick P.
    HostGator.com LLC
    patrick(@)hostgator(.)com

  9. #8
    Join Date
    Dec 2007
    Posts
    352
    Quote Originally Posted by sewdough View Post
    If this was over a year ago, how come no public notification was made during that time?
    SImple two words....Ongoing investigation!

    First, you really can't talk or say anything during a investigation for a few reasons.

    What if he had another accomplice? He could of went in to all the servers since he already had access and taken everything off or down. Then theres no evidence!

    Second, if he did have someone else helping him or involved, that person could of stopped or left...if you wait and see who he is talking to, you could possibly be breaking up a entire ring/group of "rooters".

    Third, obstruction of justice. The law hates when things are public that aren't finished yet. Announcing or telling people about it could end you up in jail. If you ever noticed most news story's have "from anonymous source" or something similar and never someones actual name.
    Last edited by Onra Host; 04-19-2013 at 02:07 PM.
    Onra Host | OnraHost.com
    Shared Hosting | Reseller Hosting | Dedicated Hosting | Pure SSD VPS
    45 Day Money
    Back Guarantee | 99.9% Uptime Guarantee | True 24/7/365 Support
    WHMCS | Domain + SSL Reseller

  10. #9
    Join Date
    Dec 2010
    Location
    127.0.0.1
    Posts
    5,299
    Quote Originally Posted by sewdough View Post
    If this was over a year ago, how come no public notification was made during that time?
    Probably because they didn't want to alert anyone for no reason, if they believe nothing of their clients was compromised, if they made it public people would flee as a precaution.

    But every employee has a background check I believe.
    Licensecart - We only sell High Quality licenses
    Products: Blesta ~ LiteSpeed ~ SolusVM ~ KernelCare ~ InterWorx ~ Webhost Bundle
    Billingbrawl.com:- Blesta vs WHMCS: Round 4 Battle of multi-currency
    Visit us @ Licensecart.com ~ sales(➾)licensecart.com ~ webhostbundle.com

  11. #10
    Join Date
    Jul 2005
    Location
    Belgium
    Posts
    506
    What's the punishment for something like that could be in the US?
    kept alive by vertaalbureau

  12. #11
    Join Date
    Aug 2004
    Location
    Dallas, TX
    Posts
    3,400
    Quote Originally Posted by sash View Post
    What's the punishment for something like that could be in the US?
    Hopefully something like this.
    Incero's Enterprise Servers - Dallas, NYC, & Seattle Colocation SSAE 16
    e: sales(at)incero(dot)com 855.217.COLO (2656)
    Enterprise Servers, SATA/SAS/SSD, secure IPMI/KVM remote control, 100% U.S.A. Based Staff
    SSAE 16, SAS70, Redundant Power & Network, Fully Diverse Fiber

  13. #12
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    8,867
    Quote Originally Posted by sash View Post
    What's the punishment for something like that could be in the US?
    It is customary in Canada to punish criminals by forcing them to attend every Justin Bieber concert until he retires. The criminal is subjected to awful music and loud obnoxious girls who excessively scream.

    http://www.youtube.com/watch?v=C7Va4M44u28

    I'm not sure what the US does, I would assume something similar.
    Patrick William | RACK911 Labs | Software Security Auditing
    400+ Vulnerabilities Found - Free Quote @ https://www.RACK911Labs.com

    www.HostingSecList.com - Security notices for the hosting community.

  14. #13
    Join Date
    Mar 2011
    Posts
    630
    In this industry, it pleases me to see someone held accountable for their actions. Best of luck to the HostGator team, hats off to my fellow Texans!
    MXroute - E-mail Hosting for Your Domain.

  15. #14
    Join Date
    Apr 2008
    Location
    United States, MI
    Posts
    766
    Being a previous employee of HostGator and having my NDA well expired I'll share a few details to help people sleep at night.


    Pat, feel free to contact me if you want on my personal email. It should still be in your inbox.


    1. The way this most likely happened is the company jump box. It has root access to all servers using a custom ssh binary that Pat actually made. It records all SSH sessions to a file. So you essentially have replay on every single SSH session. So reversing anything this guy did was fairly trivial most likely.
    Changing out this key is later explained in their deployment system.

    2. The billing systems are not included in this jump box. Employees cannot jump into these machines as the jump boxes keys will NOT function on those servers. Period.

    3. There is an internal security team at HG, like any company some of them are morons. There are a few smart folks there though, who I would trust completely to secure anything. Who most likely detected whatever this kid did and informed their supervisor which probably went to Josh Banks and Dave Collins/Pat Pellanne.

    This employee was probably sweated out in one of the offices before fired by some rather intelligent folks to assess the damage done.

    Realistically, there is no damage still on any server as their architect James has been working on implementing a lot of configuration sync scripts and binary sync scripts (they can ensure each binary and library on the system matches a "Gold" image in about 25 minutes or so).

    And honestly, 2700 servers isn't really a lot. That's less than 1/4th of HG's total fleet. So, widespread problems are completely impossible.

    So stahp your worrying.
    Last edited by Crothers; 04-19-2013 at 04:33 PM.
    Steven Crothers
    No BS cloud engineer and Red Hat architect.

  16. #15
    Join Date
    Jul 2005
    Location
    Belgium
    Posts
    506
    Quote Originally Posted by Patrick View Post
    It is customary in Canada to punish criminals by forcing them to attend every Justin Bieber concert until he retires.
    Is Canada really that merciless?
    kept alive by vertaalbureau

  17. #16
    Join Date
    Oct 2003
    Location
    Chattanooga
    Posts
    8,928
    Quote Originally Posted by sash View Post
    Is Canada really that merciless?
    One of the many reasons I had to leave. The worst part is Bieber apologizes after every song but just keeps going.
    David
    Fused

  18. #17
    Join Date
    Feb 2004
    Location
    Atlanta, GA
    Posts
    5,602
    Not really funny, but this isn't the first time HostGator has had to take legal action against former employees. If I recall correctly the situation was that he went into the support desk and merged every single ticket into one.

    http://www.fbi.gov/houston/press-rel...9/ho012609.htm

    That guy applied to work for us numerous times but we already knew about his activities at hostgator and wouldn't respond to his applications.

    It's somewhat ironic that he went to work for ASmallOrange when he broke back into HostGator. Brent of HG later went on to buy ASmallOrange.

  19. #18
    Join Date
    Apr 2013
    Location
    At My Desk
    Posts
    498
    Just goes to show you cant trust anyone.
    Last edited by victormeldrew; 04-19-2013 at 04:52 PM.

  20. #19
    You can't trust anyone these days for sure. That's why the law is on your side and that's why they have laws.

  21. #20
    Join Date
    Mar 2010
    Posts
    4,487
    Quote Originally Posted by M Bacon View Post
    You can't trust anyone these days for sure. That's why the law is on your side and that's why they have laws.
    Things like this is why I have trouble hiring developers. Not being an expert with php myself, who knows what they can toss into a large enough script without people knowing.

    For the hostgator issue, I honestly wouldn't be concerned. I know hostgator is capable of pushing certain updates or files across all servers rather quickly so if there were to ever be damage done, I would assume it would be minimal. I'd also trust them enough to take care of it properly if something actually had happened.

  22. #21
    Join Date
    Nov 2009
    Location
    San Antonio, Texas
    Posts
    70
    No mention here in San Antonio of the bust, perhaps for the reasons Michael and OnraHost mention, but just as likely because Rackspace is a darling of the sorry excuse of a newspaper we have here (a Hearst franchise), and the journalists, as fellow corporate employees in print and broadcast, know not to damage a business star of the community. Such civic concerns about on-going investigations have not stopped reporters from breaking wind, er, news, if it promises to be good entertainment in other cases. Cynical? Me?

  23. #22
    Join Date
    Jun 2004
    Posts
    2,852
    Quote Originally Posted by RyanD View Post
    If I recall correctly the situation was that he went into the support desk and merged every single ticket into one.

    http://www.fbi.gov/houston/press-rel...9/ho012609.htm

    Do you have any other links from that ticket merging incident?

  24. #23
    Join Date
    Dec 2010
    Location
    127.0.0.1
    Posts
    5,299
    Quote Originally Posted by RyanD View Post
    Not really funny, but this isn't the first time HostGator has had to take legal action against former employees. If I recall correctly the situation was that he went into the support desk and merged every single ticket into one.

    http://www.fbi.gov/houston/press-rel...9/ho012609.htm

    That guy applied to work for us numerous times but we already knew about his activities at hostgator and wouldn't respond to his applications.

    It's somewhat ironic that he went to work for ASmallOrange when he broke back into HostGator. Brent of HG later went on to buy ASmallOrange.
    I'm glad he got sentenced for 8 months but it should of been more, he did it on purpose to cause damage which is a criminal offence, 4 years would of been plenty.

    I hope this person gets sentenced as-well, and why is it only Hostgator are getting these kind of staff?
    Licensecart - We only sell High Quality licenses
    Products: Blesta ~ LiteSpeed ~ SolusVM ~ KernelCare ~ InterWorx ~ Webhost Bundle
    Billingbrawl.com:- Blesta vs WHMCS: Round 4 Battle of multi-currency
    Visit us @ Licensecart.com ~ sales(➾)licensecart.com ~ webhostbundle.com

  25. #24
    Join Date
    Apr 2008
    Location
    United States, MI
    Posts
    766
    Quote Originally Posted by MichaelDance View Post
    ...and why is it only Hostgator are getting these kind of staff?
    Typical training class is 30-40 people. No amount of prescreening can find an ******* who wants to stay hidden.
    Steven Crothers
    No BS cloud engineer and Red Hat architect.

  26. #25
    Join Date
    Nov 2011
    Location
    Calgary, Alberta, Canada
    Posts
    682
    Quote Originally Posted by Patrick View Post
    It is customary in Canada to punish criminals by forcing them to attend every Justin Bieber concert until he retires. The criminal is subjected to awful music and loud obnoxious girls who excessively scream.

    http://www.youtube.com/watch?v=C7Va4M44u28

    I'm not sure what the US does, I would assume something similar.
    Or even worse, being forced to listen to Nickelback sing "Far Away" for 3 hours...
    Little Apps
    Open Source Software

Page 1 of 2 12 LastLast

Similar Threads

  1. ROOTED
    By Lost Eagle in forum Hosting Security and Technology
    Replies: 13
    Last Post: 03-22-2011, 05:48 PM
  2. server rooted twice !
    By Ramex in forum Hosting Security and Technology
    Replies: 45
    Last Post: 11-11-2010, 02:25 PM
  3. am i rooted ?
    By bosen in forum Hosting Security and Technology
    Replies: 5
    Last Post: 03-12-2006, 11:14 PM
  4. I got rooted
    By JetfireNetworks in forum Hosting Security and Technology
    Replies: 30
    Last Post: 02-17-2004, 12:07 AM
  5. rooted....?
    By zgoku in forum Hosting Security and Technology
    Replies: 2
    Last Post: 05-14-2003, 10:22 PM

Related Posts from theWHIR.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •