Improve your security

[Richie]

improve the security to stop hackers gaining access to websites under your hosting.

This will stop them hacking sites

[Rock]

improve the security to stop hackers gaining access to websites under your hosting.

This will stop them hacking sites

Thank you for your suggestion!

The main issue behind this hacking or say uploading of files rather; to be clear in what actually what happened; was the write permission on a particular folder of that particular site. Only those sites or folders were affected which had that write permissions & these special permissions are one of the basic needs of a website or the application it hosts, to function properly. I'm not denying the fact of our servers being 100% secure, we're improving our server's security as soon as a flaw is noticed, but it's like a very new flaw or breach is popping up each day.

If we secure a server like I think it should be then clients would complain about certain functions not working as they should or if they need write access to their sites, it would be denied. It'd be a lose-lose situation in either case. Once an application which requires write permissions (only during an installation) is done with, it's an instinct to remove those specific permissions to keep the site safe. I'll see that no such special requests are entertained which would infact make the client applications to work in an initial phase but would cause a threat later not only to them but to our servers as well.

Once again I appreciate your suggestion & concern towards the web servers security

[daledavies]

I'm not sure I accept your explanation, which to me reads as if you are just trying to push the blame onto your customers.

Surely at some point the server was compromised? Those files didn't magically appear from nowhere.

What about the situation that I'm in at the moment, where the actual account root/Home directory has also had these files written to it? I can't work out how I could change the permissions of that directory in DNP.

[Richie]

We have got chat logs in which the agent clearly says that the problem was with someoone creating an account and being able to change everyones files from that account.

The agent then goes on to say that our site permissions are correct, apparently he checked them and that the fault was purely server side.

Then he said that the security was getting upgraded and that it wont happen again. it toook 2 days for him to alter all my files again, we complained and were told the same thing and security was updated again, 2 days later he was back.

This was repeated 3 times then it took him 4 days to get in.

then in chat after the 5th hack your agent said that you were implimenting security today and that none had been done previous cause when I asked what had been altered or implimented noone would say anything all we got was the standard security has been updated can i assist you any further.

[Richie]

ok This is still dragging on now.

The ticket to migrate the site was submitted on Thursday.

Friday comes and there are a few things we need to do. These requests were submitted and the ticket updated.

Fri night went on live chat and got nowhere. Noone would say when the site would be migrated and the only answer we could get was in broken english saying it is in process and would be done today only.

Late fri night and a chat agent says it is still getting processed and will be done for sat morning.

Sat morning comes - no site and now the old account, the one that was repeatedly hacked, goes down. I contact chat and get told the server is rebooting please try again in 30 mins. noone can answer the question about when the site will be transferred.

1pm - still no main site and still no answers. I get told the server has had a security update and needs rebooting try back

2-30pm no site went through to chat and basicallly got told to sit watching my ticket as it will get updated when its done.

4pm - still no site get told server is still rebooting. I mentioned that its been rebooting for over 3 hours and get told oh yes there was an error and the server wouldnt start but it is now and to try back in 30 mins

5-30 - still no site get told the server is rebooting again

7pm site comes back up when i am in chat with an agent. Asked what the problem was and goet told that it was an update and the server needed a reboot which is why the site went down. Asked abnout my migration and get told the account is created we are waiting for you to set up the domains, the domains and databases were set up fri within 2 hours of getting the email. the ticket was updated to reflect this. The agent then sdays oh yes i can see this it will be done tonight.

I asked for verification and he said definatly will be done tonight.

Its now sunday and the migration still hasnt been done. Went on chat and the agent I spoke to said it is in process we will update ticket it will be done today. I said i am afraid this isnt good enough and simply got told to wait for the ticket to be updated. I asked for some more contact details for more information and got told that the ticket system is the only contact

Lets see if suinday brings a site for me or will it still not be done.

[Richie]

Update I woke up this morning and I actually have a site now but......

The forums section doesnt wqork and they haven't updated any of the web.configs to point at the new databases they all still point to the old account.

Back onto chat i think

[Richie]

ok all that was copied across, migrated, were the files. The databases were not migrated or set up, the forums were not linked in and the new site pointed at the old sites database so it would display something. good job the old hosting wasnt turned off really.

If we had turned the old site off we would have lost all the databases and the site would have failed.

Still in chat trying to sort this out