Results 1 to 22 of 22
  1. #1

    are your clients hacked at Vortech?

    We have accounts at vortech, jodo, cartika and other providers

    ONLY accounts on Vortech are hacked and 3/25 already

    Many of them have strong passwords

    Vortech keeps saynig it is a "WOLRD" issue, and said it is due to our clients' PC are hacked/virused, but could not explain why only vortech...

    Do you got hit due to this "worldwide issue" lately or do you think Vortech is just trying to avoid from responsibilities?

  2. #2
    Join Date
    Apr 2006
    Location
    NJ, USA
    Posts
    258
    I do not think there is a "world issue" where all reseller accounts from every provider are getting hacked. What control panel do they use? If it seems to be an isolated incident, it most likely is.


  3. #3
    Join Date
    Mar 2005
    Location
    USA
    Posts
    523
    Could very well be Gumblar

  4. #4
    Join Date
    Dec 2004
    Location
    San Francisco, CA
    Posts
    1,912
    Not heard of any major hacking incidents, on close to 200 servers we run..
    init.me - Build, Share & Embed

    JodoHost.com - Windows VPS Hosting, ASP.NET and SQL Server Hosting
    8th year in Business, 200+ Servers. Microsoft Gold Certified Partner

  5. #5
    Quote Originally Posted by Yash-JH View Post
    Not heard of any major hacking incidents, on close to 200 servers we run..
    Then you would be the only provider in the world that was not hit by this..

    I cannot believe this to be true Yash....

    A little reading for you on this issue:

    http://blog.scansafe.com/journal/200...gle-serps.html

    http://blog.scansafe.com/journal/200...n-to-bots.html

    This was a very very widespread issue. Had very little to do with providers and more to do with consumers getting their PCs infected with trojans and having their FTP passwords farmed and then used to inject malicious code into websites with the express intent of infecting more PCs with the trojan...

    Quote Originally Posted by IKillBill View Post
    We have accounts at vortech, jodo, cartika and other providers

    ONLY accounts on Vortech are hacked and 3/25 already

    Many of them have strong passwords

    Vortech keeps saynig it is a "WOLRD" issue, and said it is due to our clients' PC are hacked/virused, but could not explain why only vortech...

    Do you got hit due to this "worldwide issue" lately or do you think Vortech is just trying to avoid from responsibilities?

    I am going to come to the defense of Vortech, but, I am also going to slam them a little..

    yes, there was/is a pretty serious trojan(s) going around right now - where in an automated manner, they farm FTP passwords users have stored in their PC's, they then remotely access those FTP sites and inject malicious code into the users web pages - when visitors visit the infected sites, they can them become infected themselves if they download the file they are directed to download, and the process repeats..

    this was a global level virus which grew exponentially throughout the year.. everyone was impacted by this - this is an end user hack though, not a hosting provider hack...

    having said all of this - most providers have figured out how to clean this up and block this by now - and when a user does get repeatedly infected, most providers have figured out a process to work with them and put a stop to this..

    there are several things a provider can do, including developing scripts that will automatically remove the injections, more frequent AV scans which pick up any re-infected accounts, templated emails to customers who have been infected outlining how they have been infected and how to clean it up and various other proactive measures...
    www.cartika.com
    www.clusterlogics.com - You simply cannot run a hosting company without this software. Backups, Disaster Recovery, Big Data, Virtualization. 20 years of building software that solves your problems

  6. #6
    Join Date
    May 2006
    Location
    EU & USA
    Posts
    3,684
    Quote Originally Posted by IKillBill View Post

    Vortech keeps saynig it is a "WOLRD" issue, and said it is due to our clients' PC are hacked/virused, but could not explain why only vortech...
    Just wondering if they didn't mean WORLD writable/readable files on a unix filesystem, or where they really pointing to a global issue with trojans ?

  7. #7
    Quote Originally Posted by 040Hosting View Post
    Just wondering if they didn't mean WORLD writable/readable files on a unix filesystem, or where they really pointing to a global issue with trojans ?
    they likely meant with Trojans... this was a very serious issue - with exponential growth there for awhile..

    and on a system like Vortechs hsphere cluster, if a reseller kept all of his clients FTP info stored on their PC and got infected, the Trojan could simultaneously inject potentially 100s of sites across a fleet of servers - making it look like all of the servers were hacked - when in reality - the resellers PC was hacked and they were silly enough to have 1000 different FTP credentials stored on their PC..

    Eitherway, a provider should easily have been able to clean this up quickly and efficiently and proactively block serious re-infection - so.. although I do buy that this trojan hit them hard - I find it hard to believe its still a serious issue - which means they really didnt do a good job at cleaning this up and preventing it from re-occurring..
    www.cartika.com
    www.clusterlogics.com - You simply cannot run a hosting company without this software. Backups, Disaster Recovery, Big Data, Virtualization. 20 years of building software that solves your problems

  8. #8
    Join Date
    May 2006
    Location
    EU & USA
    Posts
    3,684
    Thanks for clarifying Andrew, i assume you know the client and are more aware of what happened.

  9. #9
    Quote Originally Posted by 040Hosting View Post
    Thanks for clarifying Andrew, i assume you know the client and are more aware of what happened.
    Hello,

    Honestly, I have no knowledge of this client - but, I can just speak from our experience. This was a very very widespread trojan..

    any provider that jumped on this when it came out should be completely out of the woods now.. if a provider is still scrambling trying to deal with this - then I can only say that they were likely too slow to react..

    just my general experience and opinions - may or may not be useful or accurate..
    www.cartika.com
    www.clusterlogics.com - You simply cannot run a hosting company without this software. Backups, Disaster Recovery, Big Data, Virtualization. 20 years of building software that solves your problems

  10. #10
    Join Date
    Dec 2001
    Location
    Above The Clouds
    Posts
    7,223
    Hell, even I got hit by this. I went to one of my personal sites and saw the "Infected" page in FireFox. The Trojan gets in very easily, was very hard to remove and if you connect to FTP while infected it steals your password and injects some iframe code.

    But I'm not sure the OP refers to this as it was limited to one provider. We've also seen infections recently that inject code into "index.htm" on Windows servers only. Then there was a wonderful ProFTP injection for Linux. It's been a tough 6 months for malware defence!
    Laurence Flynn @ HostNEXUS.com
    Managed WordPress Hosting Solutions
    Focused on speed. Obsessed with security.

  11. #11
    Join Date
    Dec 2004
    Location
    San Francisco, CA
    Posts
    1,912
    Quote Originally Posted by cartika-andrew View Post
    I cannot believe this to be true Yash....

    A little reading for you on this issue:
    Once again, I reiterate, we haven't faced any major server hacking incidents that I know of, based on a server-side vulnerability.

    Quote Originally Posted by cartika-andrew View Post
    Then you would be the only provider in the world ...
    That of course, we are
    init.me - Build, Share & Embed

    JodoHost.com - Windows VPS Hosting, ASP.NET and SQL Server Hosting
    8th year in Business, 200+ Servers. Microsoft Gold Certified Partner

  12. #12
    Quote Originally Posted by Yash-JH View Post
    Once again, I reiterate, we haven't faced any major server hacking incidents that I know of, based on a server-side vulnerability.
    this wasnt a server side hack Yash... and besides, this is not what you said..

    Quote Originally Posted by Yash-JH View Post
    Not heard of any major hacking incidents, on close to 200 servers we run..
    The original poster is almost certainly a victim of a local PC trojan on their machine or on their customers PC's.. (I say almost certainly, as unless we can review vortechs logs, we cannot be certain)... so, my only point was, you cannot beat up Vortech for their users getting hit with this - you may or may not wish to discuss why this is still an issue and why it hasnt been cleaned up - but, that is a different conversation entirely correct?

    so, based on your comments, you, like everyone else, experienced the affects of this trojan correct? however, as I would expect from a fine company like Jodohost - your team identified this problem and took the appropriate measures to clean it up for your users and implemented preventative measures to protect them moving forward correct?

    Quote Originally Posted by Yash-JH View Post
    That of course, we are
    well done sir
    www.cartika.com
    www.clusterlogics.com - You simply cannot run a hosting company without this software. Backups, Disaster Recovery, Big Data, Virtualization. 20 years of building software that solves your problems

  13. #13
    Join Date
    Dec 2004
    Location
    San Francisco, CA
    Posts
    1,912
    Cartika-andrew, the client asked if they were hit by a major security issue, and we were one of cited hosts. I answered NO!

    That doesn't mean we don't have hacking incidents. Infact, we probably deal with a few everyday, 99.9% of them being a cient-side (scripting, passwords, etc) vulnerability. We professionally investigate the issue (logs, and everything) and address it. We maintain backups and offer to restore client's files or databases, even if the mistake is on their side. We have a 24x7x365 team that monitors threats, and we are usually very fast in patching and securing our servers if something happens. We have an OPEN forum, where we frequently discuss the latest threats, and advise clients how to act on them.

    So I do take offense if you are questioning our ability to handle security issues Andrew.
    init.me - Build, Share & Embed

    JodoHost.com - Windows VPS Hosting, ASP.NET and SQL Server Hosting
    8th year in Business, 200+ Servers. Microsoft Gold Certified Partner

  14. #14
    Quote Originally Posted by Yash-JH View Post
    Cartika-andrew, the client asked if they were hit by a major security issue, and we were one of cited hosts. I answered NO!

    That doesn't mean we don't have hacking incidents. Infact, we probably deal with a few everyday, 99.9% of them being a cient-side (scripting, passwords, etc) vulnerability. We professionally investigate the issue (logs, and everything) and address it. We maintain backups and offer to restore client's files or databases, even if the mistake is on their side. We have a 24x7x365 team that monitors threats, and we are usually very fast in patching and securing our servers if something happens. We have an OPEN forum, where we frequently discuss the latest threats, and advise clients how to act on them.
    so, as I said - you do agree that there has been some serious PC compromises which resulted in users accounts getting injected? that was the entire point correct?

    So I do take offense if you are questioning our ability to handle security issues Andrew.
    Funny - but, I never questioned this
    www.cartika.com
    www.clusterlogics.com - You simply cannot run a hosting company without this software. Backups, Disaster Recovery, Big Data, Virtualization. 20 years of building software that solves your problems

  15. #15
    If you didn't have this happen at all Yash, why is there is a forum post in your own forum's concerning this exact security vulernability and how it effects your clients?

    http://support.jodohost.com/showthread.php?t=16921

    The real responsible party with this whole hacking garbage is the hackers. There will always be new methods of exploitation to cause web users a hard time.

  16. #16
    Join Date
    Dec 2004
    Location
    San Francisco, CA
    Posts
    1,912
    Quote Originally Posted by Danlvortech View Post
    If you didn't have this happen at all Yash, why is there is a forum post in your own forum's concerning this exact security vulernability and how it effects your clients?

    http://support.jodohost.com/showthread.php?t=16921
    That was a security notice issued to our customers over 3 weeks ago. As you can see, we are proactive with informing and handling security outbreaks.
    Once again, I haven't heard of any large scale hacking incidents affecting our clients. Our admin team has always been very proactive with security related matters. That doesn't mean we haven't had any incidents. But I haven't seen anything alarming which was the subject of the initial thread.


    The real responsible party with this whole hacking garbage is the hackers. There will always be new methods of exploitation to cause web users a hard time.
    Of course.
    init.me - Build, Share & Embed

    JodoHost.com - Windows VPS Hosting, ASP.NET and SQL Server Hosting
    8th year in Business, 200+ Servers. Microsoft Gold Certified Partner

  17. #17

    Thumbs down Vortech was indeed hacked

    Yes, we know there are a lot of viruses/worms out there hijacking FTP details and that was my first response when a client called in to tell me that his website contained a malicious script. I simply asked him to change all his passwords, find a clean computer and re-upload his site.

    The story changed however when more than 6 of my clients hosted at Vortech called me to say the same thing had happened to them. I was telling them the same story until one of them asked me to check the website I personally have hosted at Vortech which was also infected! Now this is a simple Hsphere login interface that I left there almost 3 years ago and have never logged into; at least not in the last 2 years. It uses a complex password that I can't even try to remember.

    Vortech insists that my clients' computers were compromised. These guys don't know one another or upload files for one another. How come they all got infected about the same time? How about my own disused site? Who logged in to get it infected?

  18. #18
    Join Date
    Jan 2007
    Posts
    584
    How fast did vortech fix this issue?
    Peter Orga-Sales -sales@sexywing.com
    SexyWing - flying adult hosting service
    Profitable adult hosting provider Since 2006
    http://www.sexywing.com

  19. #19
    It's not a server side issue, so I'm not sure what you mean by "fix the issue".

  20. #20
    Join Date
    Jan 2004
    Location
    Greece
    Posts
    2,211
    Does Vortech run suPHP?

  21. #21
    no hacked we get :d
    Webgater.CoM - Cheap FullyManged Unmetered VPS , Master Reseller ,
    Reseller and Webhosting.
    Tomer A

  22. #22
    We do run suPHP and webgater I'm not too sure what you're trying to say.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •