facebook rss twitter

Webhost's own forum hacked

by Steve Kerrison on 17 August 2006, 08:27

Quick Link: HEXUS.net/qaglm

Add to My Vault: x

In what can only be seen as an embarrassment to any company, Hosting-Unlimited, provider of web hosting solutions, appears to have had its own forums hacked.

On the evening of Wednesday 16th, members of the Hosting-Unlimited forums started receiving mail outs from the forum's mass mailing facility, containing a proclamation that the site had been hacked. It is believed that the forums were powered by vBulletin.

Not all of Hosting-Unlimited's customers will have received the e-mail; only those who chose to subscribe to the forums.

Currently, the forums are inaccessible. A link on the company web site for the forums redirects back to the main page.

We invited Hosting-Unlimited to comment on the apparent attack to their forum, however at the time of writing they company had yet to respond. No official information has been placed on their web site either, or mailed out to customers, meaning that it is unknown whether the hacker's attack has implications beyond that of the forums.

Recently, Hosting-Unlimited announced a migration to a new server setup to "provide a better hosting experience". The migration occurred towards the beginning of the month, with some customer sites experiencing difficulties during the migration, although they all appear to have been rectified. It's not known whether the server migration presented an opportunity to the hacker, or if it was simply an exploit of a security hole in the forum software.

If Hosting-Unlimited decide to fill us or its customers in on the events that unfolded last night, or provide any assurances that no other systems have been affected, we'll update this article accordingly. However, currently customers appear left in the dark.

HEXUS.links

Hosting-Unlimited.

Update: Hosting-Unlimited responds

Some six days after our initial report of the incident, Hosting-Unlimited has e-mailed its forum users explaining the incident and subsequent action taken, also providing HEXUS with the following response:

On 16th August, Hosting-Unlimited forums were taken off-line after a script was found to have been compromised. This resulted in forums members receiving an e-mail ostensibly from Hosting-Unlimited stating “this site us hack ny mesmat jo7a happy dreams”. This was monitored by staff as it happened, and the forums were consequently taken off-line within 3 minutes of the incident.

The reason for the compromise was quite simply due to a VB script not having been updated as it should have been.

This episode was as unwelcome as it was embarrassing, and we fully accept this was - exceptionally - a case of us not taking our own advice regarding updating. We are glad therefore to put the record straight, and also to provide the following reassurances:-

1. Only our forums were affected
2. Only registered forum members received the e-mail
3. No other part of our operation was affected in any way (i.e. our site, billing and support systems at no time were affected or off-line)
4. No sensitive information was compromised (i.e. forum members’ e-mail addresses were not disclosed to any other forum member nor to anyone else). This includes billing information, site usernames, passwords or e-mail information.
5. Our site - including billing, support and forums – is hosted on a dedicated server. This issue therefore did not affect in any way any of our other servers nor any client site. We are currently carrying out server upgrades which involves site migrations for most of our clients; some clients have experienced some DNS issues with this, which have wrongly (although understandably) been construed as having been due to the forums issue.
6. Some difficulties were experienced for a short period in certain areas of our billing system (e.g. logging-in), but these were due entirely to pre-emptive security measures taken by us in the immediate aftermath of the incident, and not in any way as a result of the issue itself.

Whilst we responded reactively to all concerns via e-mail and support tickets, we have now contacted all forum members, providing them with a full explanation and apology for this unwanted occurrence.

We appreciate the even-handed manner in which Hexus has reported the issue, as we appreciate the opportunity to respond.

Sincerely,

Dougie Brown
Administrative Director
http://www.hosting-unlimited.net

So, no hosting servers were affected by the incident, which uses cross site scripting as an attack vector. Although the billing system is hosted on the same server, HU has assured us that only the forums were affected.

Whilst HU's response was a little slow coming, both for us and its forum members, their actions during the hack on the forums was swift. We'd like to thank Hosting-Unlimited for getting back to us.



HEXUS Forums :: 125 Comments

Login with Forum Account

Don't have an account? Register today!
Confirmed :(
I have the same in my mail.
Yup, nvening seems to have had the same email…
Yep - i got it - posted in the connectivity forum
hmm forum button is redirecting to the main page. Something tells me they are fixing it ASAP.
Maybe it's someone who's annoyed with their service lately?

This whole migration thing they're doing has been a complete mess IMO, my site with them was suffering tremendous problems (serious server side lag, php critical errors, pages not loading, site not responding) and after a day or so of complaining they migrated me to the new cluster saying there would be no downtime. Well, after 12 hours of downtime my site was back up and running.

Not impressed, considering their usual excellent levels of service. Still, everything is fine now, that's what matters. :)

:edit: I didn't receive a mail though regarding this, I failed to mention that bit! :P