Website hacked – update

As I wrote in an earlier posting, my website was hacked over the weekend. Following a posting to the Siteground user’s forum, there appear to be many instances of accounts being compromised.

One user opened a support ticket and has posted the very comprehensive debrief response as part of that thread. What basically happened is that someone gained privileged access to the servers (note multiple instances compromised) via the cPanel interface. This then injected malicious HTML code into every .html and .php file it could find. This was then used as part of a large, sophisticated attack as documented by the Symantec virus team here.

At the time of writing, no official explanation or apology has been forthcoming – I guess anyone who complains will get the same script as the user posted in the forums. One of the big plus points is that a script has been run by the hosting team over my website and removed all traces of the malicious HTML code, seemingly without damaging any of my data. This has all happened pretty quickly too. Plus points to Siteground for cleaning up so efficiently. Lose marks for not telling customers.

So can we learn anything from this experience? Not a great deal I think. I had my apps patched to the latest versions, but that was irrelevant as the compromise happened at a much lower level than the PHP apps. From the Siteground ticket response, we see that the cPanel bug was previously undiscovered and can therefore imply that Siteground were running the latest version of their cPanel hosting tool.

After this I would still recommend Siteground as a hosting provider, firstly because it’s cheap (500GB storage / 5000GB/mo for just $5.95/mo), and secondly because the support (while silent in this case) does seem to have fixed the problem.

Googling around the subject showed that in 2006 another one of the big hosting sites suffered a mass attack using another cPanel exploit, which just proves it can happen to anyone. Always worth having a backup of your site, just in case…

Website hacked

Over the weekend this website (along with what seems like hundred of accounts on Siteground servers) was hacked and this has caused some major headaches. It will probably take a while to rebuild the website back to where it was, so don’t be surprised if things are a little flaky for a while.

There’s a thread I’ve started over in the Siteground forums, which doesn’t have any official apology or reason at the time of writing. This may be corrected in due course, but everything is very quiet so far.

Not a happy man.

Ben and Amy’s Wedding

My family and I have just got back from a family wedding in the Dominican Republic and we had a great time. I’ve put together a website where all the guests can share their photos of the day.

The website itself can be found at benandamy.ianburnett.com , but is password-protected. If you want access, either contact myself or Lynne, who can sort it out for you. 

If you want to add your photographs to the website so everyone can see them, let me know and I will sort an album out for you.

Computer Training – get a new career now!

Ever seen those TV ads which promise a huge salary upon completion of a poxy online course? While watching TV last night I saw one of these ads and thought I would try it for a laugh.

I logged-on to the website for more details. One of the things you must do is complete an online assessment to check your “suitability” for this new high-flying career in the brave new world of Information Technology. I duly completed the 40-question “evaluation” and scored 38. The quiz itself was geared exclusively around providing support for novice  Windows PC users. There were some really bizarre questions though: what sort of file systems are available at install time of Windows 98? WTF? Windows 98 support from Microsoft ended nearly a year ago!

Anyway, once you’d scored more than a certain score (presumably 1), you were sent through to a page advertising their road-shows, which were scattered about the country, which is where I left things.

Or so I thought. The following morning (at 10:25, presumably once the girl in the office got round to it) I received an e-mail saying “well done, you’ve passed the assessment, click here to book an appointment” etc. The content of the e-mail wasn’t the problem though. It was the fact that the message was Cc’d to a collection of people who had obviously all done the same as me. There were a couple of obviously fake e-mail addresses (such as “pope@vatican.com”), but there were many that looked pretty genuine accounts.

I wasn’t particularly happy about this, so sent back the following note to the sender: 

Isn’t that a bit, well, crap, sending out e-mails with everyone’s e-mail address on display? While it is fun to imagine the Pope (pope@vatican.com) would wish to take up some basic training for a helpdesk career, should the plans with His Holiness not go as planned, I’m guessing that may be someone telling a little fib.

Computer training tip #1: use “Bcc” if you must do this – at least all the e-mail addresses will remain private. £50 please!

1 2 3 4