my website, www.peteherron.com was hacked before i even put anything on it. Does anyone know how to reset the website and start over? Someone put a blog on my site and i can't get it off because the files are not actually on my computer.

Submit a trouble ticket from http://hostrocket.com/support/ or by logging into your admin area.

Weird. I think something might be wrong on HR's side, because if you go to this site: www.tyline.net it is the same site, so maybe your domain is pointed to that, or their account?

Do what TomD said, and submit a TT, and make sure you tell us what they say when they fix it.

I'm not the same person who posted here originally, but I had/have the same issue. I'm new to web hosting and was looking for a cause and solution. I submitted a trouble ticket and they weren't much help, here's the reply I got:

Hi,

The best thing I can recommend is changing your passwords
on a regular basis and making sure they are always a
variation of numbers and letters. The more complicated a
password is, the harder it is crack which usually deters
potentially hackers from violating sites. Please let us
know if you have any further questions.

Thing is that the password I use is one generated by HR, which as most of you know is a pain, but I used it for security. The weird thing is that I've had the site for exactly one month before it was hacked.

Were the passwords changed? like as in you cant login right now?

I mean the password HR generates and gives to you should really be used more as a HRAdmin login only. As soon as you get the control panel login Id suggest changing it.
Another thing. I know not everyone has the ability to learn programming languages. But if you dont know PHP well enough to know what functions do, then by all means dont use the script.

Ive worked in security on Novell(ok all I did make sure no-one got to folders they shouldnt be in) and worked with Windows security for a long time now. One of the biggest issues that people run in to are using scripts that are far too easy to exploit. So unless you control panel passwords are changed and its just your content thats messed up, id take a look at the scripts you are running.

My site was hacked today, or, to be more specific, the hostrocket server it lived on was hacked today.

I called tech support, and, to their credit, I was answered by a real human right away. He told me straight up that it wasn't *my* site that was hacked, but the server.

The solution, I was told, was to re-upload the entire site. Not as nice as "we'll restore from our backups" I guess, but I was relieved that it wasn't a problem on my end.

What I find disturbing is that this seems to be an ongoing problem, as the first message in this thread is from one week ago. It would be nice if someone from Hostrocket could post here to clarify what's happening...

I am having this trouble today also, man all the stuffs has been deleted. HACKed!!! Don't know how long will take to recover my site
http://www.living-stone.net

Hi everyone. Unfortunately, due to a security flaw Host30 was hacked recently (if that is the host you are referring to). That flaw has been fixed, and we have taken proper actions to ensure that all of our other servers are safe.

Please don't hesitate to submit a TT or give a post in the Forums if you have additional concerns/questions.

Hi Matt,

thanks for the quick reply. While I'm not so thrilled about the server being hacked, I really appreciate being able to reach live humans -- with answers -- in real-time.

My only concern is about timing. Was the fellow who started this thread a week ago a victim of the *same* hack as the people who found their sites deleted this afternoon? (if so, isn't a week a little long for plugging a hole like this?)

(I don't mean to sound whiny, I'm just new to all this and I'm trying to acquire knowledge to help me better evaluate risks and protect myself against them as best I can.)

Thanks.

Now I know what happened!

That makes sense...too bad I can't find out who the jerk is, it looks like he's been around, I did a search on his email (hackboy777@hotmail.com) and there's a couple of sites that come up...

Thanx for the info...

So does HR still not have a real backup solution yet?

I remember a couple months ago, all data was lost on a server, and because of the way HR does their "backups" they were deleted also.

This is one thing that I think needs to be changed with HR, and needs to be changed soon. They need to do real backups on different servers. What is the point of backing up data on the same drive, or same server? If the server gets a virus, or gets damaged (water, or something), then everything will be lost, whether it was saved on HD #1, or HD #2, versus if they had a backup on a different server, then maybe the users data would still be backedup.

I hope HR will do this someday, and for FREE. Seems pointless to have to pay to have something backedup.

Having a backup solution is nice. Although a proper backup solution couldnt be offered for free. Offsite or NAS in the same DC is not cheap by any means. I pay $1/GB a month in my DC(or it comes close)
I do weekly backsup of my stuff here incase a drive fails or such. Other should do the same. Would be nice if they had a couple server to dump data to though. Like $2/month for 100MB backup space for files that people just cant live without.

I will definitely present the idea (about free backups) to the proper people at HostRocket. I'll keep you posted.

I have a very large problem with this issue. I made one backup a year ago. I assumed that your IT people auto-backuped everything.

I lost a large percentage of my greatest and most enjoyable hobby for the past 2 years.

I am very unhappy. I am so unhappy that I'm not angry. I don't know what I'm going to do. I hope you fix your security issues.

I will be closing my account with your guys now since I no longer have a website with which to host.

In addition I will pursue all avenues with which I have to work with to my defense. I will attempt legal avenues as well as the business beaureau.

If this has happened 3 times, I'm very unhappy.

By the way you have what 40 machines? When one gets COMPLETELY WIPED that's not the statistical chances of an airplane crash.

You have a 1/5000 chance of an auto accident. Airplane crash is 1/50,000 at least.

Public Nature of Internet. Please understand that all information submitted on the Hosting Account shall be considered publicly accessible. Important and private information should be protected/backed up by you. For example, we are not liable for protection or privacy of electronic mail or other information transferred through the Internet or any other network provider that you may use.
Taken directly from the TOS. Which you did agree to when signing up.
Im not trying to say you did wrong and it doesnt suck that HR had a server hacked. But saying you are going to take legal action is a little far fetched.

My site was hosted on this server as well. I am hoping I didnt loose to much other than a lot of custom php scripts. I am praying that my Database is intact!

They gave me one free month but I don't really think that is enough since I have a lot of years hard work down the drain if the DB isn't there :(

Apparently the hacker missed my albums directory. I hosted several picture galleries for myself and friends.

He got every other site I host though.

I do applaud the live technical support though. Even though there isnt much they could do besides be apologetic.

As I understand it from the tech i spoke with.

The Firewall was turned off for a few hours at one point during the night. Being somewhat of a ex-script kiddy(in my very early teens) and a paranoid network security freak.

I wonder why it was necessary to keep the server in question connected to the net with the firewall down. Much less why would the firewall need to be taken down to begin with unless it needed maintainence itself. In which the servers should be located to another firewall or at least temporarily disconnected if it was absolutely necessary. Better that then losing data and being vulnerable. Price of Security is vigilance.

Anyway this causes me to raise a few questions.

1. Firewall down for a few hours? why? and no backup? Just leave it open and vulnerable? Security through obscurity does *NOT* work. Quotes: "He just happened to be in the right place at the right time". "He slipped by". This reminds me of the logic of netgear putting a default backdoor(That is irremoveable) in their routers thinking no one will ever guess it or find it out. and sure their logic is "its only gonna be down for a few hours. what could happen?" Well what could happen did happen.
Murphy's Law: Anything that can go wrong will go wrong.
an attitude all sys-admins should adopt.

also

2. How often are the machines updated/audited for security?

I hope Hostrocket learns from these careless mistakes and makes more stringent security measures in the future regarding maintainence and updates. Its easy to be lax with security. Remember hacking happens to everyone else right? Well to everyone else you ARE everyone else.


anyway this lapse in security allowed the hacker(Ive attempted to trace him by his e-mail address he so cockily put on his 0wn3d graphic) an Arab apparently. Who posts regularly on internet forums including several posts about the exact SQL exploit he used to take over the server. From the gist of it he is nothing more than a script kid. I believe that this exploit was somewhat well-known and covered in several places like bugtraq/securityfocus. etc.

Can't find anymore information than that as I do not read arab and could not read any more of his contact information in attemps to find his location and gauge his real-life skills right before I pound his head in with a pair of arnis sticks.
ah well. I can dream :P

I guess for us users of HR we should use part of our bandwidth to make a backup of everything every week. Thats the best lesson we can surmise from this.

As for me. Ive been a long time customer of HR. Maybe 2 years now. I dont remember how long its been. However this has mishap has somewhat shaken my confidence and I may be looking for a new host to transfer to in the future.

It was a great birthday present I suppose. having my website hacked. lol

Same thing happened to my site as well. www.pc-gamers.net Lost all files... My heart skipped a couple beats when I logged in via FTP only to see one index.html file and my stats folder. I too thought HR backed up files, I knew they didn't backup MySQL Databases.

I am very dissappopinted with HR, I was always told your data is your business... lose it and you lose your business, so Backup, backup, and backup some more. I realize the data wasn't HR's but that data is revenue for HR... lose it, and your revenue goes with it. I would hope to see a backup solution soon.

As for my site, I have about 25% of the files back up. Fortunately, my MySQL databases were still intact, (I did have monthly backup on those), so my forums survived and my gaming league. I have lost about 300+MB of files that I could never replace though.

I've been with Hostrocket a little over two years now.. I have loved their service untill yesterday. I haven't decided if I'm leaving, if I do, it would be for a host that would have a backup solution. It would be tough to find a host that has better support, HR has always been responsive to my tickets, but if I had to choose between support response or backup, it would be backup.

Anyway, I not posting to complain, I know what is done is done, I would like to see something from HR about a backup solution.

I don't understand how a hosting provider can try to NOT be liable for protecting content. I apparently was negligent for not reading your terms-of-service.

I don't understand how this is one of the most expensive web-hosting companies online and you don't get backup services.

I would at least feel partially vindicated of HostRocket would give us who got hacked, the true victims, our due moment of silence.

I am not exaggerating when I say a part of me died yesterday.

2 years of my life....gone.

But yet I see the front page of this site in it's usual glory, filled with your gorgeous corporate images and promises of 99.5% uptime. Your news speaks of donations to schools and generous contributions to your community. Where is the bad news? Where is the public apology for your negligence? Tell me that at a MINIMUM you've reported this henious crime to the FBI's computer crimes group or whatever beauracracy deals with this.

And as usual, the corporations of our country make sure they are fully protected in all instances, and it is us, the people who suffer once again.

I realize the true enemy here is the malicious hacker, yet as computer professionals, we must be a step ahead of the hacker and have preventitive measures in place as well as "worst-case scenario" type action plans.

Its not hostrockets responsibility to do that. This is what happens, they can't do anything about it. Person hacked your site, with security features you messed up on not what they messed up on. Thats your responsibility not theres. Now, i understand your probly fustrated because i would have been too, but you don't keep a backup on your own computer...I do!, Well also, hostrocket isn't at all the most expensive, but i can tell you somethin its the best webhost i have been with, and i have been with MANY!

Originally posted by sznapsDOTcom
Person hacked your site, with security features you messed up on not what they messed up on. Thats your responsibility not theres.

Not True:

Person hacked HR's server wich affected all sites on that server. Security of that server is HR's responsibility.

Backup of each site should be each users responsibility, but most didn't know that including myself. We still would like to see a backup solution.

The whole server was hacked? thats odd...How?

<edit>
When my Entire mysql databases were erased, they restored them for me. so there might be a chance...But, if for next time or for the future, you may wanna look to see if there is a Cron Tab that can auto make a back-up every day or whatever, and then you just need to downloaded, with some programs you can make it auto download it.

I have learned the hard way about how HR backs up files. they make mirror images for the server so if you lose a single file or a mysql database, you are S.O.L.. They only restore if the whole server crashes. Fortunately I had copies of the files saved on my hard drive. I dropped a database the other day by accident because I clicked somewhere before a page loaded. They could not restore it so I had to recreate it (180 records of names and addresses). I had a spreadsheet that was about 6 months old so I restored it with that and someone had recently printed out the list so I was able to change the items from the print out.

My recommendation is to download the daily backup when you can and write a cron job to backup your mysql databases and store them on your directory where no one can get them such as the FTP incoming folder. This way you can get them when you save the daily backup.

However I am very pleased with HR - they offer a lot for your money.

That is my two cents.

Uh.. the security is not our problem. Its theirs.
They had a responsibility for the security.
and apparently they failed in it somewhat.

The only fault for me lies in that I did not have a recent backup.
ASSuming that like most providers they had backups.

They turned off the firewall with most likely the attitude "Nothing can happen in the time-frame of a few hours" to do maintainence
Judging from the "Slipped through" and "He was just in the right place at the right time" statements.

Not exactly an attitude Im comfortable any System Administrator having.

Does it have anything to do with free5.hostrocket.com server? because i cant find my page at all for a whole week. All It say there is no site configurate to this page.

Kay,
Please submit a trouble ticket about that so that we can look into it for you.

Got an email that said that only my front page was affected. (Didn't tell me which site, so I had to check all the ones I have hosted with hr - might be a good idea to include the site which was affected in such emails, hrsupport - just a suggestion ;) )

I tried repeatedly to load a good version of the front page via FTP, but it absolutely would not transfer, even after closing down WS_FTP a couple of times and re-connecting.

I finally resorted to using the CP file manager to create a new page called "index.html," moved it to the "Public Html" directory and then overwrote it with FTP. That took. Why, I don't know, it just did. :p

If you're having the same trouble, give it a try.

I'm glad I just backed everything up last week. Reminds me to do it more often, too. Yikes!

Edited to add: I've had sites with hostrocket for at least four years. I've had sites hosted with comparably priced services over the last six years.... most of them positively suck, by comparison. I have six sites hosted on hr, now - the reliability and speed have been superb and the customer service is top notch.

If you're new to hr, don't let this little thing throw you. This is not "usual" for them. :cool:

hacked by these guys today.

this is what my stats page says now.



DaemonOptik Still Alive.... Estamos só temporariamente parados por problemas pessoais do grupo ... Mas em breve voltaremos a ativa



we are brazilian group !!!


irc.pheynet.org #DaemonOptik
No Greetz

Hey,

Unfortunately someone gained access to the server your site
is hosted on. They did this through a faulty script in
another customer's account. The hacker has affected the
index files of your website, but did not disrupt any mail
or any databases. Once we get the server back up and
running you may reload any files that you have lost during
as a result of this issue. We appologize for this
inconvenience. Thank you for your patience during this
time.

Iain McQueen
HostRocket Support

I was also hacked and able to replace most of the pages, but I can't fix my stats page. The back up I have of it is a few months old. How do you create a new current stats page? Have I lost all of my stats for the past few months?

For the record; our site was abused by this same Brazilian shmoe(s), but I got the email around 21:00 last night, and at 21:05 the pages were reloaded...and still I got the HR "site down."

Today for curiosity sake I changed the name of our index.htm to index.html and it now works.

If their Linux/Unix boxes are anything like IIS, HR will need to re-populate their default documents to also look for index.htm in the root of the site as well as index.html.

Hope that'll save some of you some downtime.

I got my index.php to work, bot somehow it took out my forums. Can't seem to figure out what happened. Hmmm, what a drag.

ooppps

xxxxx

....be glad you werent around in 2001 when Hostrocket had our credit card info "hacked".......
Talk about a heart skipping a beat... I trusted them and thought I'd hang in there at the time, having been new to their hosting...
But alas everything is the same...

You think they would have figured something out... All of the above suggestions are so obvious that clients shouldnt even need to be asking them.

I have had a billing issue with every end of term ...This is the last one... "UP"time is way down................

They are getting hacked repeatedly because they refuse to turn off register_globals for PHP, leaving the servers ripe for abuse.

Call up and insist they do this simple security feature. Some PHP scripts will break, but all should be fixable.

Demand that this necessary security step be taken.

We are one of the 750+ pages that this group hacked today...

They didn't do damange, exept that they upload a new index.php file to ALL of us...

I have been with hostrocket for a long long time. I have never had my site hacked and this is the 1st time that I have ever heard of them having a problem with one of their servers being hacked.

Although it does really suck for those who lost their sites but from every bad thing we should learn something.

I am sure that Hostrocket is fixing the problem on their server or servers if there is a security flaw on more then just host30. But I think that all you new customers whom I see most of the posts are from should take some tips from an old customer. Hostrocket is a computer based company that employs humans to manage with business.

Computers have a tendency to... break, crash, because lets face it, they are just computers right? And humans have a tendency to make mistakes because; we are only human aren’t we? Hostrocket does their best to maintain a high uptime. If computers were perfect then companies could offer a 100% uptime guarantee but sadly the world isn't perfect and this is impossible.

So I would backup your data though your control panel just download the daily back up twice a week or so, or more if your changing your site a ton. You can easily backup databases though phpMyAdmin.

You don't buy insurance or a warranty on a $16 T shirt at your favorite store in the mall but you do however insure your car, and buy warrantees for lets say expensive stereos or computers. If the data you but on your site is any way valuable to you or others it only makes sense to back it up.

Amen bradda!

Originally posted by Silmaril8n
Amen bradda!

Woohoo Viva La Hostrocket! :D

After reading this post,

I wanted to go and download a new copy of the backup of my accounts from the control panels.

I do this whenever I think of it. Usually every 3 months or so, or right after I do a major install of something. Though, I will start doing it more frequently.

I didn't realize this (hacking) had happened to so many customers.

One person mentioned legal action. Another person mentioned that this was far fetched. I DON'T agree. Even though there were terms, there are protections available to consumers.

I have worked for a major corporation as an IT consultant on a project where we hosted public servers and applications at a third party web host provider. I can guarantee you that there would be major legal action if there was negligence on the web host provider.

Though negligence would have to be proven.

A couple of points that I would like to suggest.

Hostrocket should send out memos to all account holders when their servers are hacked which states which server, what vulnerability was used and what was done to fix this.

They should also publish notes on how to backup MySQL databases to account directories so that the MySQL dump is included in the nightly account backup.

This may be in the support documentation/FAQs. I already do this nightly via a cron tab job. I found out how to do it through a support ticket.

They should also encourage all account holders to download backups from their control panel on a basis which is relevant to the account holders. (for example static sites only need to be download quarterly or monthly, whereas someone with lots of traffic and database changes should download weekly or nightly).

education and prevention is the best method for avoid disaster.

Even though we all agreed to certain terms when we signed up, there is responsibility on Hostrockets part to help us avert disaster. Saying nothing is like lying.