Vidahost - anyone hosting on acton.footholds get email password change?

Paul11 · 5 Jul 2017 at 08:27

so the acton server was attacked and they decided to change the passwords for all accounts on the server.

fair enough

im a resseller and have LOTS of domains on my account.

so they email me telling me the new password, a seperate email for each domain BUT they dont put anywhere which domain it is for !!!!!!

so i rang them and was told " worry this is how the system works there is nothing we can do about it"

now im left with loads of emails telling me new passwords and having no idea which domain each email relates to

reallly unhappy

Deleted member 77746 · 5 Jul 2017 at 19:23

Why do they have the right to change the passwords on your customers accounts? Should they not have informed you to action this straight away rather than THEM changing the passwords to YOUR customers accounts?

Is poo about to hit the fan?

Paul11 · 5 Jul 2017 at 22:43

i have no problem actually that they took precautions to protect my accounts from attack

my problem is that they changed all the passwords and then didnt tell me which password (that they emailed me) was for which domain.

kaku · 7 Jul 2017 at 01:27

I would deeply question the security sense of a company that generates new passwords for your accounts then emails them to you.

Paul11 · 7 Jul 2017 at 08:37

well imo Vidaahost have gone down hill in many way since they were bought out

Beansprout · 7 Jul 2017 at 09:34

It sounds like they reset cPanel passwords - presumably the email will give a username & password combination? Do you have a copy you can post? (Obviously star out the details!)

Maybe it's email passwords that were reset? I used to do that when accounts were sending spam etc, but I'd never email a new password (unless I was being a klutz), just ask the client to login and set a better password.

Adz · 7 Jul 2017 at 11:51

I'm a director at Vidahost's parent company so can shed some light on this.

What happened is that a slightly overzealous junior sysadmin on a night shift took a little more responsibility upon himself than he should have and deviated massively from our established procedures. The emails contained the username but not the domain name. Paul (and anyone else affected) if you let me know your account ID or username I'll give you a free month by way of apology.

Paul11 · 7 Jul 2017 at 16:42

it was a username and password combo: but the username doesnt always give me an indication to which client or domain it was for.

Adz: thanks , thats very kind but im not after any compensation. there is nothing that can be done now and i still have to go through all my domains, one by one and try to work out which email is for which .

Paul11 · 19 Jul 2017 at 12:26

Now, all the wordpress passwords have been reset to "test" on all domains and vidahost are saying they didnt do it

edit:

reply from Vidahost confirming my account (and many others on that server) have been hacked

and i have to go and clean it myself and its not their responsibility.. even though it was lots of reseller accounts that were attacked and they didnt prevent it

they obviously had a massive attack back when the new passwords were sent out , its infected my reseller account at a root level and now they dont want to know

FUMING !

Azza · 19 Jul 2017 at 13:09

Wait? So the server has been compromised again or your accounts and others have been hacked, presumably through brute force or there is still something on the server from the last attack?

Paul11 · 19 Jul 2017 at 13:36

Azza said:
Wait? So the server has been compromised again or your accounts and others have been hacked, presumably through brute force or there is still something on the server from the last attack?

Yes, many reseller accounts have been compromised . and im guessing most dont even know

Rannoch · 19 Jul 2017 at 13:37

That's bad. They have went right downhill.

They once answered an email to one of my clients when they were working on my account. So glad I moved.

Azza · 19 Jul 2017 at 14:35

wow that's pretty poor.

I'm currently in the process of moving everything over to Krystal.

Solus · 19 Jul 2017 at 23:47

My brother in law has had 4 of his sites hacked (cpanel).

I think it's gone to the dogs

I'm with tsohost, previously vidahost (same company just cheaper). I signed up to a free trial of pingdom so it could inform me of outages. I've had 23 in the last 4 days. Disgusting

Adz · 20 Jul 2017 at 20:54

To the best of my knowledge (disclaimer: I'm not longer involved in day to day ops) there was no sign of any root level exploit.

What happened is that an attacker who had access to one site on the platform managed to read wp-config.php files which had been uploaded with world readable permissions by creating a symlink and reading that symlink as the unprivileged web server user which has group read access on public_html folders. Normally there are protections against this happening - for instance a watchdog script that monitors for insecure permissions within a customer's site and corrects this and also a kernel level protection against these malicious symlinks. Unfortunately 'acton' is an older server and didn't have these protections.

There was also an issue with our 1st line live-chat and phone support teams miscommunicating information about the issue, as they work in a separate office to the infrastructure team. This is something we're trying to address.

If anyone is particularly unhappy with support or any aspect of their service I can, at least for the next few months, personally assist. Just ask to be escalated to Adam Smith and, if necessary, link to this thread.