Results 1 to 19 of 19
  1. #1
    Join Date
    Jan 2001
    Posts
    495

    Hacked RS servers? What happens to them.

    What happens to all the RS servers that get nailed by the open_ssl exploit and SSH exploits? I was wondering this because I figure the majority of RS users dont know how to compile apache.. or I guess they could just use RPM's (lord help us all) heh.

    But still even that may be too difficult. When they get hacked do they just get taken off the network or ?
    James R. Clark II

  2. #2
    Join Date
    Feb 2002
    Location
    UK
    Posts
    3,100
    If they get hacked boo hoo. They will probably have to pay the reformat fee

  3. #3
    Join Date
    Sep 2001
    Posts
    1,310

    Re: Hacked RS servers? What happens to them.

    Originally posted by jic
    What happens to all the RS servers that get nailed by the open_ssl exploit and SSH exploits? I was wondering this because I figure the majority of RS users dont know how to compile apache.. or I guess they could just use RPM's (lord help us all) heh.

    But still even that may be too difficult. When they get hacked do they just get taken off the network or ?
    One of my RS servers got hacked on october 7th. Oh my what fun we had ):

    It wasn't the openSSL exploit though because we just had that patched up on that server the week before.

    Anyway what you do is get a priorty restore from RS. New harddrive. They put it in within 2 hrs no matter what time of day.

  4. #4
    Join Date
    Jan 2001
    Posts
    495
    They dont even give you the opportunity to fix your box?

    Just format?
    James R. Clark II

  5. #5
    Join Date
    Feb 2002
    Location
    UK
    Posts
    3,100
    Well yea, you can sort it out if the box is still online

  6. #6
    Join Date
    Jan 2002
    Posts
    574
    Originally posted by jic
    They dont even give you the opportunity to fix your box?

    Just format?
    I would suppose if they are contacting rackshack right away they aren't going to fix the problem, you know?

    Unless there is an immediate threat to the RS network (DoS going out from cracked server), then I wouldn't see why RS would care if their unmanaged servers were getting popped left and right, totally up to the client.

  7. #7
    Join Date
    Jul 2001
    Location
    Toronto, ON.
    Posts
    312
    My Netra (about a year back) was supposedly hacked as it was broadcasting tons of traffic that most certainly wasn't coming from me or any people I knew on the box. Rackshack took a pretty rugged stance by saying they would terminate my account if the problem wasn't fixed. Well, I didn't see any issues on the box what-so-ever, so I wasn't sure what I could do. I'm pretty sure they were just hoping I'd leave or they would in fact terminate my account simply to get rid of one of their Netra customers.

    Not too sure what their policy is now though. I ended up cancelling anyways.

  8. #8
    Join Date
    Sep 2001
    Location
    Houston, TX
    Posts
    213
    Originally posted by lotuslnd
    My Netra (about a year back) was supposedly hacked as it was broadcasting tons of traffic that most certainly wasn't coming from me or any people I knew on the box. Rackshack took a pretty rugged stance by saying they would terminate my account if the problem wasn't fixed. Well, I didn't see any issues on the box what-so-ever, so I wasn't sure what I could do. I'm pretty sure they were just hoping I'd leave or they would in fact terminate my account simply to get rid of one of their Netra customers.

    Not too sure what their policy is now though. I ended up cancelling anyways.
    If that's the server I believe I remember ( It's been a LONG time granted ) we took a rugged stance because it was spewing 80-100 MB/s of traffic.

  9. #9
    Join Date
    Nov 2002
    Posts
    105
    a RS retore means? a empty and fresh restore or with the last backup..if any?

  10. #10
    Join Date
    Oct 2002
    Posts
    122
    A RS restore means they pull the old drive and put a newly formatted and loaded one in. If your box has been rooted, it is folly to try and "fix" it. I have seen where RS will put the old drive back in the box so you can mount and copy over your sites, but there you have to be very careful that nothing you bring over could be compromised.

  11. #11
    Join Date
    Dec 2001
    Location
    N.Ireland
    Posts
    80
    Rackshack does not do managed server's therefore there support is either Reboot or restore. Nothing wrong with that but thats all they offer.

    As for comprised servers they will open a TT in your name saying its been comprised and if you gota pay for a restore.

  12. #12
    Join Date
    Jul 2001
    Location
    Toronto, ON.
    Posts
    312
    Originally posted by Patrick-EV1


    If that's the server I believe I remember ( It's been a LONG time granted ) we took a rugged stance because it was spewing 80-100 MB/s of traffic.
    Yep, in retrospect you guys probably did the right thing. At the time though, I had so many problems with support as they were not able to service the Netra in any way. So after going through all those problems and then being told that my account would be terminated if this problem persisted boiled my blood, to say the least.

    Ah well, you live and learn. I now have a Duron and haven't had any problems at all.

  13. #13
    Join Date
    Oct 2002
    Location
    Behind You
    Posts
    791
    Couple of things. First rackshack is unmanaged servers, so don't expect hand holding - but you will probably get it anyways. I have found their support goes well past what I would have expected from unmanaged support. I guess when you have 6000+ servers, you must learn to diagnose the problems pretty quick because you have seen it so many times before.

    And a question for patrick - do that many machines get hacked? it seems ensim is the most popular cp, and ensim had a fix out the same day of the exploit being publicly announced. Ensim's patches are very, very easy to apply and their directions are very clear, so I would be surprised if the original poster's assumption was correct.

    Chet

  14. #14
    Join Date
    Sep 2001
    Location
    Houston, TX
    Posts
    213
    I wouldn't say a large number of servers get compromised. I'd say the lack of installing Ensim updates is less to do with know-how and more to do with either not realizing the update exists or finding out it exists too late ( Already been compromised )


    It especially becomes an issue on Cobalts more than anything I've seen, because people are squeamish about installing their updates ( rightfully so a lot of the time ! ).

  15. #15
    Join Date
    Jan 2001
    Location
    Vienna, Austria
    Posts
    2,530
    perhaps becausemost of the cobalt updates break the server too it is easier to blame it on hacker than on yourself )

  16. #16
    Join Date
    Sep 2001
    Posts
    1,310
    Originally posted by jic
    They dont even give you the opportunity to fix your box?

    Just format?
    It wasn't RS that requested the restore. It was me. I could have left it hacked for the rest of the year as far as RS is concerned I guess.

    But after finding and removing several rootkits and the technician working (ours, not RS) informing me that quite frankly he could not guarantee that all the exploits that were installed could be found as they were hidding very well what other option is there?

    You can a) decide to yank the harddrive and put in a fresh one to be sure you have a clean setup or b) rebuild on the current drive that might have a timebomb on it. Meaning they can hack the server again whenever they feel like it.

    I decided to treat the 100 customers on the server to a few extra hours of downtime and have the problem fixed for sure.

    Checca: a RS retore means? a empty and fresh restore or with the last backup..if any?
    RS is not responsible for the data. A restore means they put in a new harddrive with the OS system on it.

    You have to put all the data on it yourself as well as reinstall all the programs you installed since you got the server.

    So...before you ask them to do a restore make sure you have a backup of your data or you are going to be one unhappy person

  17. #17
    Join Date
    May 2001
    Location
    Dayton, Ohio
    Posts
    4,962
    Originally posted by Patrick-EV1
    I wouldn't say a large number of servers get compromised. I'd say the lack of installing Ensim updates is less to do with know-how and more to do with either not realizing the update exists or finding out it exists too late ( Already been compromised )


    It especially becomes an issue on Cobalts more than anything I've seen, because people are squeamish about installing their updates ( rightfully so a lot of the time ! ).
    Hmm.. Maybe RS should have a page with a list of updates for each system type they have that has been tested and doesn't kill the box.. Of course make a statement that they are not supported but recommended...

  18. #18
    Join Date
    Nov 2002
    Posts
    105
    RS is not responsible for the data. A restore means they put in a new harddrive with the OS system on it.

    You have to put all the data on it yourself as well as reinstall all the programs you installed since you got the server.

    So...before you ask them to do a restore make sure you have a backup of your data or you are going to be one unhappy person
    Thanks for that info. So if anything is wrong with a RS server, The most important of all would be to backup all customers files before even notifying RS about it.

    Secondly, is RS customer generally happy with RS?

  19. #19
    Join Date
    Oct 2002
    Posts
    122
    I am happy so far with RS (except that they sent my root password to me in email). Those who are unhappy are generally those who are expecting to get a level of service they're not paying for.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •