Results 1 to 7 of 7
  1. #1

    Netcetera UK server hacked - help!

    I have a reseller account with netcetera in the UK and have just discovered that one of the servers was hacked over the holiday period - this has affected 8 of my clients sites. I'm on the hunt for other clients of netcetera who have had cause for concern (check all your default.htm /login.htm /index.htm files for nasty code at the end of the page). Netcetera have not responded well. Would also appreciate any guidance on what action I can take (apart from moving providers) to get netcetera to buck up a bit. Thanks.

  2. #2
    do you have a backup?

  3. #3
    Yup, I've used backups to restore files and the access passwords have been changed. All but one of the sites are now fully fit. Thanks.

  4. #4
    Join Date
    Aug 2007
    Posts
    6,882
    You are lucky to have backups with you.
    Many people forgets that important rule until they get affected one day.
    Regarding that remaining site, I think you have to contact the host and ask them whether they have any backups. The will probably have a backup with them or they will assist you to remove the malicious code from your htm files.
    iHubNet Ltd - Premium Hosting Solutions 4 ALL
    Solid Support Solid Equipment Solid Network
    Shared Hosting / Reseller Hosting / Managed Server
    Matt A.

  5. #5
    Thanks for the messages - Being a network manager in a former life, I've been thoroughly indoctrinated with the backup, backup, backup and backup again ethos.

    As an additional note - it seems that the passwords on servers were "compromised". It seems that a whole number of files (all the default.htm / index.htm etc) had a hidden div added before the </body> tag on the 27/12/2007 and then "miraculously" on the 03/01/2008 many (but not all) were edited again
    and the file restored to its previous state.

    I'd be very interested in hearing from anyone with a similar experience, either at Netcetera or elsewhere.

  6. #6

    Update for those interested:

    Netcetera are investigating the cause, and have done plenty to allay my fears of a major breach of their security. The network security guy there seems pretty switched on.

    Note to all you nonbackerupperers: Backups saved the day here. We had all our clients sites on these servers restored and running clean within 12 hours of the alert. What would you do if all your sites went down/got hacked?

    Will give y'awl another update if we find the cause of the "break-in"...

  7. #7
    Join Date
    Jul 2002
    Location
    Tasmania, Australia
    Posts
    34,793
    Quote Originally Posted by wildmercury View Post
    Will give y'awl another update if we find the cause of the "break-in"...
    We'll look forward to it
    If you don’t like the road you’re walking on, start paving a new one.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •