Results 1 to 25 of 40
Thread: HostGator rooted!?
-
04-19-2013, 01:25 PM #1Newbie
- Join Date
- Oct 2011
- Posts
- 14
HostGator rooted!?
So, according to this article, Eric Gisse, a former employee of HostGator.com had rooted 2,700 of their servers.
arstechnica.com/security/2013/04/former-employee-arrested-charged-with-rooting-2700-hostgator-servers/
Thoughts?
-
04-19-2013, 01:43 PM #2Aspiring Evangelist
- Join Date
- Jun 2009
- Location
- /
- Posts
- 370
what about the their customers?
BD Web Services Since 2009
cPanel and Plesk | CloudLinux | Node.JS | SSD Server | Daily Remote Backup | North America and Europe | Money Back Guarantee
USA | Canada | Germany
-
04-19-2013, 01:47 PM #3WHT Addict
- Join Date
- Jul 2010
- Posts
- 123
This was over a year ago. The FBI just now picked him up at Rackspace in San Antonio where he was working as a DC Tech (he had worked for 2 other DC's in between HG & Rackspace)
As the article says he abused his access bestowed upon to do his job, akin to leaving a window open at your buddies house and then sneaking back in later. There was no indication he had any time to do anything malicious before he was caught.
Additionally, he had no access to any critical system, i.e: billing, tickets, etc.
I can't say much more than that since this is an ongoing legal issue now.
-
04-19-2013, 01:49 PM #4Disabled
- Join Date
- Dec 2007
- Posts
- 381
-
04-19-2013, 01:49 PM #5Disabled
- Join Date
- Dec 2010
- Location
- 127.0.0.1
- Posts
- 5,732
He better be sent down for years, that's his Internet career over now, no webhosting provider or any business / company which uses computers will trust him at all. He could of used it as a botnet and caused chaos for Hostgator and wrecked their reputation in our industry
Glad his caught and action is being taken on him.
-
04-19-2013, 01:53 PM #6Newbie
- Join Date
- Oct 2011
- Posts
- 14
-
04-19-2013, 01:57 PM #7WHT Addict
- Join Date
- Jul 2010
- Posts
- 123
See posts below
Last edited by gatorpatrick; 04-19-2013 at 02:01 PM.
-
04-19-2013, 01:59 PM #8Disabled
- Join Date
- Dec 2007
- Posts
- 381
SImple two words....Ongoing investigation!
First, you really can't talk or say anything during a investigation for a few reasons.
What if he had another accomplice? He could of went in to all the servers since he already had access and taken everything off or down. Then theres no evidence!
Second, if he did have someone else helping him or involved, that person could of stopped or left...if you wait and see who he is talking to, you could possibly be breaking up a entire ring/group of "rooters".
Third, obstruction of justice. The law hates when things are public that aren't finished yet. Announcing or telling people about it could end you up in jail. If you ever noticed most news story's have "from anonymous source" or something similar and never someones actual name.Last edited by Onra Host; 04-19-2013 at 02:07 PM.
-
04-19-2013, 02:00 PM #9Disabled
- Join Date
- Dec 2010
- Location
- 127.0.0.1
- Posts
- 5,732
-
04-19-2013, 03:44 PM #10Web Hosting Evangelist
- Join Date
- Jul 2005
- Location
- Belgium
- Posts
- 507
What's the punishment for something like that could be in the US?
kept alive by vertaalbureau
-
04-19-2013, 04:01 PM #11Corporate Member
- Join Date
- Aug 2004
- Location
- Kauai, Hawaii
- Posts
- 3,799
Hopefully something like this.
-
04-19-2013, 04:12 PM #12Web Hosting Master
- Join Date
- Mar 2003
- Location
- Canada
- Posts
- 9,072
It is customary in Canada to punish criminals by forcing them to attend every Justin Bieber concert until he retires. The criminal is subjected to awful music and loud obnoxious girls who excessively scream.
http://www.youtube.com/watch?v=C7Va4M44u28
I'm not sure what the US does, I would assume something similar.RACK911 Labs | Penetration Testing | https://www.RACK911Labs.ca
www.HostingSecList.com - Security Notices for the Hosting Community.
-
04-19-2013, 04:22 PM #13Web Hosting Master
- Join Date
- Mar 2011
- Posts
- 659
In this industry, it pleases me to see someone held accountable for their actions. Best of luck to the HostGator team, hats off to my fellow Texans!
Ain't here to spam my signature, I'm not desperate for sales.
-
04-19-2013, 04:27 PM #14Web Hosting Master
- Join Date
- Apr 2008
- Location
- United States, MI
- Posts
- 769
Being a previous employee of HostGator and having my NDA well expired I'll share a few details to help people sleep at night.
Pat, feel free to contact me if you want on my personal email. It should still be in your inbox.
1. The way this most likely happened is the company jump box. It has root access to all servers using a custom ssh binary that Pat actually made. It records all SSH sessions to a file. So you essentially have replay on every single SSH session. So reversing anything this guy did was fairly trivial most likely.
Changing out this key is later explained in their deployment system.
2. The billing systems are not included in this jump box. Employees cannot jump into these machines as the jump boxes keys will NOT function on those servers. Period.
3. There is an internal security team at HG, like any company some of them are morons. There are a few smart folks there though, who I would trust completely to secure anything. Who most likely detected whatever this kid did and informed their supervisor which probably went to Josh Banks and Dave Collins/Pat Pellanne.
This employee was probably sweated out in one of the offices before fired by some rather intelligent folks to assess the damage done.
Realistically, there is no damage still on any server as their architect James has been working on implementing a lot of configuration sync scripts and binary sync scripts (they can ensure each binary and library on the system matches a "Gold" image in about 25 minutes or so).
And honestly, 2700 servers isn't really a lot. That's less than 1/4th of HG's total fleet. So, widespread problems are completely impossible.
So stahp your worrying.Last edited by Crothers; 04-19-2013 at 04:33 PM.
Steven Crothers
No BS cloud engineer and Red Hat architect.
-
04-19-2013, 04:32 PM #15Web Hosting Evangelist
- Join Date
- Jul 2005
- Location
- Belgium
- Posts
- 507
kept alive by vertaalbureau
-
04-19-2013, 04:38 PM #16Web Hosting Master
- Join Date
- Oct 2003
- Posts
- 9,264
-
04-19-2013, 04:40 PM #17Managed Service Provider
- Join Date
- Feb 2004
- Location
- Atlanta, GA
- Posts
- 5,662
Not really funny, but this isn't the first time HostGator has had to take legal action against former employees. If I recall correctly the situation was that he went into the support desk and merged every single ticket into one.
http://www.fbi.gov/houston/press-rel...9/ho012609.htm
That guy applied to work for us numerous times but we already knew about his activities at hostgator and wouldn't respond to his applications.
It's somewhat ironic that he went to work for ASmallOrange when he broke back into HostGator. Brent of HG later went on to buy ASmallOrange.
-
04-19-2013, 04:42 PM #18Web Hosting Master
- Join Date
- Apr 2013
- Location
- At My Desk
- Posts
- 598
Just goes to show you cant trust anyone.
Last edited by victormeldrew; 04-19-2013 at 04:52 PM.
-
04-19-2013, 04:49 PM #19Disabled
- Join Date
- Apr 2009
- Posts
- 3,262
You can't trust anyone these days for sure. That's why the law is on your side and that's why they have laws.
-
04-19-2013, 05:51 PM #20Web Hosting Master
- Join Date
- Mar 2010
- Posts
- 4,533
Things like this is why I have trouble hiring developers. Not being an expert with php myself, who knows what they can toss into a large enough script without people knowing.
For the hostgator issue, I honestly wouldn't be concerned. I know hostgator is capable of pushing certain updates or files across all servers rather quickly so if there were to ever be damage done, I would assume it would be minimal. I'd also trust them enough to take care of it properly if something actually had happened.
-
04-19-2013, 07:17 PM #21Junior Guru Wannabe
- Join Date
- Nov 2009
- Location
- San Antonio, Texas
- Posts
- 74
No mention here in San Antonio of the bust, perhaps for the reasons Michael and OnraHost mention, but just as likely because Rackspace is a darling of the sorry excuse of a newspaper we have here (a Hearst franchise), and the journalists, as fellow corporate employees in print and broadcast, know not to damage a business star of the community. Such civic concerns about on-going investigations have not stopped reporters from breaking wind, er, news, if it promises to be good entertainment in other cases. Cynical? Me?
-
04-19-2013, 07:24 PM #22Web Hosting Master
- Join Date
- Jun 2004
- Posts
- 2,853
-
04-19-2013, 09:19 PM #23Disabled
- Join Date
- Dec 2010
- Location
- 127.0.0.1
- Posts
- 5,732
-
04-19-2013, 10:37 PM #24Web Hosting Master
- Join Date
- Apr 2008
- Location
- United States, MI
- Posts
- 769
-
04-20-2013, 12:41 AM #25Web Hosting Master
- Join Date
- Nov 2011
- Location
- Calgary, Alberta, Canada
- Posts
- 699
Little Apps
Open Source Software
Similar Threads
-
ROOTED
By Lost Eagle in forum Hosting Security and TechnologyReplies: 13Last Post: 03-22-2011, 05:48 PM -
server rooted twice !
By Ramex in forum Hosting Security and TechnologyReplies: 45Last Post: 11-11-2010, 02:25 PM -
am i rooted ?
By bosen in forum Hosting Security and TechnologyReplies: 5Last Post: 03-12-2006, 11:14 PM -
I got rooted
By Johnny Cache in forum Hosting Security and TechnologyReplies: 30Last Post: 02-17-2004, 12:07 AM -
rooted....?
By zgoku in forum Hosting Security and TechnologyReplies: 2Last Post: 05-14-2003, 10:22 PM