hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Web Hosting : Hostrocket server got hacked?
Reply

Forum Jump

Hostrocket server got hacked?

Reply Post New Thread In Web Hosting Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old
Junior Guru Wannabe
 
Join Date: Apr 2003
Location: Garden City, SC
Posts: 39

Hostrocket server got hacked?


I get a call from a client saying their site had been hacked. I went there and yes it had been hacked. I of course contact Hostrockets tech support and get this response:

Quote:
Question:
--------------------------------------------------------------------------------
Other

Our server has been hacked. What is going on?
--------------------------------------------------------------------------------
On 2004-06-14 at 17:52:39, Support wrote:
--------------------------------------------------------------------------------
There was a server issue the other night and it was hacked
into. There was/is no lack of
security. Maintenemce was being done on the servers and
someone slipped through. At
this time, our servers are running at 100%. I would advise
that you change any &
all passwords and restore your site from any personal
backups you have. Unfortunately,
we do backups only when it is requested by the customer and
they pay the $10 backup fee.
If you would like to take advantage of this in the future,
or if you have any other
questions/concerns, please let us know.

XXXXXXXXXXXX
HostRocket Support
There was no lack of security but yet someone hacked the server while they were performing maintenance?

Does anyone else see something wrong with that statement? If that is the attitude of their system administrators then my confidence level in HostRockets security just dropped. It was just a few years ago when their servers got hacked and thieves stole customers credit card numbers.

How does a hacker just slip through, as they stated, when maintenance is being done on the server?

The thing that ticks me off is since they allowed the security breach that wiped out my clients website they should be offering to restore the sites from backup for free but no they want to charge us for that.

Thoughts, opinions? Is it time to start looking for a more reliable and secure webhost to put my clients on?



Sponsored Links
  #2  
Old
Web Hosting Master
 
Join Date: Dec 2003
Location: Miami, FL
Posts: 3,262
HostRocket has been in business for years, they are a respected company in the hosting industry. When a server is compromised, it's never fun for the clients or the host.

It doesn't matter who your host is or how rich they are, servers can be compromised. The important thing is that they take care of the problem as soon as possible and prevent any further problems.

  #3  
Old
Retired Moderator
 
Join Date: Mar 2003
Location: United States
Posts: 3,675
In their defense, if anyone with the knowledge wants to get into a server - they will. I'm sure that HR probably did follow typical procedures for protecting the server, but it goes to the above statement and it depends upon the situation.

It's also typical for a company to charge for backups unless otherwise stated. It's technically not their responsibility (see their TOS - usually) if the server is hacked to offer a backup.

Sponsored Links
  #4  
Old
Junior Guru Wannabe
 
Join Date: Apr 2003
Location: Garden City, SC
Posts: 39
I've been with Hostrocket for 3 or 4 years now. I've been happy with them for the most part but it's mistakes like this that start putting doubts into my head.

From what I can gather from responses they gave to other customers they took down their firewall while they were doing maintenance on the server. Is it a typical procedure to lower the defenses on a server while you are conducting maintenance?

  #5  
Old
Aspiring Evangelist
 
Join Date: Jun 2004
Location: New York, NY
Posts: 372
Quote:
Originally posted by CrazyTech
In their defense, if anyone with the knowledge wants to get into a server - they will. I'm sure that HR probably did follow typical procedures for protecting the server, but it goes to the above statement and it depends upon the situation.

It's also typical for a company to charge for backups unless otherwise stated. It's technically not their responsibility (see their TOS - usually) if the server is hacked to offer a backup.

  #6  
Old
Web Hosting Master
 
Join Date: Dec 2002
Location: Los Angeles
Posts: 559
interesting that they have their support admitting to a hack. you have to hand it to them for honesty (and crappy security measures).

but this struck me as odd; "we do backups only when it is requested by the customer..." --- are they saying that they don't have any backups of client data?

i can understand charging $10 to restore from a backup, but to run a hosting company without any backups is flat out insane.

"yeah, well, your server crashed last night, so you better upload your site again." ha ha ha. jesus.

__________________
datapimp - You only get one soul, ya dig?

  #7  
Old
Junior Guru Wannabe
 
Join Date: Jun 2004
Posts: 34
Quote:
Originally posted by datapimp.com
interesting that they have their support admitting to a hack. you have to hand it to them for honesty (and crappy security measures).

but this struck me as odd; "we do backups only when it is requested by the customer..." --- are they saying that they don't have any backups of client data?

i can understand charging $10 to restore from a backup, but to run a hosting company without any backups is flat out insane.

"yeah, well, your server crashed last night, so you better upload your site again." ha ha ha. jesus.
You have a good point there.

My current host's server died last summer and they lost all sites and updates to sites 3 months old - they did nothing about this and insisted that it is not their responsibility to make backups.

Whilst this may be partially true, it doesn't do much for business!

Brad.

  #8  
Old
Junior Guru Wannabe
 
Join Date: Apr 2003
Location: Garden City, SC
Posts: 39
Here is the rest of the conversation but the latest response is from a different tech support member. They at least now apologized. The previous tech support person could probably take a lesson from this person about customer relations.

Quote:
On 2004-06-14 at 18:40:23, you wrote:
--------------------------------------------------------------------------------
Please explain to me if there was no lack of security then
how did someone slip through? If the hacker got in
because of sometbing that Hostrocket staff did or did not
do then the least that Hostrocket can do is restore our
sites from backup without charge.
--------------------------------------------------------------------------------
On 2004-06-14 at 19:24:23, Support wrote:
--------------------------------------------------------------------------------
Hi,

I'm truly sorry for the inconvenience you have experienced.
I've gone ahead and credited your account 1 month free for
web hosting. Necessary firewall and security steps are
being implemented so this does not happen again.

We provide our customers with daily backups of their site
at the control panel by clicking on the daily backup icon.
Unfortunately we do not have backups of the material that
was lost. Please let me know if there's anything else I
could assist you with.

Kindest Regards,

XXXXXXXXXXXXXX
HostRocket Support
So to answer the question about backups. No they do not backup your site unless you pay them extra.

  #9  
Old
Web Hosting Master
 
Join Date: May 2002
Location: Modesto, CA
Posts: 3,414
How do you figure that? They are using an automatic backup solution that gives you daily backups with their hosting prices. Where in the ticket are they charging you? Just out the door, but curious why you're saying that, not defending them either =)

__________________
dotGig
<:<: [Fruit eating linux administrator]

  #10  
Old
Junior Guru Wannabe
 
Join Date: Jun 2004
Posts: 34
1 month free though - at least they know they were in the wrong .

Perhaps you couldoffer your client a free month - to compensate for their loss?

Just a sugestion.

Brad.

  #11  
Old
Junior Guru Wannabe
 
Join Date: Apr 2003
Location: Garden City, SC
Posts: 39
Quote:
Originally posted by Samuel
How do you figure that? They are using an automatic backup solution that gives you daily backups with their hosting prices. Where in the ticket are they charging you? Just out the door, but curious why you're saying that, not defending them either =)
They said it in their first response

Quote:
Unfortunately,
we do backups only when it is requested by the customer and
they pay the $10 backup fee.

  #12  
Old
Junior Guru Wannabe
 
Join Date: Apr 2003
Location: Garden City, SC
Posts: 39
Quote:
Originally posted by SNGUK
1 month free though - at least they know they were in the wrong .

Perhaps you couldoffer your client a free month - to compensate for their loss?

Just a sugestion.

Brad.
I always pass along any compensation to my clients. They are the ones that are paying for their website and hosting and it was not their fault that it happened.

  #13  
Old
Junior Guru Wannabe
 
Join Date: Jun 2004
Posts: 34
Good aproach

One i like to share - It's always better to put yourself out a bit to ensure customers receive the service they deserver (if not more ).

Good luck with HR.

Brad.

  #14  
Old
Aspiring Evangelist
 
Join Date: Jun 2004
Location: New York, NY
Posts: 372
My freinds gallery software was just hacked on host rocket http://www.brettevan.com/cpg/ :-(

  #15  
Old
Retired Moderator
 
Join Date: Nov 2000
Location: Newport Beach CA
Posts: 608
As always, HostRocket is committed to providing a high-quality service coupled with superb technical support and customer service. As part of our commitment to help our customers achieve online success, various security mechanisms are in place on our servers, on our network, and throughout our company. While these security measures do encompass every aspect of our company and its offerings, nothing can ever be 100% secure. Even with the most comprehensive and stringent security measures, all systems are always vulnerable somewhere at some point.

In this case, a customer was running an insecure and exploitable script which allowed the individual(s) responsible for this incident access to take advantage of the situation. Once this was determined, the script was immediately disabled and removed from the server; the customer associated with that account was notified. The staff member that stated there was a problem during a maintenance window was severely mistaken and perhaps misinformed. Additionally, HostRocket acknowledges that any similar event is a breach of security regardless of the server usage situation at a given point. However, I'll stress once again that that fact does not apply to this incident though since there was no maintenance. Even during periodic maintenance, our servers are still extremely secure. Our security team is continuing to investigate the situation to ensure continued security for the affected clients. The same staff members are also taking necessary steps to guarantee the security of all accounts on other HostRocket servers.

In this situation, “index files” were the only files tampered with; all other files, databases, and e-mail accounts are in tact and untouched. While the entire situation is a large inconvenience for everyone involved, all we can now do is ensure a quick resolution for any lingering issues and take measures to prevent such events from reoccurring.

If you have any additional or specific questions or concerns regarding this issue, please do not hesitate to bring them to our attention. Our onsite staff is available to assist you 24/7. If you feel your issue is not being appropriately resolved by a member of our staff, please feel free to contact me or another member of our management team. I can be reached directly at timothy@hostrocket.com. Our Customer Service Manager, Melissa, can be reached directly at melissa@hostrocket.com.

Have a great week and thank you for your continued confidence in HostRocket.

__________________
VOIPO - VoIP Telephone Service


Last edited by Timothy; 06-14-2004 at 11:41 PM.
Reply

Related posts from TheWhir.com
Title Type Date Posted
HostGator Says Reports of a Server Breach by CaLLSTaCK are a Hoax Web Hosting News 2014-10-23 11:57:54
Server Protected with Default Password Enables Healthcare.gov Hack Web Hosting News 2014-09-05 09:51:28
Could Website Hackers be Chasing Hosting Customers Away? Blog 2013-08-27 09:07:42
Syrian Electronic Army Targets Top US Media Websites in Outbrain Platform Hack Web Hosting News 2013-08-16 10:46:10
Apache Malware Darkleech Spreads Rapidly with Increase in Attacks Web Hosting News 2013-07-03 12:11:03


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
WHT Host Brief Email:

We respect your privacy. We will never sell, rent, or give away your address to any outside party, ever.

Advertisement:
Web Hosting News:
WHT Membership
WHT Membership



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?