Veteran Member
|
Hi Guys,
I just tried to vist my web site and found out that my entire portfolio of web sites has been hacked... Quite spectacularly! Needless to say this has put me out of business for the time being! I have not logged into my accounts for an entire weekend (as I have been away racing) and have a unique password for my main site control panel, which I have not used since Thursday. So it is extremely unlikely this info was harvested from me at some point over this weekend, or that it was hacked due to any mistake of mine as I have simply not been online other than to check emails and check orders in my store databases. Neither of which uses that password, or email address to access. There has also been no compromise on any of my other web accounts or packages, held anywhere else on the web, just my IXWebhosting accounts. Through a long drawn out conversation with IX Webhosting's 'helpdesk' it came out that my registered email address on their main database had been changed... It had been changed to something like haxorzRus@yahoo.com. This has been done in the last 4 hours, and points very strongly to the fact that their own system has been hacked... At first they tried to tell me that was my login email address () and that I had forgotten it... Quote:
I have full web logs of conversations with them, and also know who hacked me, and their handle and email address and so on. Obviously I am keeping this close to my chest as it is my proof of what has happened. But I am happy to share it with people if necesary. I am passing this on so that anyone else using IX Webhosting can get the hell out of dodge... I will of course be going elsewhere for hosting as soon as I can. IX Webhosting also offered me a Unix based 24 hour backup rotation as part of the package I paid for, and now tell me my restored site may be as old as 7 days! This is totally unnaceptable for a professional hosting package with live databases and so on... Therefore I want people to know about this.. i.e. IXWebhosting suck! 'Remember, measure life by the moments that take your breath away, not by how many breaths you take' Extreme Sports Cafe | ESC's blog | scratt's blog | @thescratt |
|
quote |
Veteran Member
|
Sorry to hear about that Scratt - good luck with getting that sorted out.
I had a friend who was looking into hosting packages a couple months ago and had mentioned IXWebhosting, but I warned him against it after looking into some reviews and glancing at the packages. Good thing I did so. You may want check out WebHostingTalk as part of your search for a new web host. |
quote |
Veteran Member
|
We are back up again!
I am now going to have a look at the people you recommend.. Anyone else with recomendations.. I am all ears! I am going to hunt out that thread from a few months back that everyone was discussing hosts in... I might just buy myself my own rack somewhere... Who knows! Still 2 - 3 hours downtime and everything back up again, albeit with half my passwords changed so I have no idea how to access anything, is not too bad I guess! Shame I had to threaten them so much to get such a speedy response, and get them to take it seriously! *puffs furiously on loaded joint* My wife has sore fingers from surfing the web on my treo as we blasted across Thailand so I could get back to "Scratt HQ" and start making sure not too much dmage was done! 'Remember, measure life by the moments that take your breath away, not by how many breaths you take' Extreme Sports Cafe | ESC's blog | scratt's blog | @thescratt |
quote |
Veteran Member
Join Date: Oct 2005
|
SurpassHosting.com
I and several of my friends use them. They're great, they VERY rarely have any problems, and if something happens it's dealt with pronto. Oh yeah, and the helpers in their support forum speak proper English, and don't have names such as "Srinivasa Rao Bodapati" Last edited by PKIDelirium : 2006-07-17 at 14:05. |
quote |
Veteran Member
|
Thanks.. Checking them out too..
By the way.. In the end IX Webhosting managed to only restore my site from a backup made in February! What a bunch of inept drooling fools. Luckily I can re-upload my content.. But Jesus, what a royal pain! 'Remember, measure life by the moments that take your breath away, not by how many breaths you take' Extreme Sports Cafe | ESC's blog | scratt's blog | @thescratt |
quote |
On Pacific time
Join Date: May 2004
Location: Moderator's Pub
|
Scratt, last week, maybe on Thursday (I can't really remember which day), I was looking at who was online at AN. I often glance at the thread titles, out of curiosity, to see what threads *guests* are reading.
I noticed one guest reading my old thread "Cool Places You've Been", so I clicked on that thread title to take a look at some of the nice pics that were there. What came up for me was a box with a key in the upper left-hand corner. Near the key was the title "Website Access" - or something like that. The website listed was extremesportscafe, and your first name (presumably) was there. It was all very strange. I've never had anything like that happen before. I've never seen such a box. I guess I should have sent you a PM right then. But it 'did' come up while I was logged in at AppleNova. Very strange. I have the feeling that one of our disgruntled, banned ex-members is involved in all this hacking. Do you remember ever tangling with any of those who got banned from here in the last few months? |
quote |
Veteran Member
|
Wow! That is really wierd..
Any chance you can alert Brad, or someone.. Assuming his omnipotence is not watching over us right now.. That does sound awfully strange.. Particularly if it's a link from here... EDIT - As for tangling.. I tangle with everyone, darling! As you probably have noticed... I have pushed a few noses out of joint here, and elsewhere.. So I guess I had it coming! Ah well.. Everything is back to normal now. Will ensure copious backups and contingencies are made in the coming days. Need sleep..... 'Remember, measure life by the moments that take your breath away, not by how many breaths you take' Extreme Sports Cafe | ESC's blog | scratt's blog | @thescratt |
quote |
Senior Member
|
Quote:
|
|
quote |
Selfish Heathen
Join Date: May 2004
Location: Zone of Pain
|
Quote:
You can see examples of the .htaccess password request dialog in these examples: http://www.appleinsider.net/ http://forums.appleinsider.net/ http://www.project-think.com/gallery.php The quality of this board depends on the quality of the posts. The only way to guarantee thoughtful, informative discussion is to write thoughtful, informative posts. AppleNova is not a real-time chat forum. You have time to compose messages and edit them before and after posting. |
|
quote |
Veteran Member
|
Ahh.. I understand what Windswept meant now...
It's still strange as it's only certain directories (that I do not link to) that have .htaccess file protection on.... I will go have a look at the thread and see if a link has expired / broken and is defaulting to somewhere wierd on the site... Thanks for your input, Brad. 'Remember, measure life by the moments that take your breath away, not by how many breaths you take' Extreme Sports Cafe | ESC's blog | scratt's blog | @thescratt Last edited by scratt : 2006-07-17 at 22:00. |
quote |
Veteran Member
|
IX Webhosting still deny that their database was compromised.
However, my account login email was changed without their knowledge, and without mine. They have also stated that that is not possible without my authorising it. However, it happened. I have both them telling me I have forgotten my email address, and also telling me that it is impossible for it to change, without me authorising it using the existing email account as a verification method in email and chat logs. And yet, it was changed and they were even happy to try and convince me that a crazy looking free email account address was my log in and payment confirmation info from day 1. Do they not care that this may have happened to other web sites.. Or do they have a huge security problem they are trying to cover up? I think they are hoping that I will just go away.. How wrong IX Webhosting is. It is now a day later and they still have not managed to restore parts of my websites data with information any more recent that February of this year. This is now affecting my sites ranking and my customers experience.. I have several options I am looking at, but wondered if anyone else has any ideas of who I can show their chat logs, and contradictory statements to so that I can get them to at least shoulder their fair share of the blame for this... At the moment they are simply being deliberately unhelpful, and obtuse in their answers to my reasonable requests for recent backups... I really want to throttle someone in their offices right now... What an awful awful company! Really do not host anything with IX Webhosting, and if you are hosted with them right now... Get your data out of there as fast as you can when your contract next renews.. Or before if possible. 'Remember, measure life by the moments that take your breath away, not by how many breaths you take' Extreme Sports Cafe | ESC's blog | scratt's blog | @thescratt |
quote |
Veteran Member
|
For those that are interested here is a log of the chats I have had with their 'technical' people... Hilarious!
I have added my notes with ** infront of them to clarify some points. Quote:
'Remember, measure life by the moments that take your breath away, not by how many breaths you take' Extreme Sports Cafe | ESC's blog | scratt's blog | @thescratt Last edited by scratt : 2006-07-17 at 22:04. |
|
quote |
Veteran Member
|
File a complaint with the Better Business Bureau. Seems like they've already had a number of complaints (24 in the last 36 months).
http://data.middletennessee.bbb.org/...=37010809&gid= I'm not really sure what you expected from this web host in terms of service though - the prices just seem ridiculous for what they're offering in terms of space/bandwidth. |
quote |
Veteran Member
|
Thanks MCQ... Will do.
Yeah.. I guess you get what you pay for.. But that really does not excuse it... I can accept people make mistakes and have problems, and so on.. I mean it was so lucky that I happened to be online at exactly the time my sites were being hacked.. A few minutes later and I may have been offline for a couple of days.. I did intend to come home, watch F1 on tv, catch up with Lost and then crash... As it was I did not get to bed until about 4am this morning as I have still been putting my sites back up by hand... To simply not be able to comprehend and respond to simple requests such as, "Please restore my latest backups accross my entire site portfolio", especially when it's a Unix based system using daily tarballs, is just crazy! The most worrying part is that within the same 24 hours period they claim they have no access logs to track a hack attempt. And that they don't seem to think that the same database which holds my personal info as well as my credit card and billing data being compromised and changed without their knowledge, is something to worry about. Mistakes I can understand. Ineptitude I cannot. EDIT - They also managed to lose all of my MySQL database backups.. When I returned home the only existing up to date copy was live on my site (it changes every day). On a site which was still not secure. I had a worrying and fretfull 25 minutes as I pulled the database down from the MySQL server to my own harddrive.. Not something I was able to do on a mobile connection on the beach! I mean should I really have to backup a 50MB file from my servers every day to cover their backs? That's not a frivilous task. 'Remember, measure life by the moments that take your breath away, not by how many breaths you take' Extreme Sports Cafe | ESC's blog | scratt's blog | @thescratt |
quote |
Veteran Member
Join Date: Oct 2005
|
Holy crap.
I just sent an email with a link to this thread to a friend of mine who uses IX, telling him to get the hell off of it. |
quote |
Veteran Member
|
Quote:
If I showed this level of care to my customers I would expect to be sued out of existence. It makes me sick. 'Remember, measure life by the moments that take your breath away, not by how many breaths you take' Extreme Sports Cafe | ESC's blog | scratt's blog | @thescratt |
|
quote |
|
I have had my site and all my customers sites hacked for the second time in 2 months, it has become very embarrassing for me to have to explain to my customers why their websites are not there - again!
the first time our site was hacked i logged a ticket and asked for immediate assistance and explanations as to why our sites had been hacked.... 14 hours went by and not one person responded to my ticket, it was absolutely shocking service!!! 35 hours and still no response, at this point it was quite obvious that they didn't want to know. i had to restore from backups, which took some time. then, today, i get an email from a customer to tell me that once again our site has been taken off the air and further checks revealed that all our customers sites had also been removed, we have now had 2 customers demand refunds from us and lost business. We have again, logged a ticket (for what its worth!) with these people and 5 hours after logging the ticket i get a response : it goes something like this "s I can see your ftp password too easy to hack. You need to change all passwords, install newest updates of antivirus software and scan computers where from ftp of account is being accessed. But please note that most of hackers' attacks are usually done through vulnerabilities of website software which you are using (like forums, blogs, CMS). We cannot keep them secured as we are not the developers of such kind of software. From our side, all server-side software (web services, FTP services, etc..) we are keeping up-to-date and protected. Anyway, it is strongly recommended to review everything that you have in website folder and check web server logs to determine the way you may protect your application against further intrusions. If you have any widely-used software installed, check the vendor site for recent updates or security fixes. Thank you for your cooperation and bearing with us. " this made me extremely angry at this point as they are quite obviously passing the buck back onto us! suggesting that somehow we have no antivirus software or some kind of malicious scripts running on our local machines that somehow managed to find a password to our site, log on to our account and delete all our sites. secondly, we dont run anything other than basic html pages, with no scripts whatsoever, so we dont run any applications on the server or our account other than what IX have on there already! from what the previous posts suggest, this seems to be a cut'n'paste response from their help intranet... it is unprofessional, unhelpful & insulting to the customer as they are basically wiping their hands from it. i have followed up on this ticket by asking them to provide me with details on when the folders and files were deleted and what date/time. they told me that they can't do this as the logs have been rotated already. Very strange, the same answer as previous posters have stated! for me, and my company and the customers i have left who have not jumped ship accusing my company of being unprofessional, i am out of this farce that is a webhost (hanging that term very loosely!) simply put, IXWEBHOSTING are at best, a place where you can store your files on the net for a few days or maybe weeks, whereafter it is most likely to suddenly disappear and unless you have a recent backup of it, you are unlikely to see again, and don't expect any real support from this outsourced indian "support" team who couldnt string two sentences in english together" 0/10 and possibly the worst webhost out there! AVOID THIS MOB IF YOU WANT TO RETAIN A SECURE, RELIABLE WEBSITE! |
quote |
Veteran Member
|
For various reasons I have left some of my sites with IX this year.. Basically I have to fight to get some domain names from them, and while I do that I keep them hosted there.. I have various other reasons for keeping some of my sites there, so please don't reply to this post with.. 'Why don't you move..' as we've done that already.
But just for the record they did it again today.. With no warning, in direct violation of their own ToS they shut down all the sites I have hosted with them, because a company contacted them and said that we had one logo on one web page (out of over 20,000 web pages and 10 web sites) which they considered they had copyright over... Now regardless of whether we should have that logo up or not, they should give me the opportunity to remove any offending material before shutting down any offending sites - unless of course it's something like kiddie porn - which I would expect them to take drastic measures about. At the end of the day the world is not going to stop turning if they give me 24 hours, and I am their client after all.. But no, they simply pull the plug on everything.. Email, FTP, www etc. etc. So I cannot even remove the content we have the issue over! In this case it is the corporate logo of a company I have written approval from to use their logo, and the logo recommends them as a company and links directly to their web site! But this necessitated all of my sites being taken offline without warning, and as of now over 5 hours of downtime without a single useful response from the company. Quote:
'Remember, measure life by the moments that take your breath away, not by how many breaths you take' Extreme Sports Cafe | ESC's blog | scratt's blog | @thescratt Last edited by scratt : 2007-11-07 at 00:59. |
|
quote |
Veteran Member
|
Do me a favor chaps n chapesses, please Digg the story..
I am a man on a mission to get these guys now.. http://www.digg.com/tech_news/PLEASE...ithout_warning |
quote |
monkey with a tiny cymbal
Join Date: Nov 2004
Location: Lost
|
... damn
What's really sickening is that they have an adpage placeholder for your site. Not only are *you* losing money and customers; they are gaining ad impressions and clicks. Are you in contact with a lawyer? It would be pretty marvelous if you could hand the phone off to an attorney (or better yet: 3-way it) once you finally get in touch with someone. Best of luck. (+1) |
quote |
Veteran Member
|
Thanks so much for that. Yeah I have a lawyer in the US dealing with it now.. The thing is to be honest he said we'll win but it could takes days.. My problem is (as you say) my sites look like I've gone out of business, and they are making ad revenue from the holding pages! Mental!
RIght now I already have about 25 emails from people asking if we have gone out of business! I even have one from a very good friend offering financial assistance, which is terribly embarrassing. 'Remember, measure life by the moments that take your breath away, not by how many breaths you take' Extreme Sports Cafe | ESC's blog | scratt's blog | @thescratt |
quote |
is the next Chiquita
Join Date: Feb 2005
|
Dugg...
Wow. |
quote |
Veteran Member
|
Thank you. It's very much appreciated.
|
quote |
formerly "trav"
Join Date: Jan 2005
Location: Behind you
|
Yeah i dugg as well. Not good. I think i dugg the other story about this company too. It's very poor from their end.
|
quote |
Veteran Member
|
tks.
|
quote |
Veteran Member
Join Date: Oct 2005
|
Dugg.
Damn, they're fucking idiots. I just sent this transcript to a friend of mine that is using IX. |
quote |
Veteran Member
|
Muchly appreciated. You guys are awesome.
One clarification.. I was pretty short in the chat, but it was the third of three which were equally unhelpful, and after trying to respond to tickets, and call their center with no reply to any of my attempts to get a real person. I have not had a single helpful reply as of now and we are at the 8 hours mark! Their excuse. They are busy. Mine.. I am fighting to open the door of my business! But it took them 30 seconds between a warning email, and a shut down of my entire hosting package. 'Remember, measure life by the moments that take your breath away, not by how many breaths you take' Extreme Sports Cafe | ESC's blog | scratt's blog | @thescratt |
quote |
Lord of the Rant.
Formerly turtle2472 Join Date: Mar 2005
Location: Upstate South Carolina
|
Sucks, hit hard.
Dugg |
quote |
owner for sale by house
Join Date: Apr 2005
Location: Charlotte, NC
|
I don't get it. You've posted about them for over a year here and warned others, why on earth are you still hosting your stuff there? Why don't you move it somewhere else instead of waiting for them to screw up again and again? This doesn't make any sense at all, and I really can't feel sorry for you because you knew better. It's your own fault that your sites are offline now and your businesses are hurting, it's not like you didn't get (and give!) enough warnings.
I'm really sorry to be an ass here, but this is way beyond anything a reasonable person would do, and I don't see why we're supposed to all feel sorry and digg your story now. |
quote |
is the next Chiquita
Join Date: Feb 2005
|
I thought it was because he had to fight to get his domains transferred to another hosting company, that he had to remain with them while that was being resolved?
|
quote |
Posting Rules | Navigation |
|
Thread Tools | |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
mod_fastcgi, PHP 4 & 5 Compile issues | rollercoaster375 | Genius Bar | 0 | 2006-05-24 18:53 |
Darwine Requirements | doublem9876 | Third-Party Products | 2 | 2006-02-26 10:58 |
Warning message on US Government Computers.. | scratt | AppleOutsider | 9 | 2005-12-09 15:38 |
Warning: Willow Bend Apple store trashed my mini | lozza | General Discussion | 44 | 2005-10-22 01:34 |
Sync warning - Be very very carefull... | scratt | Apple Products | 11 | 2005-05-03 03:26 |