Results 1 to 14 of 14
-
08-29-2006, 05:40 PM #1Web Hosting Master
- Join Date
- Oct 2005
- Posts
- 1,635
why are so many "hosts" getting hacked?
Is it me but more and more hosts mainly resellers are being hacked or having some weird problems within their network?
Especially from "the pro hacker / gogle" ? Is there a site that tells you what site has been hacked recently?
-
08-29-2006, 05:47 PM #2Owner of the net for a day
- Join Date
- Jun 2002
- Location
- Waco, TX
- Posts
- 5,623
One word, updates.
Please are not updating their applications which have majr major holes is them. At the current rate I see hosts starting to disable old apps after a warning to the user if they do not update them.
(this is a totally personal comment with no tie to my employer, and as far as I know there has never even been a discussion about doing this)
-
08-29-2006, 05:47 PM #3Retired Moderator
- Join Date
- Oct 2002
- Posts
- 5,178
http://old.zone-h.org/en/index have fun
If you have to operate your company behind the scenes or under a fake name, maybe it's time to leave the industry and start something fresh.
-
08-29-2006, 05:48 PM #4Retired Moderator
- Join Date
- Feb 2002
- Location
- Reading, England
- Posts
- 4,240
I've not personally noticed any sort of increase in hacking attacks. However if I had to take a guess at why there are problems it is because of the various packages that offer auto installation of scripts like forums. A lot of people try a script out as it easy to install, but then never bother to delete it if they don't want to use it. As soon as that version is out of date there will be plenty of information on how to break in using a flaw.
Steve
-
08-29-2006, 06:22 PM #5Web Hosting Master
- Join Date
- Apr 2003
- Location
- UK
- Posts
- 2,569
i think the 'hacking' paradigm has shifted a lot over the last few years too. it used to be mass hacking of things like pop3, ssh, ftp etc. i think the coders have grown up, and worked out that their reputation is on the line, and that people depend on them
now its all about webapps, where we're back at stage one, back with the bedroom coders doing something because its fun, and thinking about security second. this will have to change (and i think it will), because people will stop using insecure software.. on the flip side, it'll only happen when hosts stop allowing their customers to use certain forums etc, because the average joe user will use whatever, and not understand the security issues
-
08-29-2006, 08:51 PM #6Web Hosting Guru
- Join Date
- Jan 2005
- Location
- California
- Posts
- 254
My site was hacked by it, I had just installed PHPbb but it was the most current version. I dont know if it was that or something else but it's more then just getting into PHPbb, because he altered my cpanel template pages also.
-
08-30-2006, 02:00 AM #7learning is in the doing
- Join Date
- Sep 2000
- Location
- Alberta, Canada
- Posts
- 3,146
Originally Posted by peruviantalk
1. Hosters not using very good Server-wide security measures.
2. Account Owners with directories and/or files with 777 permissions.
Hosters need to take steps to help secure their Servers & Clients as some exploits cannot be stopped by an account Owner. And account Owners need to do their part by not using 777 permissions; leaves the door wide open for other people to upload 'their' files.
Although we've had hackers get their files onto a Server, through 777 dir. permissions, our Server-wide security has stopped them cold. I'm sure many other Hosters have good security as well but you will not hear about. Nobody makes posts saying; "My Hoster stopped my account from being hacked."
Unfortunately, we only hear about the Servers or accounts that have been hacked and by then, the damage has been done. Mind you, even the best security will not stop an experienced hacker dedicated to getting into a Server but for the most part, script kiddies are doing the most damage and they can be easily blocked.• PotentProducts.com - for all your Hosting needs
• Helping people Host, Create and Maintain their Web Site
• ServerAdmin Services also available
-
08-30-2006, 03:09 AM #8Web Hosting Master
- Join Date
- Nov 2005
- Location
- Minneapolis, MN
- Posts
- 1,648
Originally Posted by peruviantalk
From an end-user standpoint, dynamic content is more popular than ever. Everyone wants a blog, a forum, or a photo gallery. The problem is that thousands of PHP/Perl/.NET programmers have appeared to fill in the demand, but just like the commercial software market the programmers that can write efficient and secure code are rare. Unfortunately there are many poorly written PHP scripts that require security features to be bypassed because they won't work under safe mode, or they require registered globals. Inexperienced system administrators will google how to disable a security feature to keep their client happy, but often don't understand what risk they are incurring by doing so.
In all, the combination of buggy software and inexperienced administrators makes for a perfect environment for hacking exploits. Servers are just machines that do whatever you tell them to, and if you don't understand how to properly control them you will always be at risk from those who do.
EricEric Spaeth
Enterprise Network Engineer :: Hosting Hobbyist :: Master of Procrastination
"The really cool thing about facts is they remain true regardless of who states them."
-
08-30-2006, 07:14 AM #9Big fan of RajiniKanth!!!
- Join Date
- Sep 2004
- Location
- Chennai , India
- Posts
- 4,632
simple because they are not secure or the hackers are well talented enought to break their security
-
08-30-2006, 07:33 AM #10Web Hosting Master
- Join Date
- Apr 2003
- Location
- UK
- Posts
- 2,569
Originally Posted by spechackers
want to make any more sweeping (yet pointless) comments?
maybe 'hackers might sometimes hack a host if the host is insecure'
-
08-30-2006, 07:48 AM #11Web Hosting Master
- Join Date
- Oct 2005
- Posts
- 1,635
Originally Posted by Mike V
-
08-30-2006, 08:13 AM #12Web Hosting Master
- Join Date
- Apr 2002
- Location
- USA
- Posts
- 5,783
2 things.
Fantastico and google.
People installing scripts with a single click and never updating them and google making it easy for a hacker to find the script with holes.
-
08-30-2006, 08:30 AM #13Web Hosting Master
- Join Date
- Feb 2003
- Location
- England, Essex
- Posts
- 1,505
Originally Posted by Slidey
All he said was a host gets hacked if either their servers are insecure, or if the hacker is talented enough to fine a hole in any server.
The truth is yes you can take measures to secure your server effectively that 99.9% covers all holes that the average hacker will be able to crack. But there are the types who will find that something that has been missed.
-
08-30-2006, 09:46 AM #14Web Hosting Master
- Join Date
- Apr 2003
- Location
- UK
- Posts
- 2,569
i just found it a very worthless/pointless comment, and coupled with some of his other comments in other threads posted around the same time i think i was correct