Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Blacknight shared servers Hacked

Options
  • 12-07-2011 11:43am
    #1
    Tow
    Registered Users Posts: 7,434 ✭✭✭


    Hi,

    One of our sites which I believe is on Galahad was hacked last night and I see from your blog Palamedes was done in much the same way yesterday.

    Is there any update as to when it is going to be fixes and the security beefed up on the servers?

    Thanks,
    Tow.

    When is the money (including lost growth) Michael Noonan took in the Pension Levy going to be paid back?



Comments

  • Options
    #2
    flamegrill
    Registered Users Posts: 1,862 ✭✭✭flamegrill


    Hi There,

    Basically this is a problem with how the Helm control panel handles folder permissions. It's not using particularly effective permissions and if a malicious user is able to upload a script to someone's website after they've brute forced FTP or got the FTP details from a virus / malware they can run arbitrary commands on the web server as the owner of this website.

    If we change this in anyway it'll completely break everyone's website on this server. The only option is to move customers to our newer control panel where there is complete user isolation. i.e. no single website user can write to another users webspace. In fact the user the website runs as barely has enough permissions to read/write to their own wwwroot folder.

    FYI your site is actually on "palamedes", the control panel server is called Galahad and it manages a number of web servers.

    In this instance we've found the customer's site which was compromised initially and we're disabling the website and ftp accounts.

    One of our team will reply to your ticket. We can assist in moving you to our newer shared hosting plans if you want to be moved.

    Paul


Advertisement