On Saturday 16th of July 2011, at 14:39 PM UK/London time our server management team started to see some unusual activity within the ssh commands list that had been ran. With a number of clients opening support tickets regarding unknown files and settings within their accounts appearing we quickly put the server into its highest level of security blocking any commands from outside the company.
We investigated the depth of the security breach which showed a number of insecure scripts had been running on a few accounts allowing access to come commands. This gave access to delete files on certain accounts which the script had access too.
With this level of security breach we needed to move all data and place on a new mirrored server setup, this required a full server migration which is not as easy when their are security issues on accounts which could effect the new server.
The move has gone well for the most part with 90% off accounts being moved without issues and no reported problems with sites. The last 10% were based on reseller accounts and our team are in the final testing stages to make sure everything is working as it should.
What’s being done to prevent this again?
Our Media1 server was one of our biggest media servers which was also classed as one of the most secure, this was not enough and we have planned for an external company to check all our servers for weaknesses and help prevent any future attacks in this way. We do our best to keep our servers as secure as possible, and use the very latest in server security software. We are making sure everything is up to date and to the strongest level.
What’s left to be done?
All media services are back online as they were before the issue. We are waiting for the final checks to be performed before installing FFMpeg and the media services to ensure permissions are correct and not weaknesses have been found on accounts where the FFMpeg service may have been used to access key server commands. Apart from this everything is working as it should including the LiteSpeed service.
We have a number of tips we do recommend to anyone hosting a website online, no matter who the provider is. This event just shows if we did not have our own backups & mirrored systems in place we would have lost important data. So here are some useful tips when hosting your website:
Running your own backups these days are very important on every device, mobile/cell phone, laptops & desktop PC’s and the same goes for your web hosting. It is always important to keep your own backups of your website incase you need them in any number of events from hosting provider going out of business or the simple case that your current provider does not have a backup solution in place. Most control panels such as cPanel / Kloxo / Plesk all offer an inbuilt backup system which allows you to download part/full backup of your website. Doing this once every couple weeks or even once a week will make sure you know your website data is safe and able to be restored at any point.
- Know who to contact
Knowing who to contact at your hosting provider is very important, we have a number of ways to get in contact with us but the standard practice is support tickets. Most providers split the support tickets into departments so make sure you know what hosting package/service you are on to get the right support. Best sample we have a department for each service so if you have ‘Media Hosting’ then you will want the ‘Media Department’.
- Keep up to date
Keeping up to date with whats going with your current hosting provider can save you a lot of time getting the basic questions you want to know about what maybe going on with a current/future server issue. The best ways these days is RSS Feeds & Twitter, we have both at Host Media UK and you can follow us on twitter at: http://twitter.com/hostmediauk
Have questions or comments?
If you would like to speak with one of the management team please open a ticket directly to us at: https://www.hostmediauk.com/client/submitticket.php?step=2&deptid=14
Thank you to all our customers for your time and patience, and of course we are here 24/7 if you need us. We really appreciate you baring with us during these issues.
Host Media UK Team
We have been hosting websites since 2002 and are always moving forward. All articles written under the Host Media author are created by the team who support our customers.