Vidahost - anyone hosting on acton.footholds get email password change?

Soldato
Joined
28 Sep 2003
Posts
10,369
Location
London
so the acton server was attacked and they decided to change the passwords for all accounts on the server.

fair enough

im a resseller and have LOTS of domains on my account.

so they email me telling me the new password, a seperate email for each domain BUT they dont put anywhere which domain it is for !!!!!!

so i rang them and was told " worry this is how the system works there is nothing we can do about it"

now im left with loads of emails telling me new passwords and having no idea which domain each email relates to

reallly unhappy
 
Permabanned
Joined
9 Aug 2008
Posts
35,707
Why do they have the right to change the passwords on your customers accounts? Should they not have informed you to action this straight away rather than THEM changing the passwords to YOUR customers accounts?

Is poo about to hit the fan?
 
Soldato
OP
Joined
28 Sep 2003
Posts
10,369
Location
London
i have no problem actually that they took precautions to protect my accounts from attack

my problem is that they changed all the passwords and then didnt tell me which password (that they emailed me) was for which domain.
 
Associate
Joined
21 May 2013
Posts
1,970
I would deeply question the security sense of a company that generates new passwords for your accounts then emails them to you.
 
Man of Honour
Joined
31 Jan 2004
Posts
16,335
Location
Plymouth
It sounds like they reset cPanel passwords - presumably the email will give a username & password combination? Do you have a copy you can post? (Obviously star out the details!)

Maybe it's email passwords that were reset? I used to do that when accounts were sending spam etc, but I'd never email a new password (unless I was being a klutz), just ask the client to login and set a better password.
 

Adz

Adz

Soldato
Joined
18 Oct 2002
Posts
10,277
Location
Berkshire
I'm a director at Vidahost's parent company so can shed some light on this.

What happened is that a slightly overzealous junior sysadmin on a night shift took a little more responsibility upon himself than he should have and deviated massively from our established procedures. The emails contained the username but not the domain name. Paul (and anyone else affected) if you let me know your account ID or username I'll give you a free month by way of apology.
 
Soldato
OP
Joined
28 Sep 2003
Posts
10,369
Location
London
it was a username and password combo: but the username doesnt always give me an indication to which client or domain it was for.

Adz: thanks , thats very kind but im not after any compensation. there is nothing that can be done now and i still have to go through all my domains, one by one and try to work out which email is for which .
 
Soldato
OP
Joined
28 Sep 2003
Posts
10,369
Location
London
Now, all the wordpress passwords have been reset to "test" on all domains and vidahost are saying they didnt do it :(

edit:

reply from Vidahost confirming my account (and many others on that server) have been hacked

and i have to go and clean it myself and its not their responsibility.. even though it was lots of reseller accounts that were attacked and they didnt prevent it

they obviously had a massive attack back when the new passwords were sent out , its infected my reseller account at a root level and now they dont want to know

FUMING !
 
Last edited:
Caporegime
Joined
6 Dec 2005
Posts
37,553
Location
Birmingham
Wait? So the server has been compromised again or your accounts and others have been hacked, presumably through brute force or there is still something on the server from the last attack?
 
Soldato
OP
Joined
28 Sep 2003
Posts
10,369
Location
London
Wait? So the server has been compromised again or your accounts and others have been hacked, presumably through brute force or there is still something on the server from the last attack?


Yes, many reseller accounts have been compromised . and im guessing most dont even know
 
Associate
Joined
5 Oct 2006
Posts
884
Location
Cardiff
My brother in law has had 4 of his sites hacked (cpanel).

I think it's gone to the dogs

I'm with tsohost, previously vidahost (same company just cheaper). I signed up to a free trial of pingdom so it could inform me of outages. I've had 23 in the last 4 days. Disgusting
 
Last edited:

Adz

Adz

Soldato
Joined
18 Oct 2002
Posts
10,277
Location
Berkshire
To the best of my knowledge (disclaimer: I'm not longer involved in day to day ops) there was no sign of any root level exploit.

What happened is that an attacker who had access to one site on the platform managed to read wp-config.php files which had been uploaded with world readable permissions by creating a symlink and reading that symlink as the unprivileged web server user which has group read access on public_html folders. Normally there are protections against this happening - for instance a watchdog script that monitors for insecure permissions within a customer's site and corrects this and also a kernel level protection against these malicious symlinks. Unfortunately 'acton' is an older server and didn't have these protections.

There was also an issue with our 1st line live-chat and phone support teams miscommunicating information about the issue, as they work in a separate office to the infrastructure team. This is something we're trying to address.

If anyone is particularly unhappy with support or any aspect of their service I can, at least for the next few months, personally assist. Just ask to be escalated to Adam Smith and, if necessary, link to this thread.
 
Back
Top Bottom