Results 1 to 19 of 19
-
11-12-2002, 06:00 AM #1Web Hosting Evangelist
- Join Date
- Jan 2001
- Posts
- 495
Hacked RS servers? What happens to them.
What happens to all the RS servers that get nailed by the open_ssl exploit and SSH exploits? I was wondering this because I figure the majority of RS users dont know how to compile apache.. or I guess they could just use RPM's (lord help us all) heh.
But still even that may be too difficult. When they get hacked do they just get taken off the network or ?James R. Clark II
-
11-12-2002, 06:21 AM #2Web Hosting Master
- Join Date
- Feb 2002
- Location
- UK
- Posts
- 3,098
If they get hacked boo hoo. They will probably have to pay the reformat fee
-
11-12-2002, 07:12 AM #3Web Hosting Master
- Join Date
- Sep 2001
- Posts
- 1,310
Re: Hacked RS servers? What happens to them.
Originally posted by jic
What happens to all the RS servers that get nailed by the open_ssl exploit and SSH exploits? I was wondering this because I figure the majority of RS users dont know how to compile apache.. or I guess they could just use RPM's (lord help us all) heh.
But still even that may be too difficult. When they get hacked do they just get taken off the network or ?
It wasn't the openSSL exploit though because we just had that patched up on that server the week before.
Anyway what you do is get a priorty restore from RS. New harddrive. They put it in within 2 hrs no matter what time of day.
-
11-12-2002, 08:03 AM #4Web Hosting Evangelist
- Join Date
- Jan 2001
- Posts
- 495
They dont even give you the opportunity to fix your box?
Just format?James R. Clark II
-
11-12-2002, 08:28 AM #5Web Hosting Master
- Join Date
- Feb 2002
- Location
- UK
- Posts
- 3,098
Well yea, you can sort it out if the box is still online
-
11-12-2002, 11:03 AM #6Web Hosting Master
- Join Date
- Jan 2002
- Posts
- 574
Originally posted by jic
They dont even give you the opportunity to fix your box?
Just format?
Unless there is an immediate threat to the RS network (DoS going out from cracked server), then I wouldn't see why RS would care if their unmanaged servers were getting popped left and right, totally up to the client.
-
11-12-2002, 11:22 AM #7Web Hosting Guru
- Join Date
- Jul 2001
- Location
- Toronto, ON.
- Posts
- 312
My Netra (about a year back) was supposedly hacked as it was broadcasting tons of traffic that most certainly wasn't coming from me or any people I knew on the box. Rackshack took a pretty rugged stance by saying they would terminate my account if the problem wasn't fixed. Well, I didn't see any issues on the box what-so-ever, so I wasn't sure what I could do. I'm pretty sure they were just hoping I'd leave or they would in fact terminate my account simply to get rid of one of their Netra customers.
Not too sure what their policy is now though. I ended up cancelling anyways.
-
11-12-2002, 11:29 AM #8Junior Guru
- Join Date
- Sep 2001
- Location
- Houston, TX
- Posts
- 213
Originally posted by lotuslnd
My Netra (about a year back) was supposedly hacked as it was broadcasting tons of traffic that most certainly wasn't coming from me or any people I knew on the box. Rackshack took a pretty rugged stance by saying they would terminate my account if the problem wasn't fixed. Well, I didn't see any issues on the box what-so-ever, so I wasn't sure what I could do. I'm pretty sure they were just hoping I'd leave or they would in fact terminate my account simply to get rid of one of their Netra customers.
Not too sure what their policy is now though. I ended up cancelling anyways.
-
11-12-2002, 11:52 AM #9WHT Addict
- Join Date
- Nov 2002
- Posts
- 105
a RS retore means? a empty and fresh restore or with the last backup..if any?
-
11-12-2002, 12:49 PM #10WHT Addict
- Join Date
- Oct 2002
- Posts
- 122
A RS restore means they pull the old drive and put a newly formatted and loaded one in. If your box has been rooted, it is folly to try and "fix" it. I have seen where RS will put the old drive back in the box so you can mount and copy over your sites, but there you have to be very careful that nothing you bring over could be compromised.
-
11-12-2002, 03:25 PM #11Junior Guru Wannabe
- Join Date
- Dec 2001
- Location
- N.Ireland
- Posts
- 80
Rackshack does not do managed server's therefore there support is either Reboot or restore. Nothing wrong with that but thats all they offer.
As for comprised servers they will open a TT in your name saying its been comprised and if you gota pay for a restore.
-
11-12-2002, 03:32 PM #12Web Hosting Guru
- Join Date
- Jul 2001
- Location
- Toronto, ON.
- Posts
- 312
Originally posted by Patrick-EV1
If that's the server I believe I remember ( It's been a LONG time granted ) we took a rugged stance because it was spewing 80-100 MB/s of traffic.
Ah well, you live and learn. I now have a Duron and haven't had any problems at all.
-
11-12-2002, 04:09 PM #13Web Hosting Master
- Join Date
- Oct 2002
- Location
- Behind You
- Posts
- 791
Couple of things. First rackshack is unmanaged servers, so don't expect hand holding - but you will probably get it anyways. I have found their support goes well past what I would have expected from unmanaged support. I guess when you have 6000+ servers, you must learn to diagnose the problems pretty quick because you have seen it so many times before.
And a question for patrick - do that many machines get hacked? it seems ensim is the most popular cp, and ensim had a fix out the same day of the exploit being publicly announced. Ensim's patches are very, very easy to apply and their directions are very clear, so I would be surprised if the original poster's assumption was correct.
Chet
-
11-12-2002, 04:24 PM #14Junior Guru
- Join Date
- Sep 2001
- Location
- Houston, TX
- Posts
- 213
I wouldn't say a large number of servers get compromised. I'd say the lack of installing Ensim updates is less to do with know-how and more to do with either not realizing the update exists or finding out it exists too late ( Already been compromised )
It especially becomes an issue on Cobalts more than anything I've seen, because people are squeamish about installing their updates ( rightfully so a lot of the time ! ).
-
11-12-2002, 04:59 PM #15Registered User
- Join Date
- Jan 2001
- Location
- Vienna, Austria
- Posts
- 2,531
perhaps becausemost of the cobalt updates break the server too it is easier to blame it on hacker than on yourself )
-
11-12-2002, 10:13 PM #16Web Hosting Master
- Join Date
- Sep 2001
- Posts
- 1,310
Originally posted by jic
They dont even give you the opportunity to fix your box?
Just format?
But after finding and removing several rootkits and the technician working (ours, not RS) informing me that quite frankly he could not guarantee that all the exploits that were installed could be found as they were hidding very well what other option is there?
You can a) decide to yank the harddrive and put in a fresh one to be sure you have a clean setup or b) rebuild on the current drive that might have a timebomb on it. Meaning they can hack the server again whenever they feel like it.
I decided to treat the 100 customers on the server to a few extra hours of downtime and have the problem fixed for sure.
Checca: a RS retore means? a empty and fresh restore or with the last backup..if any?
You have to put all the data on it yourself as well as reinstall all the programs you installed since you got the server.
So...before you ask them to do a restore make sure you have a backup of your data or you are going to be one unhappy person
-
11-12-2002, 10:33 PM #17Web Hosting Master
- Join Date
- May 2001
- Location
- Dayton, Ohio
- Posts
- 4,977
Originally posted by Patrick-EV1
I wouldn't say a large number of servers get compromised. I'd say the lack of installing Ensim updates is less to do with know-how and more to do with either not realizing the update exists or finding out it exists too late ( Already been compromised )
It especially becomes an issue on Cobalts more than anything I've seen, because people are squeamish about installing their updates ( rightfully so a lot of the time ! ).
-
11-13-2002, 01:19 AM #18WHT Addict
- Join Date
- Nov 2002
- Posts
- 105
RS is not responsible for the data. A restore means they put in a new harddrive with the OS system on it.
You have to put all the data on it yourself as well as reinstall all the programs you installed since you got the server.
So...before you ask them to do a restore make sure you have a backup of your data or you are going to be one unhappy person
Secondly, is RS customer generally happy with RS?
-
11-13-2002, 04:52 AM #19WHT Addict
- Join Date
- Oct 2002
- Posts
- 122
I am happy so far with RS (except that they sent my root password to me in email). Those who are unhappy are generally those who are expecting to get a level of service they're not paying for.