http://www.drifting-dreams.com/

I just saw my site today and the I can't access any of my pages. I don't know what to do, and for some reason I can't access my FTP.

http://www.irydium.net



:: SpyKids Ownz You Hualdo::




I hope you guys can take care of this quickly and I surely hope you have a good recent backup of my site. I just installed coppermine and uploaded a TON of photos.

Yup.....how embarrassing. Please fix this quickly. I can't even FTP to my site anymore.

I hope you have a valid backup and can get this site back up quickly. I own my own IT company and this is EXTREMELY embarrasing to have my site hacked.

Please get this back up quickly and please secure your servers more fully to prevent this from happening in the future. This is completely UNACCEPTABLE.

Yub, mine too.
www.hvng.com

Please solve this problem

Ok well my site is back up but my sub domain still shows the hacked page.

We're working on the problem and restoring the sites. Due to the problems FTP is disabled on the server.

I resolved my child domain issue by loggin in through Helm and deleting all of the nefarious files put there such as:

default.asp
index.asp
default.cfm
index.cfm
default.htm
default.html
index.htm
index.html
default.php


My site is now functioning correctly again. You really should look at the security of your servers though.

I just realized that every single folder has these files put in it. I guess we all will need a restore from backup.

We've checked all the folders and there are no these files.

Yes they are there. Apparently, the hack first checked if any files existed with the same name as one of the 10 new "hacked" files , if a file did exist with the same name, it left that file alone, and then added the 9 other "hacked" files that do not have a corresponding legit file. It simply added these hacked files to each and every directory all the way down leaving originals intact.

The list of files it looks for is the following 10 file names:

default.asp
default.cfm
default.htm
default.html
default.php
index.asp
index.cfm
index.htm
index.html
index.php






For example:

Say you have a folder with only 1 file in it. This file is named index.htm. The hack then left this file alone but added 9 other files:

default.asp
default.cfm
default.htm
default.html
default.php
index.asp
index.cfm
index.html
index.php






Another Example:

Say you have a folder with 2 files in it. One is named index.php and the other is default.asp. The hack then left these 2 files alone but added 8 other files:

default.cfm
default.htm
default.html
default.php
index.asp
index.cfm
index.htm
index.html







Another Example:

Say you have a folder with 2 files in it. One is named logo.jpg and the other is banner.jpg. The hack then left these 2 files alone and added 10 other files:

default.asp
default.cfm
default.htm
default.html
default.php
index.asp
index.cfm
index.htm
index.html
index.php








This way there is a likely chance that another one of these files will take precedence and will be the new default. The hack did not overwrite any files, it simply added in any that were not on the list. Each of these new files are 0.93K in size and contain the "Hacked" page. So the hack was not destructive, it simply added new files, as long as a file by that name did not already exist, to attempt to take over the default file.

So it appears that the site is down but if you delete all of the new 0.93K files in each directory then it will be restored.

If you check my site, irydium.net, you will not see most of these files as I have manually deleted them. However if you dig deeper into my wwwroot/photos subdirectories you will see that they are still there as I have not had the time to delete them all from all of the subfolders. I don't think I will need a restore of my site, I should be able to manually clean it up. I can't speak for everyone though.

Take a look at other sites as well and it will be apparent.

I'm sorry I wanted to say we are checking all the foledrs.

I know how to fix this security hole.

It is concluded in the HELM based FTP.

It will be fixed asap.

I'll let you know when it is fixed.

Thank you for understanding.

First of all, I want to thank you guys for getting on this so fast. Second of all. I noticed that all of the files added have the same timestamp. Will Hostony be going through and deleting all of these files, becuase I'm 7 hours past my bedtime here ;-)

I can't ftp my site www.go-getglobal.com either. Pls help....

Unfortunatly you won't be able to FTP to your site until they can get the vulnerability patched. They could give you FTP now, but they would just be exposing us all again to the same problem, and it could be exponentially worse than just the little defacement that was seen earlier.

Could you wait for hour?
We'll enbale it again.
Thank you.

It appears that 3 of my webites have been hacked: my waterbillonline.com, waterbillonline.com and wetservices.com. I'm assuming that Hostony knows of this problem, is going to fix the problem, make sure it doesn't happen again, and restore my sites with the backups they are suppose to have.

Come on Hostony. I am finding this to be ridiculous. I have manually fixed my own site and yet I still see others on this server with the hacked pages up.

Why is this not resolved? It's been over 12 hours already.


I still don't have FTP access to my site. I'm also distressed by the fact that you "knew" what the fix was to the vulnerability. This means that either you are liars, or you didn't bother to keep your servers up to date and patched. Neither option is very pleasant.


This incident has myself, and I'm sure many others very disappointed with your service.


The clock is ticking Hostony, and my patience is running out.

Your waterbillonline.com site uses default.asp as your default page. If you click the link:

http://waterbillonline.com/default.asp

You will see your page.


I can't believe Hostony has not resolved this yet but in the mean time, you can log in to Helm and go to the file manager.

Go through each of your critical folders relying on default pages and delete any page beginning with default or index that was not designed and put there by you. The hack did not overwrite anything, it simply added extraneous files that are taking over your default behavior. See the post above yours for more specifics on how to resolve it quickly.


Come on Hostony help us out!!!!

Dear customers
We are working on the problem.
WE've already found how the server have been hacked.
You should reupload all your html, htm, asp and php files.
We are very sorry for these inconveniences.

Pardon my stupidity guys, and I'm not on the same server so I don't have this problem, but I was wondering, how does this happen? How do they get in there to put all those files up in the first place? Is there a way to prevent this from happening or is this one of those things you just have to clean up after? Are the rest of the servers in this kind of danger?

Just curious....
-Bonnie

I'm about to leave Hostony over this. This is PITIFUL!!! You guys are acting like kids who got their hands on a web server and started advertising to get clients.

HOSTONY not the CUSTOMER should resolve this issue. Why can't you restore customer sites from backup? Why has this not been done already? Why did you leave a server unpatched? Why do you not have stricter Application layer filtering on your servers? Why are you telling us to reupload our own files to the server? Why are you telling us to upload our files when you haven't even turned FTP back on? Why has it been 15 hours and customers still have sites showing hacked pages? Why have you not been able to resolve this? Why are you telling customers to fix it themselves? Why have you not written a script to delete all of these erroneous files? Why have you not made a public statement as to the staus of the problem? Why have you not been MUCH more active on the boards cajoling customers and giving hourly updates? Why are you so relaxed about an ENTIRE server being hacked? Why do your techs not use proper English making it difficult to understand what they are saying?

WHY? WHY? WHY? WHY?

This is EXTREMELY POOR customer service Hostony. Poor.

In all reality, I'll probably be leaving Hostony after my 6 month subscription is up. Your downtime is way too high. I can get 99.99% uptime guarantee's from companies that stick to it for the same price that you charge. Not only the downtime, but now this hacked server and your completely pitiful attempt to professionally resolve the problem. It's bad enough you got hacked, what I find even worse is the way you handled it. I'd be able to get over the hack if you quickly, and professionally resolved the issue, but you haven't.



Regardless, I regretfully feel that I can no longer recommend Hostony to any of my colleagues.

TO OWNERS SUPERVISORS AND MANAGEMENT OF HOSTONY:

As you probably know, at least one of the servers was hacked over 15 hours ago as of this writing. Hostony has done nothing to resolve this VERY SIMPLE HACK. Customers still have websites showing hacked pages. This is completely unacceptable. Hostony then goes on to tell customers to resolve it themselves. That they are not rolling tape from backup.

Please see the following posts:

http://forum.hostony.com/index.php?showtopic=3711

http://forum.hostony.com/index.php?showtopic=3708



I will now repost a bunch of questions I stated in one of the above threads.


HOSTONY not the CUSTOMER should resolve this issue. Why can't you restore customer sites from backup? Why has this not been done already? Why did you leave a server unpatched? Why do you not have stricter Application layer filtering on your servers? Why are you telling us to reupload our own files to the server? Why are you telling us to upload our files when you haven't even turned FTP back on? Why has it been 15 hours and customers still have sites showing hacked pages? Why have you not been able to resolve this? Why are you telling customers to fix it themselves? Why have you not written a script to delete all of these erroneous files? Why have you not made a public statement as to the staus of the problem? Why have you not been MUCH more active on the boards cajoling customers and giving hourly updates? Why are you so relaxed about an ENTIRE server being hacked? Why do your techs not use proper English making it difficult to understand what they are saying?

WHY? WHY? WHY? WHY?

This is EXTREMELY POOR customer service Hostony. Poor.

In all reality, I'll probably be leaving Hostony after my 6 month subscription is up. Your downtime is way too high. I can get 99.99% uptime guarantee's from companies that stick to it for the same price that you charge. Not only the downtime, but now this hacked server and your completely pitiful attempt to professionally resolve the problem. It's bad enough you got hacked, what I find even worse is the way you handled it. I'd be able to get over the hack if you quickly, and professionally resolved the issue, but you haven't.


Regardless, I regretfully feel that I can no longer recommend Hostony to any of my colleagues.

According to a previous post, it's a vulnerability in Helm which means it is possible that all Windows servers who are using Helm are vulnerable.

ahhhhh... windows servers....windows servers.....

It has nothing to do with the fact it's a Windows server. It has to do with Helm. In my opinion, those who mock windows servers, shouldn't be administering any server. Food for thought.

Both Windows and Linux servers can be made very secure and very reliable.

Dear Customer, we already see all of your posts. There is no need to post a hundred of them.

We are working on the problem with the server and soon the server will be stable again.

Please wait for a couple of hours and everything will be in order.

Hope for your understanding.

I'm on a Linux server....
Is it safe?


-Bonnie

Depend...but at least, is not suicide

Helm only runs on Windows servers so your server is not using Helm, the cause of the vulnerability.

Although, at this rate, I wouldn't be shocked to see any server hosted by Hostony to get hacked.

Now you mock me? Nice. Time to find a new host.


Maybe you guys should post a little more then I will have to post less? Good Grief.

Don't be so extremist, is really very hard to maintain updated at the moment and for all moments a lot of servers who are running a lot of applications and services.

All times a bug is discovered and exploited before the software company give them a fix (obviously)... so, what do you think ? the service must be turned off every time for every bug while they are waiting the fix provided by the software developers ?

Sometimes shits happens, Stop crying about the quality of the english language of support staff and let them work

I'm not being an extremist. I own an IT company supporting most of the major networks in my area including local businesses, hospitals, local governments, and police stations. All of these sites maintain their own mail services, many of them their own web services, amongst countless other services.

If any of them were down for more than 4 hours due to a hack, we'd lose the client. Plain and simple. For the record, this has never happened.

Again, I'm not even that terribly upset about the attack. I'm more upset with the way things were handled after the fact.

It's been 21 hours and some sites are still not even restored.

http://www.drifting-dreams.com/

Settling for anything but top notch quality service does not make one an extremist.

If you don't appreciate the support, reliability, and security of Hostony, then leave. They don't owe you any money or apologies. They're doing the best they can and if it's not good enough, SHUT UP and leave. You're just wasting their time with your useless comments.

I fixed my sites about 5 minutes after I realized the problem. I told Hostony in case they didn't know (didn't see anything about it in the forums). They shut down FTP access so I used Helm to remove the files and verify everything was ok. I saw that the "hackers", if you can even call them that, had found a hole where they could gain ANONYMOUS access to the FTP server. You can't really do any real damage with that kind of access.

I have been with two other low-cost web hosting companies (Infinology and LunarPages) and none of them have given me even close to the support, capability, and reliability that Hostony has. If you can find one, good work. There just aren't very many good Windows-based web hosting companies in the same price range. If you don't like it here, then leave. If you like Linux and need to tell everyone how great it is, congratulations, you're the coolest guy I know. If you think you have legal grounds to file a claim against Hostony, then do it.

Just stop complaining on the forums.

vertices, ftp service is restored now. Please tell me which your sites aren't working or show hack related pages.

saturn: Thank you for understanding

Umm...I was the first person on the board in this very thread that was explaining what was going on. Go back and look. My comments have not been useless. I'm sorry if you are ok with settling for less than stellar service. I won't.

What I wanted to see was Hostony making a fast and quick response on the board letting everyone know what happened, that they are currently patching the server, and that they will restore all sites from backup. They were telling people to reupload the files themselves. This is unacceptable.




I did the same thing. You probably followed my directions to do it. I beg to differ on ANONYMOUS access to the FTP server being a problem. You have a significantly different view on security than I.



There are many other good hosts in this price range. In fact they even offer MSSQL in addtion to MySQL.



Can you even read? I was the one defending the Windows servers when others snickered. It is blatantly obvious that you have not even read my posts in this single thread.



The complaining has stopped. I am in resolution mode now. I have already signed up with another Webhost with technical response times and SLA's that simply don't compare to Hostony, all for only $5.00 a month more.

I will be contacting Hostony to have my remaining time refunded.

Thank you and good day.

Well I do want to say thankyou. You guys did a good job. n.n Thanks for fixing things up.



n.n;; actually that was me.

I meant explaining what was going on. Not just "My site doesn't work". No offense.

vertices, calm down bud, I wasn't singling you out at all. I did read your post. I was just talking to everyone in general. But seriously, you run an IT company with a plan that costs like $10/month?

I didn't read your post before I fixed the problem -- figured that one out myself. Actually, from the time you posted your first post (4:44am) to the time you said you resolved it (5:25am) you had spent 41 minutes from problem time to resolution time. So, since I fixed it in 5 minutes, I'm clearly much smarter than you. You clearly didn't figure it out right away with all the posts you put out in those 41 minutes. Seriously though, calm down, it's not a freakin competition.

I contacted Hostony through their preferred method, which is through a trouble ticket. Good idea to tell everyone else how to fix it on the forums in case they want to fix it themselves. That's an example of a good post. Good job.

You can't do anything bad to my site with anonymous access other than add files. I don't think that's a huge deal. Unless they upload 2 GB of stuff I won't run out of room. None of my files can be overwritten. It's certainly something to be fixed, but it's not a big deal.

Sounds like you found a new web host. Hope the grass is greener over there. Why are you so concerned with arguing on the forum if you've already jumped ship anyways? If you really want to help everyone like you claim, post the new web host and let people decide for themselves if it's worth the effort to switch. That's how I found out about Hostony -- from another company's forum pages. It's time to give back to the forums that have given so little to you.

I don't run my company site at Hostony, that's hosted elsewhere. We have a partnership with a local ISP and we use them for our corporate hosting. I used Hostony for my personal stuff.

And as far as figuring it out first, I didn't even start looking at it through Helm because I was in the middle of another project. I simply fired up my FTP client and could not connect. It wasn't until after I had finished working on my other project did I even bother to log in through Helm at which point it was painfully obvious what had happened. I'm not going to get into a "Who's Smarter" war with you as that is childish. I'm also not going to list my extensive experience and certifications. I never intended to start something of that nature.

I wasn't going to point out the new web host out of respect for Hostony but since you ask, it is www.######.com. I hit them up on their live support to test them out and they responded in about 3 seconds. You gotta love that.

I've also already got most of my files and databases uploaded and the performance is STELLAR. I'm sorry to say, but even my simple php/mysql pages load much faster and overall performance is much improved. Not to mention that they guarantee 99.9% uptime as opposed to Hostony's 99%. That .9 makes a big difference. Right now, I feel I made the best decision for me. It just seems that support in general from Hostony is lackluster these days. Downtime is tremendous and it just seems that there are too many "little" problems that I find annoying. So far, I am very pleased with the move.

I've actually been thinking about changing hosts for a while now due to server performance / speed issues / downtime and this was just the straw that broke the camels back.

I hope you understand my POV. Take care. No hard feelings.

What's childish is building a fort out of couch cushions and living in it for a week -- which I also do frequently. Only communists go over to ######.com. Have fun in mother Russia, commie!

LOL! They have places all over.

Official Mailing Address USA
Host Excellence
Francisco Bay Center
1750 Montgomery Street
San Francisco, CA 94111
United States of America

Data Center Address USA
Host Excellence
Network Operations Center
224 Mitch Lane
Hopkinsville, KY 42240
United States of America

Research & Management Center EU
Host Excellence
Neuhoferstr. 1
A-4240 Freistadt
Austria, European Union

Customer Relationship Management Asia
Host Excellence
Plot #12, Road #3
Journalist Colony, Banjara Hills
Hyderabad, AP 500034
Republic of India

Development Facility Ukraine
Host Excellence
162B Lenina Avenue
69000, Zaporizhye
Ukraine




I think I need to go get under some couch cushions now.

We are doing our best in order to help our customers.
We are really sorry for the caused inconvenineces.

Hostony Support Team

And you guys do a great job too, Slavik. I am a very happy customer.

-Bonnie

Vertices,
I have to agree with Saturn - Hostony does a super job, and it is a great deal for the price. I have absolutely no doubt about that. They are VERY RESPONSIVE to the support tickets that I've personally entered through the support system and I have been with them for 1.5 YEARS - I didn't just sign up last month.

Like Saturn, I was also at Infinology at one point and talk about a dung hole - Man, that was it - ZERO response. I think that you are going to find that Host Excellence is a turd as compared to Hostony - But good luck.

How could they be any worse? Their control panel is much more robust allowing greater configuration. The server is much more responsive. The bandwidth is greater. The response from support is INSTANTANEOUS. Downtime is much lower, and options are much greater including MSSQL, not just MySQL. and they have both instant live chat support and a toll free phone number for support for Christ sakes. I could call them up and chat with them regarding a problem if it came to that.

I've chatted with them through the online 24/7 chat 3 times so far with different questions regarding paths and whatnot and they responded in under 60 seconds all 3 times.

Also, just becuase you find Hostony to better than your last "Dung hole" doesn't make then great. It only makes them better than the terrible "dung hole".

Unfortunately, Hostony either has crap servers or doesn't know how to manage them. Either way, little problems always pop up, they are having to restart services all the time, disk space is running out, servers are being hacked etc.... There just always seems to be some issue.

To be honest, I had faster and more reliable hosting with even lowesthosting.com.

Hostony has potential, they just need to alter their business model and practices. They also need to get some real techs who know what they are talking about. They are not all bad, but several have caught my attention of being next to useless with poor attitudes.

For instance Hostony was compromised late the other night and they still have not made 1 single public statement stating what happened, what was compromised, the extent of the damage, whether passwords were compromised, what they are doing to resolve it, what they are doing to ensure it never happens again. I know the answers to most of these questions but not everyone does. If you look at the posts on this board now there are others wanting answers.

It's just poor customer service. It's no way to run any kind of hosting company. If you can't see that, then I can't help you. If I treated any of my clients this way, I'd lose each and every one of them. No doubt about it.

You can be happy with them all you want, and surfing the boards looking for resolutions to problems. I prefer problem free.

This is my last post here. There is no reason to continue. To anyone else, all I can say is open your eyes and see what else is out there. There is better, trust me.

All new hosts looks great at the beginning, only the time can make a conclusion.
Just come here again in a few months and tell us about your experience, this can be really usefull

I will tell you if Hostony are improving or getting worse.

greetings, all friends, and have a good trip

Infinology is the most worthless piece of crap ever. I mean, I cannot even put into words how bad it is. Their control panel looked like it was designed in 1986 and it even gave me a paper cut once. The FTP server went down every 3 minutes and emails would just disappear at random. The company was run by 3 dudes out of their bedroom in California. Calling them or putting in a "trouble ticket" was about as useful as getting on your roof and screaming your problems to the moon -- which I of course tried.

You're right that just because Hostony isn't as bad doesn't necessarily mean anything. But I've not experienced any major problems at all with Hostony nor have I felt limited by arbitrary policies put into effect after my contract (like Infinology did routinely). I never notice any downtime, only had 1 or 2 simple email problems (things bouncing back), a few FTP hiccups, database server and web server being reset once every few months for a minute or two. Moreover, most of those problems have been resolved and aren't an issue anymore. That reliability coupled with their features (nice control panel, quick and helpful support, low low prices, etc) makes them the choice for me.

Things might not be perfect, but I haven't seen better. Things like MSSQL are useless to me because I'm not running 400,000 queries a minute -- otherwise I would go with a host that costs more than $100/year.

Bottom line, I have to reiterate what everyone else is saying. All hosts look great in the beginning when you're in that money back guarentee phase. I've been with Hostony for almost a year now and they've done a good job the entire time and seem to be getting better. If this other web host is so great (even after you've been there 6 months) it might be an alternative to many people since the options and price are comprable. But I won't move unless things got really bad because it's too much hassle to switch. I've got legos and such to play with and I don't have time to migrate web hosts.

Dear Saturn!
Thank you for support.
We are really doing our best in order to provide the good service.

Best regards,
Support Team