1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Having a bad day

Discussion in 'Off Topic' started by Adam Howard, Mar 8, 2013.

  1. Adam Howard

    Adam Howard Well-Known Member

    You ever have one of those moments when you feel as though the universe was some how conspiring against you in some way? I’m talking about those moments when you’ve done everything right (that you could do) and everything that seems to follow is outside your direct control. I swear I feel as those some “higher power” wanted to keep SU offline.

    As you all know we were offline for almost 1 week because of our last web host and my Internet Service Provider. The short story for those of you who don’t know....

    Old host locked things down tight to prevent us from doing a full system backup and our past backups were all corrupt. So I had to download ever file 1 by 1, but my ISP (Internet Service Provider) was also having connection issues. While logic would have left one of our other admins to retrieve the files... Our old host had basically locked everyone else out... ie.. It was left to me to do and only me to do, while on dial-up speed. :mad:

    So finally we’re back online. Yay?! Right? Not exactly. :cautious:

    Our host seemingly fell victim a security breach that also infected a few THOUSAND other web host (http://www.webhostingtalk.com/showthread.php?t=1235797). A lot of whom who are trying to keep this “hush, hush” :censored: about falling victim to this issue. And it took some of the best in the business 1 full month to figure out the possible cause.

    And so a little root kit made the switch with us and surprise, surprise our file server suddenly was mailing out spam (thankfully not to our members). The only cure for this “hack” was to format and start over. :cry:

    Psss... Hey Ben & Jay, if you’re reading this... You too are infected. I know, I “plugged in”. Time to Format C:\ and return once clean.

    Not a problem... My Internet is working at full speed and I do have a “clean” backup copy to recover from. So we’re down for only 2 hours. And did the work at 2 AM when everyone was sleeping so no one would really notice. :D

    Guess what? Site was working, was secure, and I was going on vacation. Alice, Jane, and Sarah all have backups and complete access so if something were to go wrong it wouldn’t fall upon me. So we should be good. (y):cool:

    Yay all is well again....Right? Not exactly. :cautious:

    New host is suddenly all questioning about how we securely connect our file server to our database server. Not only that, suddenly they want us to all submit photo ID’s. And suddenly want access to our database server, which is hosted by someone else. :cautious:o_O


    So let me get this straight......

    You want access to our private database, that you don’t even host? And on top of all this you want me to mail or fax out documentation showing you may name, address, identification numbers, and any passports if I have one? But not just me, but Alice, Jane, and Sarah too?

    What?!? You want to also have the contact info of all staff as well? :eek:

    Um, no. Not a chance in hell.

    Oh... So you’ve shut down the server..... And we’re offline again.... Well thank you a**-whole & thanks again for doing this while I’m on vacation and can’t submit anything even if I was stupid enough to go along with it... Which of course, I’m not going to do so. :mad:

    So now we had to order new servers, from another web host, and configure that to our liking. Let’s hope for less drama....

    It’s nice to hope....

    WTF? You mean to tell me that every time we restore the site it displays only that cPanel welcome page and you don’t know why?! WTF? You mean to tell me that if you type out /forum/ the site shows, but without it doesn’t. How on earth is that possible?! o_O:confused:

    Some vacation...... :rolleyes:

    We’re working on it. :coffee:

  2. Biker

    Biker Well-Known Member

    That sucker is nasty. And the bad thing about it is many providers aren't doing a nuke and clean install to ensure the servers are clean. They're just going in, deleting a few files, and redoing certain library files. Unfreaking believable.

    Thankfully, I wasn't bit by it. But there are a lot of folks who probably still don't know they're infected, no thanks to the clueless techs who work at their hosting company.
  3. Adam Howard

    Adam Howard Well-Known Member

    I spent part of last night looking into a new hosting provider and more than 1/2 of them I was able to gain root access. There tons of host who don't even know they're infected or if they do.... As you said... Are not doing what is needed.

    We finally found a clean host and moved over to them .... But am having a hard time restoring our site. Keep getting greeted with the "Welcome to cPanel" page. But only on the home page and not the forum. Odd, no?
  4. Biker

    Biker Well-Known Member

    I was following that thread from day one. It amazed me that some were asking how to remove the bug and were adamant about not nuking the server and starting fresh. I know I'd be in a pickle if I had to do it as my backups are sent to the FTP server on a daily basis and refreshed on a weekly basis. If I didn't catch things in time, I'd have to toss the backups and start fresh.
  5. MattW

    MattW Well-Known Member

    I also followed that thread, but I still can't see exactly where it says for definite what the attack vector was and how they were getting in (might just be missing something, as it's been a long day)
  6. Biker

    Biker Well-Known Member

    They're pretty sure the infection comes from a workstation that's been nailed via Java. When you log in via SSH, the workstation bug sends the login information as you're logging in to the server. This is why some were getting reinfected as soon as they cleaned stuff up.

    And it was infecting Windows and OS X machines. Didn't see if Linux was involved with any of the infections.
    MattW likes this.
  7. MattW

    MattW Well-Known Member

    That's what I got from the thread, but there is a lot of crap in that thread as well.
  8. Biker

    Biker Well-Known Member

    Ain't it the truth! And there were some who were, shall we say, talking out their backside about how they do things, too.
    MattW likes this.
  9. Crayo

    Crayo Active Member

    Whilst this story results in a lot of frustration for the OP (and I sympathise), I must say you used the smilies very well :p.

    Yeah this is horrible, and your web host -- who should normally be good support in this situation -- seemingly made things twenty thousand times worse. I hope things improve in the near future; experiences like this help you improve as a webmaster though :).
  10. Deathstarr

    Deathstarr Active Member

    Hey Adam, When I go to your site I see

    May I ask who your new host is?
  11. Adam Howard

    Adam Howard Well-Known Member

    In my case it had us puzzled.....

    When playing with my site.... I use an older PC with no physical hard drive. Only a LIVE CD (Linux) to boot from.

    The idea is to avoid issues like this.

    Sadly, even though I personally was clean, secure, and safe.... The weakest link turned out to be the host (both the one I left and the one I was going to).
  12. Adam Howard

    Adam Howard Well-Known Member

    The new host we were trying was Chicago VPS. We were using their pre-made CentOS image with cPanel.

    I seem to get different results.... Every time I format / re-install. Which is driving me crazy. How can things change every time you do a fresh setup?
  13. melbo

    melbo Well-Known Member

    Sorry too hear this - sucks.
    Is this ID request common in the EU? I've never heard of this and would not comply if I had any choice - if this is a requirement, I'd host offshore/
  14. Adam Howard

    Adam Howard Well-Known Member

    This was actually an American Host.

    I often find I have more problems with American hosting providers than I do with any other hosting service providers.

    I prefer offshore hosting normally because they typically get it right (most of the time).

    (FYI: Chicago VPS is not the host who wanted our ID, but rather another hosting provider.)
  15. Deathstarr

    Deathstarr Active Member

    Skip the low end Providers and go with a good provider. ChicagoVPS is a bit.

    I suggest you look into http://bigbrainglobal.com or even http://solidshellsecurity.com

    I am moving my web hosting company over to BBG from another provider and I will be hosting my forum. SolidShellSecurity can help you also, they have a nice platform and are affordable.
  16. SneakyDave

    SneakyDave Well-Known Member

    Sounds like you've been trolled yet again. Maybe all those past hosts are part of the Anonymous Conspiracy.

    There are a few hosting companies that won't let a site connect to a database outside of their own network/control, and vice versa. It should be listed in the TOS.
  17. Adam Howard

    Adam Howard Well-Known Member

    We're online.

    Yay ..... A lot of add-ons need to be updated .... later ..... But we're back.
  18. Kim

    Kim Well-Known Member

    You know what fixes a bad day.....

    CAKE! :D

    Shelley and Adam Howard like this.
  19. Adam Howard

    Adam Howard Well-Known Member

  20. Crayo

    Crayo Active Member

    Can always rely on Kim to moisten my taste buds.

Share This Page