Passwords changing

[military-world.net]

Quote:

Originally Posted by Eidolon

I promptly changed back to my alphanumeric password.

I would adjust it slightly but unfortunately my ISP (Virigin) has been denying me access to my sites hosted with eukhost since late Firday night. Anyone else using Virgin ISP and having connection problems?

About year mate been like this!!!!.....Internet Explorer cannot display the webpage..About 2 times day...Or 10000000000000s times day

[eUK-Martin]

Quote:

Originally Posted by _Chris_

As mentioned before, my 100% strong passwords were changed ?

We have had a long list of users therefore to avoid the time involved in process to differentiate between the users that had weak or strong password we decided to change password of all users.

Quote:

Originally Posted by _Chris_

What time were the passwords reset and what time were the emails sent to let us know ?

There were 2 teams working on this task.. 1st team were resetting the passwords and after completing 1 complete server they forwarded the list of users and passwords to 2nd team.. who updated the password in Billing software and resent the welcome email. The entire process took about 24 hours to complete (between 29th Aug & 30th Aug) hence it would we very difficult to let you know the exact time of when was the password reset and sent.

[Daniel]

Virgin appear to have a bad link from what it seems. But what would you expect from the supposed "Mother of all Broadband"?

[Jaselpool]

First I have heard of this is when 2 customers contacted me to tell me they could no longer login using their passwords. No email from EUK to any of my email accounts (and no I haven't changed my billing email at all).

If you've reset the passwords to all my clients accounts then how come I can still login to my reseller account with my original password?

J

[_Chris_]

Quote:

Originally Posted by eUK-Martin

We have had a long list of users therefore to avoid the time involved in process to differentiate between the users that had weak or strong password we decided to change password of all users.

There were 2 teams working on this task.. 1st team were resetting the passwords and after completing 1 complete server they forwarded the list of users and passwords to 2nd team.. who updated the password in Billing software and resent the welcome email. The entire process took about 24 hours to complete (between 29th Aug & 30th Aug) hence it would we very difficult to let you know the exact time of when was the password reset and sent.

Thanks Martin, those answers are appreciated - shame it had to take a few repeats of the same questions though ! It makes for happier customers when questions are not ignored !

For one moment Martin, can you please just imagine our frustration, when we laboriously (and it isn't a quick process for multiple domains), changed all 40+ of our domains with you, about a week ago, to ensure that they all had 100% strong passwords and then a few days later, they are changed again ! !

Then, not to be told until many hours after the event, and then to receive a very unhelpful reply from your support, to say that, if I want to change the password to something different, just log into your whm ? ? To change the password to a new one, you need to know the existing one ! !

So, it would be more helpful, if you don't change the passwords for the responsible people who have already changed their passwords to 100% strong, and more helpful emails in response to the problem.

Chris.

[eUKhost.com]

Quote:

Originally Posted by Jaselpool

First I have heard of this is when 2 customers contacted me to tell me they could no longer login using their passwords. No email from EUK to any of my email accounts (and no I haven't changed my billing email at all).

If you've reset the passwords to all my clients accounts then how come I can still login to my reseller account with my original password?

J

Passowrds were changed for only those accounts which were on list of the Spanish hackers. If your main reseller account username was not on their list then there was no need for us to change your password.

[DPS Computing]

Just for future note for the eUKhost team: If my account details are ever on any list of spanish hackers or any other hacking team - please please please please please immidiately change my password even if you cant notify my beforehand.

I'd rather stay secure than try and clean up the mess of an injected site - its happened once before around a couple of years ago and that was enough. The site was that messed up I had to delete it all and reupload a backup of it but unfortunately it was over a month old so I lost quite a lot of work and user data .

[_Chris_]

Quote:

Originally Posted by DPS Computing

Just for future note for the eUKhost team: If my account details are ever on any list of spanish hackers or any other hacking team - please please please please please immidiately change my password even if you cant notify my beforehand.

I'd rather stay secure than try and clean up the mess of an injected site - its happened once before around a couple of years ago and that was enough. The site was that messed up I had to delete it all and reupload a backup of it but unfortunately it was over a month old so I lost quite a lot of work and user data .

Yep, it's always a big mess after someones hacked into your site, we've been through it a couple of times - but no-ones asking eukhost to let us know beforehand - we're just asking that they let us know about the passwords changing for our websites as soon as possible afterwards - not many hours later !

Security and letting us know, are not mutually exclusive !

Anyway, time to move on now.

[eUK-Martin]

Yes, we very much understand your frustration but we tried our level best to get the sites secured.

I think the problem happened because it were all humans who were involved in getting the password reset and resent to our clients. We will make a note of this and try to get a script integrated with our Billing system to send emails so that there are no human errors involved. I think we will need to concern this with our R&D chief. We will surely get better with this next time.

Thank you once again for your patients and co-operation.

[_Chris_]

You trying to secure the websites has never been the issue Martin - how and when you let your customers know about the changes that affect them IS.

Apart from that, many thanks for that excellent response Martin, it shows you care about how you treat us!

Chris.

[jc8654]

Quote:

Originally Posted by _Chris_

Yep, it's always a big mess after someones hacked into your site, we've been through it a couple of times - but no-ones asking eukhost to let us know beforehand - we're just asking that they let us know about the passwords changing for our websites as soon as possible afterwards - not many hours later !

Security and letting us know, are not mutually exclusive !

Anyway, time to move on now.

Surely in that case, if eUK had to change 1000 passwords they should be doing that before resending passwords. As you said above, it's a pain if your site gets hacked so if you were the 999 person in the list of accounts they needed to change you'd want them to get down the list as fast as possible to minimise the threat of hacking during that time? And surely that means get as many support hands on it as possible?

I agree that yes, it may have been an inconvenience not being able to log in to things but to me the top priority would be to get all the passwords changed and then do the emailing.

Just to point out in this, was it just the main account passwords that needed resetting? If so, can that not just be done from WHMCS and then click on the resend welcome details info again with the new password? If that was the case then it may have been easier to do it at the time but if it's all ftp passwords on the server then what I've just said in this paragraph is a pointless comment!

[eUKhost.com]

Our CTO had to reset all passwords in one go using some scripts. He then assigned task to his team members to change passwords once again and resend to customers. One should not question his potential as he does fantastic job in managing his team and his awareness has prevented us from a major mishap.

We've had previous experience of all such stupid things done by Hackers and crackers and we know how to keep our servers safe. We are taking legal action against the spanish proxy provider whose IPs were used for this FTP based injection.

[_Chris_]

Quote:

Originally Posted by jc8654

Surely in that case, if eUK had to change 1000 passwords they should be doing that before resending passwords. As you said above, it's a pain if your site gets hacked so if you were the 999 person in the list of accounts they needed to change you'd want them to get down the list as fast as possible to minimise the threat of hacking during that time? And surely that means get as many support hands on it as possible?

I agree that yes, it may have been an inconvenience not being able to log in to things but to me the top priority would be to get all the passwords changed and then do the emailing.

It's never been in any doubt that security is always the main priority, but emailing the clients of eukhost, should be done very soon after the clients own passwords have changed, not many hours later.

From Martins post above :

"We will make a note of this and try to get a script integrated with our Billing system to send emails so that there are no human errors involved. I think we will need to concern this with our R&D chief. We will surely get better with this next time."

On that basis, I'm happy to assume that things will be better handled next time.