Passwords changing

[_Chris_]

Beware everybody - eukhosts change your passwords without letting you know !

We've just tried to check emails for 8 different accounts and, after emailing support, find that they changed all of the passwords, for all 8 accounts, without letting their clients know !

Nice !

[djonesd]

I've had the same issue - I'm on shared hosting and had my password reset without any warning

[paulmann]

Glad I'm not the only one who has had this problem. I couldn't get in to anything this morning so had to get tech support to reset the main password. Spent ages having to go through all domains and change passwords, and then all the email accounts stored on outlook and mailwasher.

Problem with email accounts though - have to enter the old password before being able to change it and of course old passwords no longer recognised so had to delete accounts and recreate them.

Almost finished. Just got to sort out the "catch all" emails now.

[eUK-Nick]

Respected Members,

There was a specific reason for us having changed passwords without prior information. We came across several cPanel accounts which were having weak password leaving the accounts vulnerable to be broken into or being injected into. Even while we were trying to fix this, injections through FTP started to happen. These injections were also affecting other accounts hosted on the same server.

Our system administrators came across such weakly secured account on other servers as well. So in order to avoid any further injection attempts, we changed passwords of all the accounts which had weak passwords. We were also in the process of sending out emails to the customers with the new passwords for their accounts.

Eukhost offers the most sincere & heartfelt apologies for any inconvenience caused due to this sudden but unavoidable action. We only did this to ensure the safety of our customers.

[_Chris_]

Quote:

Originally Posted by eUK-Nick

Respected Members,

There was a specific reason for us having changed passwords without prior information. We came across several cPanel accounts which were having weak password leaving the accounts vulnerable to be broken into or being injected into. Even while we were trying to fix this, injections through FTP started to happen. These injections were also affecting other accounts hosted on the same server.

Our system administrators came across such weakly secured account on other servers as well. So in order to avoid any further injection attempts, we changed passwords of all the accounts. We were also in the process of sending out emails to the customers with the new passwords for their accounts.

Eukhost offers the most sincere & heartfelt apologies for any inconvenience caused due to this sudden but unavoidable action. We only did this to ensure the safety of our customers.

What time were the passwords changed ?

btw, you also changed the passwords where they were 100% strong !

[_Chris_]

Did anyone here receive notification that their passwords had been changed ? ?

Nick, Matthew, Ralf and a few others are generally great and give good support - but come on guys, if we don't reply to some of our business emails, then there's a strong chance of us losing customers, so losing money - not a very good ad for eukhosts really, is it ?

Wouldn't it make more business sense, to let your clients know, straight away, after you've changed their passwords ? and when letting them know, in the same email, it could contain the new passwords ? That way, we're not fiddling around for hours, trying get things back to normal because of your cockup, when you've changed 100% strong passwords to other 100% strong passwords ! !

[eUKhost.com]

our CTO was monitoring invalid FTP login attempts from last couple of days and he managed to track some successful login attempts from proxy IPs which originated from Spain

He managed to make a list of all accounts which were successfully connected by the Spanish proxy IPs and only option he had was to reset passwords of those accounts which were accessed by the hackers. Any further delay in resetting your passwords could have resulted in severe injection on your websites and you would have lost your google rankings and credibility with injected websites. Some websites were injected by the hackers, we removed their iframe injection code in less than 5 minutes after injection.

Passwords were changed for some accounts which had strong passwords, as it was important for us to reset passwords of those accounts which had their login usernames in database of hackers.

Our support team was simultaneously sending new welcome email to customers whose passwords were changed.

We don't enjoy creating such situation, but we don't want any of our customers to loose their Business due to injected website.

If you haven't received new welcome email till now then please contact our support team and ask them to resend the welcome email with new password.

[_Chris_]

Quote:

Originally Posted by eUKhost.com

We don't enjoy creating such situation, but we don't want any of our customers to loose their Business due to injected website.

If you haven't received new welcome email till now then please contact our support team and ask them to resend the welcome email with new password.

We don't enjoy the situation either, as we lose money if we don't answer emails from our clients quick enough ! !

There's probably others here, who are involved in other forums - a couple of my colleagues also help out on some of the forums at SitePoint and WebHostingTalk, and you probably know how bad press travels more quickly than good press - it's not worth getting a bad name over something so basic - all we ask, is that you let us know straight away, as soon as you've done any changes that affect us - that seems fair enough really !

Just to give us an idea - please answer truthfully - what time were the passwords reset and what time were the emails sent to let us know ?

[NickJ]

Quote:

Just to give us an idea - please answer truthfully - what time were the passwords reset and what time were the emails sent to let us know ?

If your accounts are hosted on puma server then passwords of your accounts on this server were changed early morning today.

Nick J.

[Brian]

Trust me it is easier to have your password changed than have your site injected.
My site got injected many months ago and was injected with tonnes of porn and other crap and took over two days of returning phonecalls and apologising to people for what was on the site. I just wish eUK could have changed mine to save me the hassle. I think they did what needed to be done.

I no longer have insecure passwords

[_Chris_]

Quote:

Originally Posted by Brian

Trust me it is easier to have your password changed than have your site injected.
My site got injected many months ago and was injected with tonnes of porn and other crap and took over two days of returning phonecalls and apologising to people for what was on the site. I just wish eUK could have changed mine to save me the hassle. I think they did what needed to be done.

I no longer have insecure passwords

Yep, no-one wants their site injected - but everyone would like to be told straight away, when the passwords for their own websites have been changed - fact !

[_Chris_]

Quote:

Originally Posted by NickJ

If your accounts are hosted on puma server then passwords of your accounts on this server were changed early morning today.

Nick J.

Thanks Nick, but : Just to give us an idea - what time were the passwords reset and what time were the emails sent to let us know ?

[Daniel]

Quote:

Originally Posted by _Chris_

Yep, no-one wants their site injected - but everyone would like to be told straight away, when the passwords for their own websites have been changed - fact !

eUK has many customers, as a result it's not possible to email all customers personally before passwords are needed to be changed for security.

That is why emails are sent out individually after the passwords have been changed.

[_Chris_]

Quote:

Originally Posted by Daniel

eUK has many customers, as a result it's not possible to email all customers personally before passwords are needed to be changed for security.

Nope, no-one said before the passwords were changed.

[Brian]

I understand you are upset Chris but I am sure it takes time to change the passwords and make sure the server is secure before they can send out emails. Safety of the websites and server is first and foremost. Id be kind of ticked if my site got hacked and they said it was because they were sending out emails to customers that they have changed passwords so far.

[eUKhost.com]

Quote:

Originally Posted by _Chris_

Nope, no-one said before the passwords were changed.

welcome email was sent to resellers only for their reseller account. welcome email was not sent to your customers as you need to reset their passwords from WHM and notify them.

Our system admins only saw list of usernames used by the hackers to crack ftp passwords and they changed passwords of all those cpanel accounts. Welcome emails were sent for the accounts which were there in our billing system and nothing was done for end-users of resellers as we can not email your customers. There were at least 30 - 40 accounts from each of our cpanel shared servers which were on list of the hackers. making list of 1000 customers and sending them details of whole situation is quite difficult on weekends.

As I mentioned earlier, we have done best possible thing in such critical situation as it was me who suggested our support team to resend welcome emails simultaneously. Our only focus is to save your business and websites. Explaining your customers should not be difficult at all as nothing went wrong with their websites.

For your information, other webhosting companies simply ask their customers to change their passwords from their end, once their websites get injected and banned by google for insecure content. If you enjoy service of such companies then we can do the same thing next time.

I would suggest you to take this in a positive sense as injected websites could have ruined your Business.

[eUKhost.com]

Quote:

Originally Posted by Brian

I understand you are upset Chris but I am sure it takes time to change the passwords and make sure the server is secure before they can send out emails. Safety of the websites and server is first and foremost. Id be kind of ticked if my site got hacked and they said it was because they were sending out emails to customers that they have changed passwords so far.

you are absolutely right

Our linux support team was taking care of changing passwords for close to 1000 accounts and billing system was almost dead with 10 people sending welcome at a time. Assisting whole team to deal with such problems is the real test of your management skills and I sincerely appreciate the way our CTO got everything sorted with absolutely no injection code left in any websites on any of our shared servers.

[eUK-Martin]

I would also like to mention that our CTO, Mr. NickJ, was successfully able to demonstrate how the weak passwords can be decrypted using few available tools on web (I will not mention them here.. any one interested can PM or email support). It does not take more than 5 minutes to crack passwords with no special characters in it and that are less than 8 chars.

We understand that this may have caused inconvenience to some of our clients but I suppose it is far less than the hassle you face when your sites get injected and people loose trust in you and your business. And loosing your ranking in Google..!!! is a nightmare. We request our clients to take this action positively and understand our intentions.

[_Chris_]

Quote:

Originally Posted by eUK-Martin

I would also like to mention that our CTO, Mr. NickJ, was successfully able to demonstrate how the weak passwords can be decrypted using few available tools on web (I will not mention them here.. any one interested can PM or email support). It does not take more than 5 minutes to crack passwords with no special characters in it and that are