My Account Has Been Hacked!

Discussion in 'cPanel reseller hosting' started by Unregistered, Sep 24, 2006.

Thread Status:
Not open for further replies.
  1. Unregistered

    Unregistered Guest

    I'M PISSED OFF.

    Somebody replaced my index.html file on preacherherb.org with their own index file explaining who hacked my account. I never gave anyone my password and I've had this reseller account for less than a month and already I'm being hacked. I don't have a password for the rest of these forums so I'm posting here.

    DO you have a backup of my idex page?

    I SHOULD GET A REFUND!!!!!

    I AM ONE VERY PISSED OFF NEW CUSTOMER ABOUT TO BACK UP MY DATA AND READY TO HEAD OUT THE DOOR!!!!
     
  2. Unregistered

    Unregistered Guest

    No matter what file I try to access I get a splash page that says



    Hacked By TRANQİLO_BARCO & CRESCENT_ROSE

    with a buch of JPEG images of Turkish flags and Euro- (.....) political (....).

    I live alone and I have only used my personal computer to access my site. I haven't given my password to anyone. I sold one account on my reseller account who installed a forbidden code- cgiproxy- who I promptly banned and notified you.

    Now my reseller account is trashed.

    I need everything on my other two domains fully backed up so I can restore it on another host if it comes to that.

    I seriously think you should refund me.
     
  3. KH-Paul

    KH-Paul CTO Staff Member

    As I can see in the ticket history Alex already took care of you and restored your index file from the backup.
    This isn't something server-wide or breach in security on our servers. This particular account was compromised through one of the php scripts installed in the public_html directory on this particular site. All specific information about the vulnerability in the php code installed on this domain was provided in the support ticket.

    Regards,
    Paul
     
  4. Unregistered

    Unregistered Guest

    The only PHP file that was instaled on this domain was coinPHP which I installed from fantastico on the cPanel provided by Knownhost.

    coinPHP is alo trashed. There was no PHP files intalled in the public_html directory.

    You haven't fixed anything. The whole coinPHP program is trashed right now.All you did was restore one index.html file in Public_html. index.php in the directory /hosting is also hacked- not that I'm going to need it, since I'm not going to use THIS account or THIS hosting company for reselling purposes!!!!
     
  5. KH-Paul

    KH-Paul CTO Staff Member

    public_html/hosting/index.php was restored from the backup. If you need any additional file to be restored, please feel free to follow up through the ticket and support will take care of this for you. The only file which was mentioned in the original ticket was index.html and it was restored as per your request.

    I must note that it doesn't matter where and how your account is hosted. As long as you have vulnerable software installed on your site(s) bad guys will find their way to get in and change / remove your files.

    Thanks for the information about Fantastico, I've submitted a ticket to Netenberg and deactivated phpCOIN in Fantastico installer on all our shared/reseller systems.

    Regards,
    Paul
     
  6. Unregistered

    Unregistered Guest

    I first read about phpCOIN on these forums and it was recommended by someone representing known host- in one of the reseller forums. So I installed it from Fantastico and spent an unkown number of hours customizing it and configuring it.

    I m still suspicious of your service and have no further intention of using this reseller account for reselling and regret that I didn't shop round more before signing up.
     
  7. Leomania

    Leomania New Member

    Would you care to explain how KnownHost bears full responsibility for your site(s) being hacked? If you buy a car from Ford, is it their fault that you got into a crash? You made what you thought was an informed decision with regard to the software you installed, but the outcome wasn't what you expected. Guess what? That happens to all of us at some point; my PHP-Nuke site got hacked despite all my best intentions with respect to security. The difference is, I knew enough about what I was doing to be able to recognize that I bore the risk, not my hosting provider. You can't protect yourself against every single future unknown exploit, and just because a program is made available to you in Fantastico it's no guarantee that it will be now and forever secure. If you expect otherwise, I suspect that you're in for a lot of disappointment as a reseller.

    My point is simply this: you need to accept that bad outcomes can still happen when you've done your level best. Take another look at Paul's response to your 5:16am post; it is completely professional, and he didn't take umbrage to your tone (which, truthfully, I can't say I would have managed). If you are willing to accept what I have to say on this subject based upon my 4 years of hosting experience with 5 different providers, the level of professionalism shown by each employee of KnownHost (that I have interacted with so far) is pretty top-notch. It's almost as if, I don't know... they think they're a company or something. I simply suggest you consider this before you denigrate them any further.
     
  8. Unregistered

    Unregistered Guest

    Hey, I'm not a reseller anymore. Reselling looks a scam and I'm not going to scam people.

    I don't like my reseller control panel either. I don't even get a filemanager, I have to go through several cPanels.

    Reselling is a joke.
     
  9. ppc

    ppc Moderator

    This forum powered by vbulletin run by knownhost has free registration. Once you register, you have access to all the categories to post.

    As such, this should not be in pre-sales as this is not a presales question.

    I think also you have a user ID, preacherherb, as you asked for feedback regarding your business in the lounge.

    Anyway,

    I would be very upset as well if my website was hacked. However, based on the information you provided this is not the web hosting providers fault. The web hosting provider provides space on there server for your files and safe guards that space as best as possible. However, all security in place is just as safe as the weakest link. In this case, the weakest link was a script that was placed by you in your web space.

    Any kind of script or file you upload, you are responsible to safeguard and make sure that it is patched up for all known vulnerabilities. And if it is known that its just a bad script or has unpatched vulnerabilities one should never install it onto there web hosting account.

    Again, though I would be very upset as well if that happend to me but this is not knownhost's fault and this would happen with any web hosting provider. Thus, there is not reason for a refund. Knownhost provided the service you agreed to, it was just because of a bad script and some hackers that destroyed your site.
     
  10. ppc

    ppc Moderator

    Just another thing, preacherherb, I see now that on your website you have decided to make a public announcement and knock knownhost and blame knownhost for the problems that occured on your website...

    As an ethical and professional business practise, I would honestly suggest to not blame other companies when they are not the cause of your problems.

    I feel this even more with knownhost as in my oppinion and I know in hundreds of other people's oppinion that the service we recieve at Knownhost is far greater than any other hosting provider we have ever seen and I am quite sure that they dont just "allowed our site to be hacked."
     
  11. KH-Jay

    KH-Jay Administrator Staff Member

    preacherherb,

    This whole situation was brought to my attention and is quite surprising. We take care of all our customers as most will say. Your issue is very obviously an issue on your side. Anyone who knows webhosting would say the same. If we by default said we supported/installed/configured PHPcoin we would make sure it is secure then it is our problem but you installed it by choice and therefore need to keep it updated. KnownHost has done nothing wrong as Paul has already stated along with 2 KH customers. Making a comment on your website how it is our fault only makes you look bad as again KnownHost has nothing to do with your hack. The hack came via PHPcoin which you installed.

    Jay

    KnownHost CEO
     
  12. KH-Jay

    KH-Jay Administrator Staff Member

    This thread was moved to cPanel Reseller Hosting. It isn't presales. Any customer can easily register as ppc stated.

    -Jay
     
  13. preacherherb

    preacherherb Guest

    Like I said, phpCOIN was originaly suggested on this forum by someone on this forum representing Known Host. That post has since been edited to remove the reference to phpCON. Lot's of people use phpCOIN and don't get hacked. phpCOIN was right there in the fantastico installer and when I installed it it said I had the latest version with all of the most recent patches.

    I'm not going to be a reseller. If you want to sell web space you need a dedicated server, and preferably physical access to it. I think reselling from a multi domain account with no root access is asking for trouble and I want nothing to do with it. I wouldn't purchase one of the accounts I was trying to sell, so I'm not going to sell it. Why would anyone want their website hosted by some reseller?

    I bet that's why I was targeted to be hacked. Someone didn't like the idea that I was trying to sell a couple websites so I could just host my sites for free. Maybe I was hacked by an ex-customer or ex-employee of Known Host, or one of Known Hosts competitors. Or maybe the hack was prebundled in the script I installed and set to go off.

    Bottom line lesson here, is do not use these little reseller accounts to actually resell to the general public. Better to have this experience now, rather than after having sold some accounts. No way, no how, will I sell web space to the public from one of these types of accounts.
     
  14. KH-Jay

    KH-Jay Administrator Staff Member

    We didn't edit any references to any posts including the word PHPcoin. That is 100% false. Also, you said someone from KnownHost recommended PHPcoin which we would never do. If you asked about it we would answer yes our product supports it and that would be as much as you get from us regarding PHPcoin. BTW, I know firsthand no KnownHost employee would recommend PHPcoin as I moderate this forum personally and only 2-3 others from our company post here. Also, we don't have any ex-employee so that assumption is incorrect too.

    Only posts we touch are Spam and they are deleted. We never edited a customer post and never will. Most we would do is delete some bogus information as this forum is for useful things not useless things.

    Jay
     
  15. preacherherb

    preacherherb Guest

    OK, then it was clientexec which was mentioned on this forum. In another thread titled clientexec, phpCOIN was mentioned. My later recollection was incorrect, phpCOIN was not mentioned or recommended in the thread I thought it was. So nobody from Knownhost recommended phpCoin and my recollection was confused with the attempt to sell some other package to a reseller in which phpCOIN had also been mentioned.
    I then installed phpCOIN from fantastico and a couple weeks passed and my account was hacked through phpCOIN.

    I don't need a reseller account because I'm not going to resell for the reasons I already mentioned. I had to have somebody else restore the hacked files and if that would happened to someone who bought webspace from me then I wouldn't have been able to restore their files. I just need a multiple domain account for my own domains.

    I don't like the reseller panel anyway, It doesn't include a file manager for multiple account file management. It is lacking in functionality.
     
  16. ppc

    ppc Moderator


    If you would be storing people's sensative credit card information or even just there names and addresses I would highly suggest to not use a free open-source php script.

    There have been countless incidences all of the internet with people who used php coin and WERE HACKED.

    Just by searching in google "phpcoin hacked" you can find so many phpcoin sites that have been hacked...

    A few examples:

    http://solar-domains.com/phpcoin/

    http://www.braintags.com/archives/2005/12/phpcoin-vulnerability-fix/

    http://www.jewelry-armoire.info/jewcoin/ (look at the bottom)

    Modernbill or clientexec is alot safer.

    But the real lesson here is not to blame others when they have nothing to do with the bad script.
     
  17. preacherherb

    preacherherb Guest

    Ok then if it makes you any happier I reworded my index page message to omit any mentin of known host:

    Preacher Herb is no longer offering fee based web hosting to the general public due to security issues.
     
  18. klurt

    klurt New Member

    *plonk*

    a big *plonk* to you preacherherb!!!
     
  19. SpotITC

    SpotITC Member

    I've been reselling services for years using CPanel front-ended hosting just fine as have tens and probably hundreds of thousands of people.

    What you have to understand that KnownHost is providing hosting space for you, with a particular set of tools.

    YOU choose the tools. It is no secret what tools you are getting with KnownHost, if they are not right for you, I'm not sure how that is the hosts problem. Find a host that offers what you need, but don't make it their fault.

    If a host does not have the tools you want, then don't use them. To say that resold web space without root access is asking for trouble, that is a bit over the top. If you want to bash WHM for lacking functionality, that is fine, but don't blame KnownHost for your poor choice - they did not force you to sign up and use that tool. You tried it and did not like it, fine.

    Because for $4 to $9 bucks a month, a company can have a website and e-mail addresses without knowing a lick about doing it themselves. If they need something, they call me and I take care of it. Think of all the hassle you feel like you are going through. I assume you consider yourself technical in some way. Most people do not feel like that, and they don't needed the additional burden of trying to deal with that aspect of their business. Without a glut of time and patience and willingness to learn, why would anyone want to do it themselves??

    Sounds like you want a $200 a month service for $10, I'm not sure if you are going to find it. Dedicated server with physical access to it? Why not just ask for a datacenter attached to your house?

    I understand your frustration, but hopefully you are seeing this was not the hosts fault and it was the result of something else.

    If you want a dedicated server, I can tell you exactly what to expect because I just bought one and set it up myself. (spitting distance from some of KnownHost servers as it turns out, I saw a cabinet of them on my way out the other day)

    $5600: HP DL380 G4, 2x36gb 15k and 4x300gb 10k drives, 6gb RAM
    $75 monthly: datacenter colocation with physical access

    This does not include any OS licenses or any other costs that tent to nickle and dime you to death. If you live in the Dallas area, feel free to give me a yell and I might be able to steer you in the right direction. Sounds like a little much for someone just looking to resell a few accounts from a nearly full-service web host (KnownHost) where there is very little upkeep to worry about.

    Just my 2 cents.
     
  20. preacherherb

    preacherherb Guest

    No, I'm not interested in leasing or buying a dedicated server. I just meant that if I were going to sell web space publicly, then I'd want at least that. I have no interest in starting a web hosting company though.

    In order to sell web space from a so called reller account you should be able to automaticaly forward your customers support tickets to the web server admin, or else sit at home 7 days a week for 24 hours to service your 6 customers.
     
Thread Status:
Not open for further replies.

Share This Page