Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

can someone shed some light on this?

Status
Not open for further replies.
ST0RMCHASER

ST0RMCHASER

MIS
Nov 10, 2002
35
US
Last month towards the end of May my Host was hacked. The person who did this exchanged out our index pages for a .bat file with their nice artwork included. Also this person included some nice gifts called Trojans, (two or more) and a worm for which they some would call a filed day on the server. My Host was running RedHat. There was some talk that a certain Website on the server was running a php forum that enabled the cracker to have a field day of us all. I don't have any more specs on the server my host was running. But we did have quite a few perks to use. PHP CGI etc. He has not gotten the server running yet. Most of us that have paid dearly for our Website haven’t seen this host sense he shut down around the 23rd of May. Our Host said he was going to manually remove the Trojans, and worm. This was to protect our Website I believe. Quite a few had 100mb or more stored on this host. Being paid up for a while, and having some domain names in limbo for right now has caused quite a stir for the ones whom had Website with this host. I know he also had medical problems, but just how long could it take a individual to clean up a server? Between his health and the mess on the server should it take this long? How can the members protect their Website? Quite a few including myself are moving on, but some did not have the tools to save their Website, and paying for two domains was out, and free host was out because of the size of some of the domains. Could he possibly still be fixing the server? While your at these questions any one got any bright ideas on how to calm the nerves of quite a few that are really at each other's throats right now? I need all the help I can get folks sorry for this it was unexpected.
 
Sort by date Sort by votes
23rd of May and it still isn't up?!

Well I would imagine they should have backups, but even if they did not I would expect to have my host running within a day (2 days If It's a weekend). I would seriously consider finding another service provider.
 
Upvote 0 Downvote
I agree with Grenage, even if he has health problems, he should have someone that can step in for him. I would have been looking for another webhost to.
 
Upvote 0 Downvote
I am looking for a new Host. Quite a few others are too. With the exception of a few die-hards. From what heard, The Host was a one-man band. The only help he had was for the phone. He didn't do a good job in that department either. Finding a place I have it narrowed down to a couple places. But my domain is in Limbo. I figured I would let that domain die with the host, and get a new domain. But this is a expense I didn't count on. So I made mistakes too, but this guy beats all hands down. Here is a question for the Linux people on this list... A while back I caught him running under root. I brought this to his attention, and told him that he shouldn't be running the server(s) under root. His reply was he had it all under control. I asked another person that isn’t a IT or anything, and they said if you run under root on Linux it's like a open invitation to trouble. If he weren’t under root, he wouldn't have been able to install the Trojans etc. So am I safe in saying that his running under root caused these problems? I told the others that his running under root caused these problems. Then I got flamed by someone who said I shouldn't assume blah blah blah. Well I am not assuming the running under root, he openly admitted to me he was. I was just curious if the out come would of been different if he hadn't been.
 
Upvote 0 Downvote
Actually, its advised not to run under root because a simple wrong keystroke or command can seriously affect files system wide. This can happen even with logging in as a user and su'ing to root. The issue of being logged in as root is irrelevant if he was doing maintance on the server, however he could su in to root and change what he needed and exit out of root and still be logged into the server under a safe user login, this is the advised method for doing maintance on a production server.

However, your host should've provided backups at the minimum to all his account users and their data. One-man host or not, providing those services and keeping them running are mission critical. He should've looked into providing a more redundant service.

Basic preventive maintance would have kept this situation from escalating as it has. He obviously does not know what he is doing.
 
Upvote 0 Downvote
I pretty much agree with all the previous posts. Unfortunately, this can happen with a one man operation, even if he was very competent and a great guy. (Actually, it can happen with about any company, but more likely with a one man operation.)

If you are still looking for a host, I have my home domain with and have been pretty happy with them. Cost is about $7 per month.
 
Upvote 0 Downvote
Because I haven't found any information on this subject. It would be nice if a very experienced individual here could supply some tips for choosing a host, and critical signs to look for when deciding on a Host. This man brought my list to a stand still. It would be nice also if anyone has any advice on picking up the pieces after such an event. I feel some of my member’s look at me now as not being as professional as I should be. I have always been as professional as I could be. I just didn't know that the Host I chose to Host my 160+ pages was incompetent, and unprofessional. Is there anyway to test a Host for their security professionalism? Or is hacking considered bad but just dealt with and accepted as a fact of life on the Internet? If a Host is hacked, is that just cause to stay away from their business? I have no intentions on staying with this Host myself. But quiet a few are saying that no way can he make that same mistake twice.
But someone pointed out that CGI and PHP is not secure to run on any server. Is this true? I do know of another Host, but that Host was hacked last year. So I chose two other Hosts, but I haven’t checked to see if they have a track record for getting hacked yet. Should I even bother checking? I had thought that security and up time are the most critical of any Host. Am I right in assuming this? I was really hoping he would send me a CD of my Website. I guess I am dreaming. I found out he was under root because he e-mailed me. I forgot his e-mail address and so I went to source his e-mail, and it showed as root blah blah. I should of known then he was incompetent. I plan to get Linux, and check it out. I guess it would be a good investment on my part now. At least I could answer some of these questions myself. Thanks for you’re input, I really appreciate it.
 
Upvote 0 Downvote
If you are looking for a new host there are serveral sites that attempt to rate hosts.
For example:

You can do a google search for "web hosting ratings" to find additional sites.

Just remember to take these with a grain of salt. I usually look for positive feedback from a relatively large number of people as a positive indication.

I don't really have that much experience in this area, but this is what I would do.
 
Upvote 0 Downvote
Rest assured... word of mouth is no help either. I got high remarks, and A+ feed back that this Host was worth the money. Sheesh, I sure would hate to see one that got a bad report. I cringe at the thought. Surely there is a better way?
 
Upvote 0 Downvote
Well, based on the (bad) experiences you've had with your current host, you already know some of the things to look for. Looking at feedback can still help. You can't assume the host is a good one just because of good feedback, but if you see bad things about them, you can be more sure that you want to stay away. You will want to contact the possible hosting companies you are considering and find out what measures they take to avoid exactly what you've gone through. Find out how much/often they back up their servers, what security measures they take, what support they offer. Just because the host has been hacked before is not a reason in itself to avoid that host. Everyone gets hacked pretty much, its a fact of life. If they have been hacked, find out what measures they took to fix it. Be sure they stay up to date on the latest exploits and viruses out there. If they say they haven't been hacked, be sure they are paying attention to their logs and such so they can back that claim up, and are not just ignorant of what is going on on their servers. Make your questions as detailed as possible, and expect good detailed answers. Don't allow them to bs you with big words. Basically you need to look for all the signs of their professionalism. Avoid one man operations (like you need to be told that) and try to go with an established business. Basically, you can't be absolutely 100% positive you'll find the best and be happy, but shopping around and doing your research should give you a very good chance.

"C makes it easy to shoot yourself in the foot; C++ makes it harder, but when you do, it blows away your whole leg."
- Bjarne Stroustrup
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
266
Sameer258
Sameer258
Garbear
  • Locked
  • Question
TZ190 VPN Connection works but can't ping some IP's on either side
Replies
0
Views
65
Garbear
Garbear
PauS0n
  • Locked
  • Question
Need Help On Cisco ASA 5512 Running Version 9
Replies
0
Views
89
PauS0n
PauS0n
mcisar
  • Locked
  • Question
Disable CHAP on PPPoE WAN connection
Replies
0
Views
97
mcisar
mcisar
GeorgeAlba
  • Locked
  • Question
What do you think about this proxy
Replies
0
Views
97
GeorgeAlba
GeorgeAlba

Part and Inventory Search

Sponsor

Back
Top