Having a bad day

Adam Howard

Adam Howard

Well-known member
You ever have one of those moments when you feel as though the universe was some how conspiring against you in some way? I’m talking about those moments when you’ve done everything right (that you could do) and everything that seems to follow is outside your direct control. I swear I feel as those some “higher power” wanted to keep SU offline.

As you all know we were offline for almost 1 week because of our last web host and my Internet Service Provider. The short story for those of you who don’t know....

Old host locked things down tight to prevent us from doing a full system backup and our past backups were all corrupt. So I had to download ever file 1 by 1, but my ISP (Internet Service Provider) was also having connection issues. While logic would have left one of our other admins to retrieve the files... Our old host had basically locked everyone else out... ie.. It was left to me to do and only me to do, while on dial-up speed. :mad:

So finally we’re back online. Yay?! Right? Not exactly. :cautious:

Our host seemingly fell victim a security breach that also infected a few THOUSAND other web host (http://www.webhostingtalk.com/showthread.php?t=1235797). A lot of whom who are trying to keep this “hush, hush” :censored: about falling victim to this issue. And it took some of the best in the business 1 full month to figure out the possible cause.

And so a little root kit made the switch with us and surprise, surprise our file server suddenly was mailing out spam (thankfully not to our members). The only cure for this “hack” was to format and start over. :cry:

Psss... Hey Ben & Jay, if you’re reading this... You too are infected. I know, I “plugged in”. Time to Format C:\ and return once clean.

Not a problem... My Internet is working at full speed and I do have a “clean” backup copy to recover from. So we’re down for only 2 hours. And did the work at 2 AM when everyone was sleeping so no one would really notice. :D

Guess what? Site was working, was secure, and I was going on vacation. Alice, Jane, and Sarah all have backups and complete access so if something were to go wrong it wouldn’t fall upon me. So we should be good. (y):cool:

Yay all is well again....Right? Not exactly. :cautious:

New host is suddenly all questioning about how we securely connect our file server to our database server. Not only that, suddenly they want us to all submit photo ID’s. And suddenly want access to our database server, which is hosted by someone else. :cautious:o_O

WFT?

So let me get this straight......

You want access to our private database, that you don’t even host? And on top of all this you want me to mail or fax out documentation showing you may name, address, identification numbers, and any passports if I have one? But not just me, but Alice, Jane, and Sarah too?

What?!? You want to also have the contact info of all staff as well? :eek:

Um, no. Not a chance in hell.

Oh... So you’ve shut down the server..... And we’re offline again.... Well thank you a**-whole & thanks again for doing this while I’m on vacation and can’t submit anything even if I was stupid enough to go along with it... Which of course, I’m not going to do so. :mad:

So now we had to order new servers, from another web host, and configure that to our liking. Let’s hope for less drama....

It’s nice to hope....

WTF? You mean to tell me that every time we restore the site it displays only that cPanel welcome page and you don’t know why?! WTF? You mean to tell me that if you type out /forum/ the site shows, but without it doesn’t. How on earth is that possible?! o_O:confused:

Some vacation...... :rolleyes:

We’re working on it. :coffee:


To view this content we will need your consent to set third party cookies.
For more detailed information, see our cookies page.
 
Adam Howard said:
Our host seemingly fell victim a security breach that also infected a few THOUSAND other web host (http://www.webhostingtalk.com/showthread.php?t=1235797). A lot of whom who are trying to keep this “hush, hush” :censored: about falling victim to this issue. And it took some of the best in the business 1 full month to figure out the possible cause.
Click to expand...

That sucker is nasty. And the bad thing about it is many providers aren't doing a nuke and clean install to ensure the servers are clean. They're just going in, deleting a few files, and redoing certain library files. Unfreaking believable.

Thankfully, I wasn't bit by it. But there are a lot of folks who probably still don't know they're infected, no thanks to the clueless techs who work at their hosting company.
 
Biker said:
That sucker is nasty. And the bad thing about it is many providers aren't doing a nuke and clean install to ensure the servers are clean. They're just going in, deleting a few files, and redoing certain library files. Unfreaking believable.

Thankfully, I wasn't bit by it. But there are a lot of folks who probably still don't know they're infected, no thanks to the clueless techs who work at their hosting company.
Click to expand...
I spent part of last night looking into a new hosting provider and more than 1/2 of them I was able to gain root access. There tons of host who don't even know they're infected or if they do.... As you said... Are not doing what is needed.

We finally found a clean host and moved over to them .... But am having a hard time restoring our site. Keep getting greeted with the "Welcome to cPanel" page. But only on the home page and not the forum. Odd, no?
 
I was following that thread from day one. It amazed me that some were asking how to remove the bug and were adamant about not nuking the server and starting fresh. I know I'd be in a pickle if I had to do it as my backups are sent to the FTP server on a daily basis and refreshed on a weekly basis. If I didn't catch things in time, I'd have to toss the backups and start fresh.
 
I also followed that thread, but I still can't see exactly where it says for definite what the attack vector was and how they were getting in (might just be missing something, as it's been a long day)
 
They're pretty sure the infection comes from a workstation that's been nailed via Java. When you log in via SSH, the workstation bug sends the login information as you're logging in to the server. This is why some were getting reinfected as soon as they cleaned stuff up.

And it was infecting Windows and OS X machines. Didn't see if Linux was involved with any of the infections.
 
Biker said:
They're pretty sure the infection comes from a workstation that's been nailed via Java. When you log in via SSH, the workstation bug sends the login information as you're logging in to the server. This is why some were getting reinfected as soon as they cleaned stuff up.
Click to expand...
That's what I got from the thread, but there is a lot of crap in that thread as well.
 
Whilst this story results in a lot of frustration for the OP (and I sympathise), I must say you used the smilies very well :p.

Yeah this is horrible, and your web host -- who should normally be good support in this situation -- seemingly made things twenty thousand times worse. I hope things improve in the near future; experiences like this help you improve as a webmaster though :).
 
Hey Adam, When I go to your site I see

An exception occurred: The Mysqli extension is required for this adapter but the extension is not loaded in /home/sociall1/public_html/forums/library/Zend/Db/Adapter/Mysqli.php on line 291
  1. Zend_Db_Adapter_Mysqli->_connect() in Zend/Db/Adapter/Abstract.php at line 315
  2. Zend_Db_Adapter_Abstract->getConnection() in XenForo/Application.php at line 553
  3. XenForo_Application->loadDb()
  4. call_user_func_array() in XenForo/Application.php at line 780
  5. XenForo_Application->lazyLoad() in XenForo/Application.php at line 810
  6. XenForo_Application::get() in XenForo/Application.php at line 1098
  7. XenForo_Application::getDb() in XenForo/Error.php at line 47
  8. XenForo_Error::unexpectedException() in XenForo/Application.php at line 295
  9. XenForo_Application::handleException()
Click to expand...

May I ask who your new host is?
 
Biker said:
They're pretty sure the infection comes from a workstation that's been nailed via Java. When you log in via SSH, the workstation bug sends the login information as you're logging in to the server. This is why some were getting reinfected as soon as they cleaned stuff up.

And it was infecting Windows and OS X machines. Didn't see if Linux was involved with any of the infections.
Click to expand...
In my case it had us puzzled.....

When playing with my site.... I use an older PC with no physical hard drive. Only a LIVE CD (Linux) to boot from.

The idea is to avoid issues like this.

Sadly, even though I personally was clean, secure, and safe.... The weakest link turned out to be the host (both the one I left and the one I was going to).
 
Deathstarr said:
Hey Adam, When I go to your site I see

May I ask who your new host is?
Click to expand...

The new host we were trying was Chicago VPS. We were using their pre-made CentOS image with cPanel.

I seem to get different results.... Every time I format / re-install. Which is driving me crazy. How can things change every time you do a fresh setup?
 
Sorry too hear this - sucks.
Is this ID request common in the EU? I've never heard of this and would not comply if I had any choice - if this is a requirement, I'd host offshore/
 
melbo said:
Sorry too hear this - sucks.
Is this ID request common in the EU? I've never heard of this and would not comply if I had any choice - if this is a requirement, I'd host offshore/
Click to expand...
This was actually an American Host.

I often find I have more problems with American hosting providers than I do with any other hosting service providers.

I prefer offshore hosting normally because they typically get it right (most of the time).

(FYI: Chicago VPS is not the host who wanted our ID, but rather another hosting provider.)
 
Sounds like you've been trolled yet again. Maybe all those past hosts are part of the Anonymous Conspiracy.

There are a few hosting companies that won't let a site connect to a database outside of their own network/control, and vice versa. It should be listed in the TOS.
 
You know what fixes a bad day.....

CAKE! :D

robs_cake.webp
 

Similar threads

Sal Collaziano
  • Question Question
XF 2.1 Having a custom style issue / page_container issue
Replies
2
Views
427
Sal Collaziano
Sal Collaziano
Steve Freides
Does Having a Gmail_Business-based forum@<company_name> email account Break Sending Emails from the ACP?
Replies
7
Views
4K
Steve Freides
Steve Freides
robdog
XF 2.0 Having a problem with 'php cmd.php xf-addon:create'
Replies
3
Views
1K
robdog
robdog
Nicky Vermeersch
  • Question Question
MG 1.1 Having a lot of 404's as Media gallery thumbnails
Replies
1
Views
672
Nicky Vermeersch
Nicky Vermeersch
Steel Hyaena
  • Question Question
XF 1.5 Having a hard time finding where to change these.
Replies
0
Views
539
Steel Hyaena
Steel Hyaena
Back
Top Bottom