Results 1 to 14 of 14
  1. #1
    Join Date
    Oct 2005
    Posts
    1,635

    why are so many "hosts" getting hacked?

    Is it me but more and more hosts mainly resellers are being hacked or having some weird problems within their network?

    Especially from "the pro hacker / gogle" ? Is there a site that tells you what site has been hacked recently?

  2. #2
    Join Date
    Jun 2002
    Location
    Waco, TX
    Posts
    5,623
    One word, updates.

    Please are not updating their applications which have majr major holes is them. At the current rate I see hosts starting to disable old apps after a warning to the user if they do not update them.
    (this is a totally personal comment with no tie to my employer, and as far as I know there has never even been a discussion about doing this)

  3. #3
    Join Date
    Oct 2002
    Posts
    5,178
    If you have to operate your company behind the scenes or under a fake name, maybe it's time to leave the industry and start something fresh.

  4. #4
    Join Date
    Feb 2002
    Location
    Reading, England
    Posts
    4,240
    I've not personally noticed any sort of increase in hacking attacks. However if I had to take a guess at why there are problems it is because of the various packages that offer auto installation of scripts like forums. A lot of people try a script out as it easy to install, but then never bother to delete it if they don't want to use it. As soon as that version is out of date there will be plenty of information on how to break in using a flaw.
    Steve

  5. #5
    Join Date
    Apr 2003
    Location
    UK
    Posts
    2,569
    i think the 'hacking' paradigm has shifted a lot over the last few years too. it used to be mass hacking of things like pop3, ssh, ftp etc. i think the coders have grown up, and worked out that their reputation is on the line, and that people depend on them

    now its all about webapps, where we're back at stage one, back with the bedroom coders doing something because its fun, and thinking about security second. this will have to change (and i think it will), because people will stop using insecure software.. on the flip side, it'll only happen when hosts stop allowing their customers to use certain forums etc, because the average joe user will use whatever, and not understand the security issues

  6. #6
    Join Date
    Jan 2005
    Location
    California
    Posts
    254
    My site was hacked by it, I had just installed PHPbb but it was the most current version. I dont know if it was that or something else but it's more then just getting into PHPbb, because he altered my cpanel template pages also.

  7. #7
    Join Date
    Sep 2000
    Location
    Alberta, Canada
    Posts
    3,146
    Quote Originally Posted by peruviantalk
    Is it me but more and more hosts mainly resellers are being hacked or having some weird problems within their network?
    You are most correct in your assement and, IMHO, there are two simple reasons.

    1. Hosters not using very good Server-wide security measures.
    2. Account Owners with directories and/or files with 777 permissions.


    Hosters need to take steps to help secure their Servers & Clients as some exploits cannot be stopped by an account Owner. And account Owners need to do their part by not using 777 permissions; leaves the door wide open for other people to upload 'their' files.

    Although we've had hackers get their files onto a Server, through 777 dir. permissions, our Server-wide security has stopped them cold. I'm sure many other Hosters have good security as well but you will not hear about. Nobody makes posts saying; "My Hoster stopped my account from being hacked."

    Unfortunately, we only hear about the Servers or accounts that have been hacked and by then, the damage has been done. Mind you, even the best security will not stop an experienced hacker dedicated to getting into a Server but for the most part, script kiddies are doing the most damage and they can be easily blocked.
    PotentProducts.com - for all your Hosting needs
    Helping people Host, Create and Maintain their Web Site
    ServerAdmin Services also available

  8. #8
    Join Date
    Nov 2005
    Location
    Minneapolis, MN
    Posts
    1,648
    Quote Originally Posted by peruviantalk
    Is it me but more and more hosts mainly resellers are being hacked or having some weird problems within their network?
    The market is such right now that anyone with money can be a host. (maybe not a successful host, but they're in the biz just the same) Control panels which were designed to make administrative tasks easier have become the sole manner in which some servers are managed. As packages like WHM/cPanel build more functionality, there is an entire population of "administrators" that don't understand anything happening underneath the control panel abstraction. Security is not a check-box option, it involves keeping system components updated, properly architecting user privileges, and effective monitoring of system operations.

    From an end-user standpoint, dynamic content is more popular than ever. Everyone wants a blog, a forum, or a photo gallery. The problem is that thousands of PHP/Perl/.NET programmers have appeared to fill in the demand, but just like the commercial software market the programmers that can write efficient and secure code are rare. Unfortunately there are many poorly written PHP scripts that require security features to be bypassed because they won't work under safe mode, or they require registered globals. Inexperienced system administrators will google how to disable a security feature to keep their client happy, but often don't understand what risk they are incurring by doing so.

    In all, the combination of buggy software and inexperienced administrators makes for a perfect environment for hacking exploits. Servers are just machines that do whatever you tell them to, and if you don't understand how to properly control them you will always be at risk from those who do.

    Eric
    Eric Spaeth
    Enterprise Network Engineer :: Hosting Hobbyist :: Master of Procrastination
    "The really cool thing about facts is they remain true regardless of who states them."

  9. #9
    Join Date
    Sep 2004
    Location
    Chennai , India
    Posts
    4,632
    simple because they are not secure or the hackers are well talented enought to break their security

  10. #10
    Join Date
    Apr 2003
    Location
    UK
    Posts
    2,569
    Quote Originally Posted by spechackers
    simple because they are not secure or the hackers are well talented enought to break their security
    you what?

    want to make any more sweeping (yet pointless) comments?

    maybe 'hackers might sometimes hack a host if the host is insecure'

  11. #11
    Join Date
    Oct 2005
    Posts
    1,635
    Quote Originally Posted by Mike V
    reading up on the whole 419 nigerian scam has anyone been convicted of the crime..i know people have been arrested but not convicted i cant find any

  12. #12
    Join Date
    Apr 2002
    Location
    USA
    Posts
    5,783
    2 things.

    Fantastico and google.


    People installing scripts with a single click and never updating them and google making it easy for a hacker to find the script with holes.

  13. #13
    Join Date
    Feb 2003
    Location
    England, Essex
    Posts
    1,505
    Quote Originally Posted by Slidey
    you what?

    want to make any more sweeping (yet pointless) comments?

    maybe 'hackers might sometimes hack a host if the host is insecure'
    i don't quite get the criticism, maybe I'm missing something.

    All he said was a host gets hacked if either their servers are insecure, or if the hacker is talented enough to fine a hole in any server.

    The truth is yes you can take measures to secure your server effectively that 99.9% covers all holes that the average hacker will be able to crack. But there are the types who will find that something that has been missed.

  14. #14
    Join Date
    Apr 2003
    Location
    UK
    Posts
    2,569
    i just found it a very worthless/pointless comment, and coupled with some of his other comments in other threads posted around the same time i think i was correct

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •