Denobi dedicated hosting hacked

Jul 14

Posted by Derek Kirwan on Wednesday 14th July 2010, 04:39 PM

First of all "Don't Panic"

Not every site Denobi have was affected. Just over 200 sites are listed on the server that was hacked and not quite 150 were changed to have the new home page added to the site. This is less than 50% of the clients that we host across a number of different servers.

For those clients not affected we have had to suspend normal support. This will be an inconvenience but hopefully will be shortlived and some level of normality will be returned to by the middle of next week.

How did it happen?

One client website was hacked. The most likely reason the site was hacked was because of poor password and user name protection. Every one knows they shouldn’t use the same username and password. This is the path the hacker took to access the admin area of the website.

Once they got in a file was uploaded to the website which allowed them to run a script that pulled in a new php file. From here they got access to everything on the server. The ability to get access through a file like this was an unknown weakness on our system setup.

It’s important to note that as far as we are aware they could only access files and not databases, so no site information was accessed. The hacker then ran a script that changed any files with index, default or main in the name. This changed the home screens for the vast majority of the sites affected. Any sites set up using slightly different naming conventions on files were unaffected.

What have we done about it?

We closed down the clients site that was the source of the hack. The site will be moved to a separate hosting  platform before it is made live again to remove the risk to our service again. This will be the last thing done and may take a number of weeks to be resolved as there are quite a few changes to be made to our setup before we will be returning to that website.

We have been repairing those sites that we can as quickly as possible, there are 12 sites still down and these are being worked on at the moment.

Is anything still not working?

There are still problems with some of the default files that were kept on the hsphere pages.

  • So clients using the mail.domainname.com too access their email will most likely experience difficulties. They can still access their email by downloading it to an application like Outlook or Outlook Express.
  • The CMS on nearly all client websites will not allow you to upload any additional images on the site. This is because we have changed FTP passwords and it will take us some time to update each clients details. This is also going to be delayed as the hack was caused by someone uploading a file using a similar editor, we need to be 100% certain that this weakness cannot be exploited again.

Will it happen again?

We have taken steps to prevent it from happening again. As I already mentioned the site that was the source of the problem has been suspended. We have replaced the files that were changed. We have changed passwords and user names to access ftp details on the site. This gets us back to where we were yesterday before the hack. It won’t prevent it happening again.

What will prevent it happening again?

We are moving all clients on the affected server to a new dedicated box. This uses a different setup structure and operating system that makes it more difficult to be hacked. It is also easier for us to backup the site and regularly change passwords. We are also working with our hosting provider and a number of other security measures that we can apply.
This new setup is what we have used for the majority of our ecommerce websites and these were not affected by the hack. This is an additional level of security and one that we are confident will remove the risk for multiple sites being hacked again.

Limiting client access to some of the files will also give us more security and it may be a requirement in the future to restrict access to only specific IP addresses.

This sounds great what’s the downside?

The difficulty with moving hosting for websites is the likely downtime as sites are moved across. There are even more issues as we move email accounts over to the new hosting. Updating and repointing DNS settings also involves at least 24 hours of downtime on sites. Bearing all this in mind we will be moving websites as quickly as possible with email and DNS records moving on a phased basis over the next few weeks. All clients involved in the move will experience downtime, this is simply inevitable. To reduce the impact of this many of the changes will be performed on Monday (websites) and Friday evenings (email and DNS records).

We will be contacting all clients directly before this changeover takes place and working with clients to insure that it is carried out with as small an impact on the business as possible.

My website or email is acting strangely?

If you believe your email or website is acting strangely please email support@denobi.com and we will investigate the problem.

| More

« previous  next »

Your Comments

There are no comments for this post.

Add a Comment

Our Happy Customers

"Throughout the design and initial stages of the website going live, Denobi were always contactable, professional and prompt in providing advice or amending my site. My site has worked very well and continues to attract clients. "

Patrick Kelleher, Kelleher and Associates

"Denobi built my website from scratch and I am very happy with the design and logo. We question every new client as to where they heard about us and immediately the website went live, we had people coming in the door saying that they found us on the web."

Linda FitzGerald M.I.S.C.P. , Chartered Physiotherapist, Ashbourne Physiotherapy Clinic

"Marketing on the web is relatively new for physiotherapy but the team at Denobi provide excellent advice on web site design and target markets"

Aileen MaGuire BSc Physio MISCP , Chartered Physiotherapist, Ballsbridge Physiotherapy Clinic

"I found my dealings with Denobi very professional and efficient. We are happy to say that this project came in on budget, was delivered on schedule and was of a higher quality than we had hoped for."

Cathal Hennessy, Interface Project Manager, Coillte

"Denobi were first class; they looked beyond styling and design of the website to highlight how we could achieve clear and targeted goals. They understood our business needs and brought creative and applicable ideas to the table."

Jote Bassi, Anam

Read more client testimonials

How much does it cost?

To get access to our online pricing calculator that will calculate the cost for your business, simply fill in your details below & we'll be in touch.

Validation etc.

No outsourcing - Made in Ireland