Announcement

Collapse
No announcement yet.

All My Domains Hacked!

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • All My Domains Hacked!

    I noticed yesterday that some strange things were happening with the sites on my domains, so I logged in via FTP to find the index files had disappeared from all the sites I have set up.

    I submitted a support ticket, finally went to bed at 2am with still no resolution, however 12 hours later I get an incomprehensible response from Stephen S...


    In performing mandatory maintenance on the server, there are few domains who's data got quarantine. We will like to offer our apologies, but server maintenance was also required.

    Do revert if you face any issues or doubts with the same, we will be glad to assist you.
    So anyway, wake up this morning, see the email, check my sites and what do I see?

    ~::HaCkeD By Chief::~
    WTF? Looks like the same set of files uploaded by the hackers in every directory. Including those outside the www root.

    Looking at the modified time of these files I can see they were uploaded about 1 hour after Stephen S had supposedly resolved the issue.

    So, someone in support has re-opened my ticked and promised me I'd hear something in 30 minutes, keep in mind all my sites are now displaying "Hacked By Chief" messages, but I've heard nothing so far.

    Sorry guys but where is the urgency here? I've just reported the possibility of this shared server being compromised, I only had static files in those domains so SQL injection is not a possibility, are you not even concerned?

    Act honestly, and answer boldly

    Abundance is from activity
    Starting the work is two thirds of it

  • #2
    OK, so still no response, not even an email to confirm my support ticked has been re-opened.

    Some things that would make me feel more comfortable in this situation are...

    • When I initially contact you regarding an issue like this I would like to get the impression are at least concerned!
    • I would appreciate being given a run through of the steps you will take to resolve this issue and an ETA for having my sites back to normal.
    • I would like my sites back online before you investigate how the breach happened.
    • Once you have had time to investigate I would like a full report on the extent of the breach and what services have been affected. E.g. At the moment I'm quite concerned about the fact that my email accounts may also have been compromised.

    At the moment I feel as if I have been left high and dry.

    I'd like to reiterate that this is a reseller account, if I was actually reselling the space my business would be at risk and I would be getting seriously embarrassed right now.

    Act honestly, and answer boldly

    Abundance is from activity
    Starting the work is two thirds of it

    Comment


    • #3
      Looks like the same problem over at Web Hosting UK...

      Server hacked for more than 24 hours

      Act honestly, and answer boldly

      Abundance is from activity
      Starting the work is two thirds of it

      Comment


      • #4
        HI Dale,

        I am working on your issue, I am in the process of restoring the website.
        The site Dale Davies, The Online Home of... is running fine, Please allow me some time more to restore the pages of other websites.
        I will update your ticket "IGA-144-27641" shortly
        Chris White
        (Former eUK Employee)


        UK's premier web hosting company.

        Comment


        • #5
          Chris, daledavies.co.uk is not running fine, it is currently showing a "Server Application Unavailable" message.

          When I FTP to the domain I can see that the FTP root is full of files added by the hackers, plus the web root and all other folders under it still contain those files too.

          Act honestly, and answer boldly

          Abundance is from activity
          Starting the work is two thirds of it

          Comment


          • #6
            Just received your email Chris...

            Hi Dale,

            I was able to restore the Data for some of your websites, but for the rest of the website, the Data has been overwritten with hacked files.

            I would request you to upload the index pages for those websites .


            Thanks for your patience.

            Do get back to us, in case of any doubts or for further assistance,
            We will be glad to help you.
            So far Chris it seems you have done absolutely nothing to resolve my issue. In fact some might say it is now worse, the websites at all of my domains now time out.

            First of all, are you telling me you do not have a backup of my accounts? I was told over the phone that you would restore my account from a backup.

            Second, what exactly have you done to prevent this from happening again?

            I fail to see how you can pass this off as acceptable customer service, seems like I've spent hours waiting for you to do pretty much nothing.

            Act honestly, and answer boldly

            Abundance is from activity
            Starting the work is two thirds of it

            Comment


            • #7
              Hi Dale,

              We have rebooted the server after applying security fixes.

              Hence I cannot access the website at this moment, I will check this once the server is back online.

              Mean while, I would request you to update the ticket.
              Chris White
              (Former eUK Employee)


              UK's premier web hosting company.

              Comment


              • #8
                Updated with the same questions as above.

                Act honestly, and answer boldly

                Abundance is from activity
                Starting the work is two thirds of it

                Comment


                • #9
                  Hello is anyone at eUKhost actually doing anything about this? I've not heard anything and it appears you have not actually done anything either.

                  Actually forget about it, I will not be paying this moths invoice and I will not be using your services again. Please just cancel my account, I don't see how I can continue to use eUKhost as I have absolutely no trust in your services.

                  I have had nothing but trouble over the last 4 years or so that I've been hosting with you, to be honest I don't know why I didn't move to another web host sooner. This most recent cock up has given me the perfect excuse to do it.

                  Act honestly, and answer boldly

                  Abundance is from activity
                  Starting the work is two thirds of it

                  Comment


                  • #10
                    It has taken us 2-3 days to get a migration then when they did migrate it they only copied the files across and not the databases.

                    I have spoken to my solicitor and my solicitoor has suggested a file for compensation. Apparently in this case as the hosts have claimed responsibility, we have a chat log transcript with them stating clearly it is a problem with their server security not our site, we can issue a claim for compensation for each user put at risk on our website. we have over 3000 users so I can see that being costly. 1 per user compensation is 3000.

                    I have a meeeting with my solicitor on Tuesday I will let you know how it goes

                    Comment


                    • #11
                      To be honest I couldn't be bothered with the hassle, although if you are running a business I can see why you might want to take that step.

                      At this point I would just be happy with a response, so far there has been too much silence and very little activity from what I can see.

                      Act honestly, and answer boldly

                      Abundance is from activity
                      Starting the work is two thirds of it

                      Comment


                      • #12
                        Totally agree with you.

                        If you read the improve your security thread http://www.eukhost.com/forums/f14/im...917/#post83882 - link to thread

                        It outlines all the responses I have had with them through live chat.

                        Comment


                        • #13
                          Well, I have just received another unacceptable response again from support...

                          We really apologize for the issues you and our clients are facing.
                          We always take the backup of all our websites data but unfortunately in your case the backup data has been overwritten and all the infected files were saved in the backup repository. We have removed those infected files.
                          And also we have removed around 95 % infections from the server and still we are working on it and in next couple of hours other 5% infection will be removed.

                          We have found some accounts on the server which were responsible for this issue. we have complete terminated those accounts from the server and also installed new security and monitoring service. And also we have enabled security logging on the Web server.

                          Now we assure that you and our other clients will not face such issues again.
                          Well, I was always taught that if you cannot recover fully from your backups then you might as well not have any backups to begin with.

                          Do not try to tell me that you only have one backup, if this is the case then you are incompetent.

                          I am insulted that after the communication we have had over the last few days you would still try to fob me off with a response like this.

                          You have not removed the files added during this hack and you have also lost most of the original files that were stored on my sites. To make things worse you seem unable to resolve the issue completely in a timely manner.

                          I simply cannot continue to host with you as I have no trust in the quality of your services, your security practices, or the competence of your support.

                          Please cancel my account immediately.

                          Act honestly, and answer boldly

                          Abundance is from activity
                          Starting the work is two thirds of it

                          Comment


                          • #14
                            yeah we go t this reply after the 2nd or 3rd time the site was hacked.

                            Then after the 4th or 5th time the agent said the security had only been updated that day. a full 2 weeks after the initial attack.

                            Comment


                            • #15
                              Finding it hard to believe it could take 2 weeks, with customer accounts being compromised across the server on multiple occasions and this issue is still not resolved.

                              I was Googling the text found on my site and the results showed 6 or 7 sites with the same defacement, these sites were cached by Google on the 24th. All these sites use ns1.ukdnp.com and ns2.ukdnp.com (ukdnp.com is reistered to eUKhost).

                              My main fear was that Google would index my site during the defacement and slap a Hacked Site Warning on it. Thankfully this didn't happen because I was able to migrate my domains to another hosting provider as soon as I realised the issue was not going to be resolved quickly. However looks like some of eUKhost's customers have not been so lucky.

                              Act honestly, and answer boldly

                              Abundance is from activity
                              Starting the work is two thirds of it

                              Comment

                              Working...
                              X