Results 1 to 40 of 40
  1. #1

    HostGator rooted!?

    So, according to this article, Eric Gisse, a former employee of HostGator.com had rooted 2,700 of their servers.

    arstechnica.com/security/2013/04/former-employee-arrested-charged-with-rooting-2700-hostgator-servers/

    Thoughts?

  2. Thread Summary There is an ongoing investigation in which ArsTechnica reports an arrest has been made. The actual incident took place in February of 2012.

    Contributors: SajanP

  3. #2
    Join Date
    Jun 2009
    Location
    /
    Posts
    304

    *

    what about the their customers?
    BD Web Services | Since 2009
    Linux & Windows Hosting | Master Reseller Hosting | Remote Backup | Money Back Guarantee | DDOS Protected | USA & Germany
    Web and SEO Tools cPanel/WHM Proxy, DNS, SEO, GEO, QR Code, Website information AT-A-GLANCE

  4. #3
    Quote Originally Posted by bdwebservices View Post
    what about the their customers?
    This was over a year ago. The FBI just now picked him up at Rackspace in San Antonio where he was working as a DC Tech (he had worked for 2 other DC's in between HG & Rackspace)

    As the article says he abused his access bestowed upon to do his job, akin to leaving a window open at your buddies house and then sneaking back in later. There was no indication he had any time to do anything malicious before he was caught.

    Additionally, he had no access to any critical system, i.e: billing, tickets, etc.

    I can't say much more than that since this is an ongoing legal issue now.
    Patrick P.
    HostGator.com LLC
    patrick(@)hostgator(.)com

  5. #4
    Quote Originally Posted by gatorpatrick View Post
    This was over a year ago. The FBI just now picked him up at Rackspace in San Antonio where he was working as a DC Tech (he had worked for 2 other DC's in between HG & Rackspace)

    As the article says he abused his access bestowed upon to do his job, akin to leaving a window open at your buddies house and then sneaking back in later. There was no indication he had any time to do anything malicious before he was caught.

    Additionally, he had no access to any critical system, i.e: billing, tickets, etc.

    I can't say much more than that since this is an ongoing legal issue now.
    Makes you wonder how many more server are rooted at those other data centers.

  6. #5
    Join Date
    Dec 2010
    Location
    127.0.0.1
    Posts
    5,387
    He better be sent down for years, that's his Internet career over now, no webhosting provider or any business / company which uses computers will trust him at all. He could of used it as a botnet and caused chaos for Hostgator and wrecked their reputation in our industry

    Glad his caught and action is being taken on him.
    Licensecart - We only sell High Quality licenses
    Visit us @ Licensecart.com ~ sales(➾)licensecart.com ~ webhostbundle.com
    WHT isn't what it used to be… power changes people :]

  7. #6
    Quote Originally Posted by gatorpatrick View Post
    This was over a year ago. The FBI just now picked him up at Rackspace in San Antonio where he was working as a DC Tech (he had worked for 2 other DC's in between HG & Rackspace)

    As the article says he abused his access bestowed upon to do his job, akin to leaving a window open at your buddies house and then sneaking back in later. There was no indication he had any time to do anything malicious before he was caught.

    Additionally, he had no access to any critical system, i.e: billing, tickets, etc.

    I can't say much more than that since this is an ongoing legal issue now.
    If this was over a year ago, how come no public notification was made during that time?

  8. #7
    See posts below
    Last edited by gatorpatrick; 04-19-2013 at 02:01 PM.
    Patrick P.
    HostGator.com LLC
    patrick(@)hostgator(.)com

  9. #8
    Quote Originally Posted by sewdough View Post
    If this was over a year ago, how come no public notification was made during that time?
    SImple two words....Ongoing investigation!

    First, you really can't talk or say anything during a investigation for a few reasons.

    What if he had another accomplice? He could of went in to all the servers since he already had access and taken everything off or down. Then theres no evidence!

    Second, if he did have someone else helping him or involved, that person could of stopped or left...if you wait and see who he is talking to, you could possibly be breaking up a entire ring/group of "rooters".

    Third, obstruction of justice. The law hates when things are public that aren't finished yet. Announcing or telling people about it could end you up in jail. If you ever noticed most news story's have "from anonymous source" or something similar and never someones actual name.
    Last edited by Onra Host; 04-19-2013 at 02:07 PM.

  10. #9
    Join Date
    Dec 2010
    Location
    127.0.0.1
    Posts
    5,387
    Quote Originally Posted by sewdough View Post
    If this was over a year ago, how come no public notification was made during that time?
    Probably because they didn't want to alert anyone for no reason, if they believe nothing of their clients was compromised, if they made it public people would flee as a precaution.

    But every employee has a background check I believe.
    Licensecart - We only sell High Quality licenses
    Visit us @ Licensecart.com ~ sales(➾)licensecart.com ~ webhostbundle.com
    WHT isn't what it used to be… power changes people :]

  11. #10
    Join Date
    Jul 2005
    Location
    Belgium
    Posts
    506
    What's the punishment for something like that could be in the US?
    kept alive by vertaalbureau

  12. #11
    Join Date
    Aug 2004
    Location
    Dallas, TX
    Posts
    3,496
    Quote Originally Posted by sash View Post
    What's the punishment for something like that could be in the US?
    Hopefully something like this.
    Dallas Colocation by Incero
    e: sales(at)incero(dot)com • 855.217.COLO (2656)
    Colocation & Enterprise Servers, SATA/SAS/SSD, secure IPMI/KVM remote control, 100% U.S.A. Based Staff
    SSAE 16, SAS70, Redundant Power & Network, Fully Diverse Fiber

  13. #12
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    8,908
    Quote Originally Posted by sash View Post
    What's the punishment for something like that could be in the US?
    It is customary in Canada to punish criminals by forcing them to attend every Justin Bieber concert until he retires. The criminal is subjected to awful music and loud obnoxious girls who excessively scream.

    http://www.youtube.com/watch?v=C7Va4M44u28

    I'm not sure what the US does, I would assume something similar.
    Patrick William | RACK911 Labs | Software Security Auditing
    400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com

    www.HostingSecList.com - Security notices for the hosting community.

  14. #13
    Join Date
    Mar 2011
    Posts
    635
    In this industry, it pleases me to see someone held accountable for their actions. Best of luck to the HostGator team, hats off to my fellow Texans!
    MXroute - E-mail Hosting for Your Domain.

  15. #14
    Join Date
    Apr 2008
    Location
    United States, MI
    Posts
    766
    Being a previous employee of HostGator and having my NDA well expired I'll share a few details to help people sleep at night.


    Pat, feel free to contact me if you want on my personal email. It should still be in your inbox.


    1. The way this most likely happened is the company jump box. It has root access to all servers using a custom ssh binary that Pat actually made. It records all SSH sessions to a file. So you essentially have replay on every single SSH session. So reversing anything this guy did was fairly trivial most likely.
    Changing out this key is later explained in their deployment system.

    2. The billing systems are not included in this jump box. Employees cannot jump into these machines as the jump boxes keys will NOT function on those servers. Period.

    3. There is an internal security team at HG, like any company some of them are morons. There are a few smart folks there though, who I would trust completely to secure anything. Who most likely detected whatever this kid did and informed their supervisor which probably went to Josh Banks and Dave Collins/Pat Pellanne.

    This employee was probably sweated out in one of the offices before fired by some rather intelligent folks to assess the damage done.

    Realistically, there is no damage still on any server as their architect James has been working on implementing a lot of configuration sync scripts and binary sync scripts (they can ensure each binary and library on the system matches a "Gold" image in about 25 minutes or so).

    And honestly, 2700 servers isn't really a lot. That's less than 1/4th of HG's total fleet. So, widespread problems are completely impossible.

    So stahp your worrying.
    Last edited by Crothers; 04-19-2013 at 04:33 PM.
    Steven Crothers
    No BS cloud engineer and Red Hat architect.

  16. #15
    Join Date
    Jul 2005
    Location
    Belgium
    Posts
    506
    Quote Originally Posted by Patrick View Post
    It is customary in Canada to punish criminals by forcing them to attend every Justin Bieber concert until he retires.
    Is Canada really that merciless?
    kept alive by vertaalbureau

  17. #16
    Join Date
    Oct 2003
    Location
    Chattanooga
    Posts
    8,976
    Quote Originally Posted by sash View Post
    Is Canada really that merciless?
    One of the many reasons I had to leave. The worst part is Bieber apologizes after every song but just keeps going.
    David
    Fused.com — web hosting for businesses that don't want to think about web hosting.
    Follow me on twitter @davidandgoliath

  18. #17
    Join Date
    Feb 2004
    Location
    Atlanta, GA
    Posts
    5,618
    Not really funny, but this isn't the first time HostGator has had to take legal action against former employees. If I recall correctly the situation was that he went into the support desk and merged every single ticket into one.

    http://www.fbi.gov/houston/press-rel...9/ho012609.htm

    That guy applied to work for us numerous times but we already knew about his activities at hostgator and wouldn't respond to his applications.

    It's somewhat ironic that he went to work for ASmallOrange when he broke back into HostGator. Brent of HG later went on to buy ASmallOrange.

  19. #18
    Join Date
    Apr 2013
    Location
    At My Desk
    Posts
    530
    Just goes to show you cant trust anyone.
    Last edited by victormeldrew; 04-19-2013 at 04:52 PM.

  20. #19
    You can't trust anyone these days for sure. That's why the law is on your side and that's why they have laws.

  21. #20
    Join Date
    Mar 2010
    Posts
    4,487
    Quote Originally Posted by M Bacon View Post
    You can't trust anyone these days for sure. That's why the law is on your side and that's why they have laws.
    Things like this is why I have trouble hiring developers. Not being an expert with php myself, who knows what they can toss into a large enough script without people knowing.

    For the hostgator issue, I honestly wouldn't be concerned. I know hostgator is capable of pushing certain updates or files across all servers rather quickly so if there were to ever be damage done, I would assume it would be minimal. I'd also trust them enough to take care of it properly if something actually had happened.

  22. #21
    Join Date
    Nov 2009
    Location
    San Antonio, Texas
    Posts
    71
    No mention here in San Antonio of the bust, perhaps for the reasons Michael and ******** mention, but just as likely because Rackspace is a darling of the sorry excuse of a newspaper we have here (a Hearst franchise), and the journalists, as fellow corporate employees in print and broadcast, know not to damage a business star of the community. Such civic concerns about on-going investigations have not stopped reporters from breaking wind, er, news, if it promises to be good entertainment in other cases. Cynical? Me?

  23. #22
    Join Date
    Jun 2004
    Posts
    2,852
    Quote Originally Posted by RyanD View Post
    If I recall correctly the situation was that he went into the support desk and merged every single ticket into one.

    http://www.fbi.gov/houston/press-rel...9/ho012609.htm

    Do you have any other links from that ticket merging incident?

  24. #23
    Join Date
    Dec 2010
    Location
    127.0.0.1
    Posts
    5,387
    Quote Originally Posted by RyanD View Post
    Not really funny, but this isn't the first time HostGator has had to take legal action against former employees. If I recall correctly the situation was that he went into the support desk and merged every single ticket into one.

    http://www.fbi.gov/houston/press-rel...9/ho012609.htm

    That guy applied to work for us numerous times but we already knew about his activities at hostgator and wouldn't respond to his applications.

    It's somewhat ironic that he went to work for ASmallOrange when he broke back into HostGator. Brent of HG later went on to buy ASmallOrange.
    I'm glad he got sentenced for 8 months but it should of been more, he did it on purpose to cause damage which is a criminal offence, 4 years would of been plenty.

    I hope this person gets sentenced as-well, and why is it only Hostgator are getting these kind of staff?
    Licensecart - We only sell High Quality licenses
    Visit us @ Licensecart.com ~ sales(➾)licensecart.com ~ webhostbundle.com
    WHT isn't what it used to be… power changes people :]

  25. #24
    Join Date
    Apr 2008
    Location
    United States, MI
    Posts
    766
    Quote Originally Posted by MichaelDance View Post
    ...and why is it only Hostgator are getting these kind of staff?
    Typical training class is 30-40 people. No amount of prescreening can find an ******* who wants to stay hidden.
    Steven Crothers
    No BS cloud engineer and Red Hat architect.

  26. #25
    Join Date
    Nov 2011
    Location
    Calgary, Alberta, Canada
    Posts
    693
    Quote Originally Posted by Patrick View Post
    It is customary in Canada to punish criminals by forcing them to attend every Justin Bieber concert until he retires. The criminal is subjected to awful music and loud obnoxious girls who excessively scream.

    http://www.youtube.com/watch?v=C7Va4M44u28

    I'm not sure what the US does, I would assume something similar.
    Or even worse, being forced to listen to Nickelback sing "Far Away" for 3 hours...
    Little Apps
    Open Source Software

  27. #26
    I am just amazed someone anywhere would believe they could get away with this for any amount of time to make it worthwhile.

    Sure, if you were planning to do this for one major sell out in the USA and then move to Nigeria for the rest of your life it may be profitable.

    However, to do something like this, in an environment where there are multiple experienced server administrators is puzzling. How could someone not think that one of them would notice? I could see someone possibly thinking it was a good idea if you were the sole IT guy and everyone else was 60 years old, but not a place where you would find multiple competent techs.

  28. #27
    Quote Originally Posted by MichaelDance View Post
    and why is it only Hostgator are getting these kind of staff?
    I mean, granted they hire people that know how to spell "linux" and can operate a keyboard for their Chat Support Techs, that's one reason.

    Don't get me wrong. It's a great start in the Web Hosting Industry to work there. They -do- teach you quite a bit as you progress, which is one of the things I liked about working there before.

    Though they should really start getting selective about the people they hire and perhaps try to reduce the turnover rate for Chat Techs nowadays.

    Just my $0.02

  29. #28
    Join Date
    Mar 2012
    Location
    8.8.8.8
    Posts
    169
    Quote Originally Posted by RyanD View Post
    Not really funny, but this isn't the first time HostGator has had to take legal action against former employees. If I recall correctly the situation was that he went into the support desk and merged every single ticket into one.

    http://www.fbi.gov/houston/press-rel...9/ho012609.htm

    That guy applied to work for us numerous times but we already knew about his activities at hostgator and wouldn't respond to his applications.

    It's somewhat ironic that he went to work for ASmallOrange when he broke back into HostGator. Brent of HG later went on to buy ASmallOrange.
    I am cracking up laughing hearing about merging every single support ticket into one, especially on a system as big as HG's.

  30. #29
    Join Date
    Apr 2008
    Location
    United States, MI
    Posts
    766
    Quote Originally Posted by Jcollins94 View Post
    I am cracking up laughing hearing about merging every single support ticket into one, especially on a system as big as HG's.
    You'll eventually learn that laughing at someone's misfortune, that could easily happen to you, will be a bad idea.
    Steven Crothers
    No BS cloud engineer and Red Hat architect.

  31. #30
    Join Date
    Jul 2012
    Posts
    696
    Quote Originally Posted by David View Post
    One of the many reasons I had to leave. The worst part is Bieber apologizes after every song but just keeps going.
    ... Reminds me about the two prisoners on death row.

    The warden comes to them and says, "Before your executions, I want to know if you have any last requests."

    The first prisoner says, "Warden, I have been a Justin Bieber fan all my life. Before I die, I just gotta hear "Baby" one more time."

    The warden turns to the second prisoner and asks, "Do you have any last requests?"

    The second prisoner glances at the first prisoner, and says, "Kill me first."

  32. #31
    Join Date
    Apr 2013
    Posts
    59
    what does it mean by "rooting 2700 servers"?

  33. #32
    Join Date
    Apr 2009
    Location
    OnTheWeb
    Posts
    2,020
    Quote Originally Posted by RyanD View Post
    Not really funny, but this isn't the first time HostGator has had to take legal action against former employees. If I recall correctly the situation was that he went into the support desk and merged every single ticket into one.

    http://www.fbi.gov/houston/press-rel...9/ho012609.htm

    That guy applied to work for us numerous times but we already knew about his activities at hostgator and wouldn't respond to his applications.

    It's somewhat ironic that he went to work for ASmallOrange when he broke back into HostGator. Brent of HG later went on to buy ASmallOrange.
    How may times was ASmallOrange was bought and where do you get those news from? Well I am guessing Host Gator bought ASO then they too were bought out by EIG and thus EIG accuquired ASO as well?
    If you're the smartest person in the room then you're in the wrong room

  34. #33
    Join Date
    Apr 2008
    Location
    United States, MI
    Posts
    766
    Quote Originally Posted by cpoalmighty View Post
    How may times was ASmallOrange was bought and where do you get those news from? Well I am guessing Host Gator bought ASO then they too were bought out by EIG and thus EIG accuquired ASO as well?
    No, that's wrong. Brent Oxley bought ASO a few years back.

    EIG had nothing to do with that.
    Steven Crothers
    No BS cloud engineer and Red Hat architect.

  35. #34
    Join Date
    Jun 2005
    Posts
    3,448
    Obstruction of justice is one thing. Not informing customers of compromised servers with knowledge that it happen is another thing.

    If I was a customer I would wish to be alerted if my server is rooted or if it was potentially rooted.

    If you don´t, you are opening yourself to potential lawsuits. And the justice cannot block this either. Its a company decision, if the company decides their customers and information is of more value than getting the criminal, they will inform customers of the breach. This happens all the time and even companies like Twitter inform of breaches.

    Just like cPanel recently did as well the day. That is how a serious company handles this issues. They do not try to hide like a kid that broke something.

    Personally I don't believe for one bit Hostgator decided it was best to not say anything so the justice could do its job. They wanted to avoid bad press, simple.

    The question someone posted here is completely valid. Why was this never informed? Your customers had to be informed via ArsTechnica? Im sure the investigation was pretty much over when that article came out and they had approval to publish it since he was already caught.

    So Hostgator should had probably informed the customers first, before the press.

    A responsible company would inform their customers the minute they know about this so they can take measures. In this cases time is everything.

    So its now 2 HG employees that were charged with felonies, at least 2 that went public. It seems management is not doing a good job at screening their staff. One time ok it can happen, twice?

    Personally I think Hostgator in this thread is lying. Why?

    Go to their blog, nothing, go to their media press release page, nothing. It seems their customers need to go external news site to find out about this.

    For me this clearly shows they have and had no intentions on making this public to their customers. If someone would not read this post, they would not even find out about the issue. This is not an honest and decent way to act. They pretend like nothing happen.

  36. #35
    Join Date
    Jun 2005
    Posts
    3,448
    Quote Originally Posted by gatorpatrick View Post
    This was over a year ago. The FBI just now picked him up at Rackspace in San Antonio where he was working as a DC Tech (he had worked for 2 other DC's in between HG & Rackspace)

    As the article says he abused his access bestowed upon to do his job, akin to leaving a window open at your buddies house and then sneaking back in later. There was no indication he had any time to do anything malicious before he was caught.

    Additionally, he had no access to any critical system, i.e: billing, tickets, etc.

    I can't say much more than that since this is an ongoing legal issue now.
    That is strange because its all over the Internet. HostGator cannot make comments on it, not even to their customers, but everyone can Google it:
    http://www.lmgtfy.com/?q=hostgator+rooted

    If I was a Hostgator customer I would feel very angry now with no official word on it. Actually I would leave if I found out this is informed one year later... But that is just me because I don't like people playing with my data.

    A security breach should be informed to customers immediately, because its THEIR data that is or was at risk. It never was Hostgators data. So the decision to make silence cannot be made by Hostgator. This is why every company emails customers when they find out potential security problems that could compromise their data.
    Last edited by nibb; 05-01-2013 at 07:13 AM.

  37. #36
    Join Date
    Dec 2012
    Location
    Austin, TX
    Posts
    100
    Quote Originally Posted by nibb View Post
    Obstruction of justice is one thing. Not informing customers of compromised servers with knowledge that it happen is another thing.

    If I was a customer I would wish to be alerted if my server is rooted or if it was potentially rooted.

    If you don´t, you are opening yourself to potential lawsuits. And the justice cannot block this either. Its a company decision, if the company decides their customers and information is of more value than getting the criminal, they will inform customers of the breach. This happens all the time and even companies like Twitter inform of breaches.

    Just like cPanel recently did as well the day. That is how a serious company handles this issues. They do not try to hide like a kid that broke something.

    Personally I don't believe for one bit Hostgator decided it was best to not say anything so the justice could do its job. They wanted to avoid bad press, simple.

    The question someone posted here is completely valid. Why was this never informed? Your customers had to be informed via ArsTechnica? Im sure the investigation was pretty much over when that article came out and they had approval to publish it since he was already caught.

    So Hostgator should had probably informed the customers first, before the press.

    A responsible company would inform their customers the minute they know about this so they can take measures. In this cases time is everything.

    So its now 2 HG employees that were charged with felonies, at least 2 that went public. It seems management is not doing a good job at screening their staff. One time ok it can happen, twice?

    Personally I think Hostgator in this thread is lying. Why?

    Go to their blog, nothing, go to their media press release page, nothing. It seems their customers need to go external news site to find out about this.

    For me this clearly shows they have and had no intentions on making this public to their customers. If someone would not read this post, they would not even find out about the issue. This is not an honest and decent way to act. They pretend like nothing happen.
    In all honesty, it seems silly to stir people's emotions for nothing. There wasn't just cause to make a report or a scene. They analyzed access logs and determined that there was no intrusion. Hostgator is very thorough and they act with due diligence in these events, which is why Gisse was arrested.

    Really, I trust a person who's job it is to do daily security audits and checks is equipped with the skills to do their job, it's usually how people continue to be paid. That being said, Hostgator has a lot of talented security professionals who would have been able to detect (and did quickly) any possible intrusion or attempt.

    On another note, Gisse didn't excel as an administrator, certainly has never been hired for security , and in my personal opinion, wasn't overly qualified for his job. His level of competence would have limited him from what he had access to.

    This being said as a former Hostgator Employee with limited interaction with Gisse roughly around the time of the incident.

    I hope this helps to ease your mind. And sewdough, you dog for striking this up

  38. #37
    Join Date
    Jun 2005
    Posts
    3,448
    Quote Originally Posted by RyanSA View Post
    In all honesty, it seems silly to stir people's emotions for nothing. There wasn't just cause to make a report or a scene. They analyzed access logs and determined that there was no intrusion. Hostgator is very thorough and they act with due diligence in these events, which is why Gisse was arrested.

    Really, I trust a person who's job it is to do daily security audits and checks is equipped with the skills to do their job, it's usually how people continue to be paid. That being said, Hostgator has a lot of talented security professionals who would have been able to detect (and did quickly) any possible intrusion or attempt.

    On another note, Gisse didn't excel as an administrator, certainly has never been hired for security , and in my personal opinion, wasn't overly qualified for his job. His level of competence would have limited him from what he had access to.

    This being said as a former Hostgator Employee with limited interaction with Gisse roughly around the time of the incident.

    I hope this helps to ease your mind. And sewdough, you dog for striking this up
    I still don't agree with you. cPanel emailed everyone recently just because they suspected logins to customers servers could be compromised. It sure was not an issue for everyone, but they just did in case.

    You don't play with peoples data, because they will just find sooner or later anymore. Also it makes no sense what you said about not stir people's emotion but at the same its fine for Hostgator that every media press released this information. Its not like its a secret, media had to interview or get this details from someone and im sure they did so from Hostgator.

    My point is valid. Their own customers found out first on external media websites as from their own mouth. This gives someones a bad feeling about how they manage this critical situations. Would they actually inform everyone if their servers are compromised or would they just act as nothing happen?

    If you work at company X, and something happens, the first responsible of releasing the information and informing their own customers, if company X, not some techie blog on the Internet. And even if this was true, lets say media leak, you make an official statement as soon as possible.

    Thousands of servers sound like allot to me. Hostgator is not to blame, this can happen to anyway. What I criticize is the way their management decides to tackle this issues. This is from the same company that registered fake users here on WHT to auto promote themselves and did some other nasty marketing tricks some which even a 10 year old kid would have figured out. I have found so many dishonest information coming from Hostgator in the last years that in my eyes they have an awful image as a company, their services is great, but their company and their management not.

    What just happen is something which cannot be prevented. But the way they handle this type of issues and how everyone takes it so light is shocking. I guess most people that use hostgator use if for hobby or non critical stuff, otherwise they would care more about their data leaked out.

    And as far as the articles goes, data was send out of Hostgator to external companies. How much? Was data used for evil purposes, we are never going to know, because Hostgator of course would hide it or deny it.

  39. #38
    Quote Originally Posted by nibb View Post
    I still don't agree with you. cPanel emailed everyone recently just because they suspected logins to customers servers could be compromised. It sure was not an issue for everyone, but they just did in case.

    You don't play with peoples data, because they will just find sooner or later anymore. Also it makes no sense what you said about not stir people's emotion but at the same its fine for Hostgator that every media press released this information. Its not like its a secret, media had to interview or get this details from someone and im sure they did so from Hostgator.

    My point is valid. Their own customers found out first on external media websites as from their own mouth. This gives someones a bad feeling about how they manage this critical situations. Would they actually inform everyone if their servers are compromised or would they just act as nothing happen?

    If you work at company X, and something happens, the first responsible of releasing the information and informing their own customers, if company X, not some techie blog on the Internet. And even if this was true, lets say media leak, you make an official statement as soon as possible.

    Thousands of servers sound like allot to me. Hostgator is not to blame, this can happen to anyway. What I criticize is the way their management decides to tackle this issues. This is from the same company that registered fake users here on WHT to auto promote themselves and did some other nasty marketing tricks some which even a 10 year old kid would have figured out. I have found so many dishonest information coming from Hostgator in the last years that in my eyes they have an awful image as a company, their services is great, but their company and their management not.

    What just happen is something which cannot be prevented. But the way they handle this type of issues and how everyone takes it so light is shocking. I guess most people that use hostgator use if for hobby or non critical stuff, otherwise they would care more about their data leaked out.

    And as far as the articles goes, data was send out of Hostgator to external companies. How much? Was data used for evil purposes, we are never going to know, because Hostgator of course would hide it or deny it.
    According to the extensive logs (inaccessible to the attacker) we have on this situation no customer data was leaked, modified or accessed - at all. Subsequent investigation backed this assertion up very strongly.

    The stuff found on a single external server were proprietary scripts we use for troubleshooting (as the affidavit / article says).

    If there had been even the slightest implication of a customer data leak, password compromise, etc Brent would have immediately notified every client as is our policy.

    I'm just reiterating what I said earlier in the thread, and like I said before I can't say much more than that so I won't be posting here any further.
    Patrick P.
    HostGator.com LLC
    patrick(@)hostgator(.)com

  40. #39
    Join Date
    Dec 2012
    Location
    Austin, TX
    Posts
    100
    Quote Originally Posted by nibb View Post
    I still don't agree with you. cPanel emailed everyone recently just because they suspected logins to customers servers could be compromised. It sure was not an issue for everyone, but they just did in case.

    You don't play with peoples data, because they will just find sooner or later anymore. Also it makes no sense what you said about not stir people's emotion but at the same its fine for Hostgator that every media press released this information. Its not like its a secret, media had to interview or get this details from someone and im sure they did so from Hostgator.

    My point is valid. Their own customers found out first on external media websites as from their own mouth. This gives someones a bad feeling about how they manage this critical situations. Would they actually inform everyone if their servers are compromised or would they just act as nothing happen?

    If you work at company X, and something happens, the first responsible of releasing the information and informing their own customers, if company X, not some techie blog on the Internet. And even if this was true, lets say media leak, you make an official statement as soon as possible.

    Thousands of servers sound like allot to me. Hostgator is not to blame, this can happen to anyway. What I criticize is the way their management decides to tackle this issues. This is from the same company that registered fake users here on WHT to auto promote themselves and did some other nasty marketing tricks some which even a 10 year old kid would have figured out. I have found so many dishonest information coming from Hostgator in the last years that in my eyes they have an awful image as a company, their services is great, but their company and their management not.

    What just happen is something which cannot be prevented. But the way they handle this type of issues and how everyone takes it so light is shocking. I guess most people that use hostgator use if for hobby or non critical stuff, otherwise they would care more about their data leaked out.

    And as far as the articles goes, data was send out of Hostgator to external companies. How much? Was data used for evil purposes, we are never going to know, because Hostgator of course would hide it or deny it.
    I understand that you have an opinion of Hostgator, just not sure how you founded it. It sounds like you are reading and in turn spreading unfounded FUD (Fear, Uncertainty and Doubt). Misinformation is the bane of our generation, and that's why I post this here. I love my company more than Hostgator, but it doesn't make Hostgator bad. They are where they are because of the work they do.

    --------------------------------------------------


    I worked at Hostgator for 2 years, and in that time observed the security precautions that Hostgator had in place. Having disgruntled employees that are destructive is a serious threat in the hosting industry. Hostgator has been well aware of this for a long time. There are many systems in play there such as a screen capture program that takes screenshots frequently.

    Say what you will about the management, they are directly responsible for why the support is so good there. In these issues, they do their due diligence to see that anything that can be fixed does, regardless of if its user error, or host issue.

    There is a lot of uneasiness going around since they were bought out by EIG, however it is completely unfounded as well. Hostgator has continued forth with the new CEO Adam Farrar, who is a hard worker, not at all new to Hostgator, but promoted from within, which Hostgator has a long standing history of doing.

    As someone with actual internal experience with this company, I can say Hostgator is diligent and adamant when it comes to security. I've seen it first hand, whereas others here posting as if they know first hand, do not. Emotions are one thing to base opinion on, fact is a much more solid foundation for logic.

    I do commend cPanel for coming out about a possible security breach, however their user base is a completely different demographic. If you are a cPanel customer directly, you are buying WHM, and not cPanel alone, which means that you have at minimal, a base level of technical competence or access to someone who does.

    As hostgator's market includes a more broad variety of technically experienced people, it wouldn't seem smart to create buzz about something 1/3 or more of their users aren't going to understand. This would likely result in fear, uncertainty, and doubt for people uneducated on the subject resulting in unwarranted loss of business. Even if they posted their report, I understood from it that the data had been analyzed in full, those I can see others that aren't familiar do not understand it in the same light.

    All in all, I just don't see a reason to let this warped view of hostgator to spread. If I had evidence they were all maniacal jerks, I'd say so. I left hostgator so it's not like I'm worried about losing my job. They were good to me, and in turn I did my best to excel for their customer base, and enjoyed (almost) every minute of it.
    Last edited by RyanSA; 05-03-2013 at 12:20 PM. Reason: fancy formatting

  41. #40
    Quote Originally Posted by RyanSA View Post
    And sewdough, you dog for striking this up
    In all honesty, I like turtles.

Similar Threads

  1. ROOTED
    By Lost Eagle in forum Hosting Security and Technology
    Replies: 13
    Last Post: 03-22-2011, 05:48 PM
  2. server rooted twice !
    By Ramex in forum Hosting Security and Technology
    Replies: 45
    Last Post: 11-11-2010, 02:25 PM
  3. am i rooted ?
    By bosen in forum Hosting Security and Technology
    Replies: 5
    Last Post: 03-12-2006, 11:14 PM
  4. I got rooted
    By Technolojesus in forum Hosting Security and Technology
    Replies: 30
    Last Post: 02-17-2004, 12:07 AM
  5. rooted....?
    By zgoku in forum Hosting Security and Technology
    Replies: 2
    Last Post: 05-14-2003, 10:22 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •