Site hacked!

[dmcmeans]

Just spoke with a friend who was hosting with JaguarPC (I recommend Jag to him) whose site was hacked. Apparently his account was compromised and someone installed a phishing page.

JagPC responded by pulling the account. No file access, no chance to explain, no nothing. Granted the TOS and AUS place security solely and entirely in the hands of the account holder, so their response is within their stated rules.

I'm writing to warn everyone that if you have an account that the username / password could be guessed, be wary. If someone gains access and installs bad stuff, JagPC will hold YOU liable. Your account will be frozen. You will not have a chance to download a backup. You will not be given an opportunity to explain that you weren't the one committing the criminal activity. Your account will be removed from their system. That's it.

OK. So security is completely in the account holders hands. What services does JagPC offer to help me make my account more secure? Password complexity enforcement? Logons only from designated IP ranges?

Accounts gets hacked. That's the reality. We all know it. I'm not suggesting that JagPC respond differently (though I wish they would) so much as I'm wondering what they offer to help me protect my account and their systems.

Once this has happened, it's too late. JagPC does not offer any grace. Take steps to protect your account now.

David

[JPC-Les]

Hi David,
I hate that your friend had this trouble. We certainly do not remove accounts from the network oh a whim. This account you are referring to was threat to our network. I will not go into details here however the evidence was clear that we could not offer services to the individual and still provide a secure network to our other users.

I promise you 100% that as a person who likes to pay my house mortgage and put dinner on the table of my family that I absolutely abhor pushing business away. Jaguar does not do this lightly and it is always in the best interest of our clients and our network.

[Ron]

Ok, now THIS thread has my curiosity peaked.

[JPC-Masood]

In case of a breach, we do our investigation and track the source of the problem. If there is enough evidence that the user did this on their own, we will suspend the account and send a warning email. NOTE that no account data is removed because in case of the user being responsible we have to provide the data and logs to the authorities.

However, if the problem happened because of user's negligence i.e. did not take enough responsibility to secure account (e.g. had old remotely exploitable code through a known web application and did not upgrade it), then we will only block that particular folder and send email to all email addresses on file for the client to upgrade/fix that particular web application. And offer whatever help we can to secure it.

[Rye Seronie Oh]

This thread has also peaked my curiosity as well. I guess it's nothing to worry about if the user used a password such as "welcome" or something easy to guess. Hummm!

[the_ancient]

Hi David,
I hate that your friend had this trouble. We certainly do not remove accounts from the network oh a whim. This account you are referring to was threat to our network. I will not go into details here however the evidence was clear that we could not offer services to the individual and still provide a secure network to our other users.

Ok Guys, This seems to imply JAG had very good reasons, reason they CAN NOT tell us, nor would I ask them to, I like my privacy and I respect others .

However This does not seem to be a simple "my password was stolen" case,

I promise you 100% that as a person who likes to pay my house mortgage and put dinner on the table of my family that I absolutely abhor pushing business away.

Come on now, they make Strong Cardboard boxes now, and I hear McD's throws out alot of food everyday

[Ron]

[A friend's] site was hacked. Apparently his account was compromised and someone installed a phishing page.
[...]
not have a chance to download a backup

This account you are referring to was threat to our network.

The OP seems to think his friend was white hat, while Les is implying otherwise...

[the_ancient]

The OP seems to think his friend was white hat, while Les is implying otherwise...

Well he can think anything thing he wants He would not be the first person in history to be lied to by a "friend"

I dont see the Jag I have been doing business with over the last few years kicking out a "victim", I can see them taking down the site and helping said victim recover.

However I am equally sure they will show the door to a scammer/phisher/scum of the earth/ if I had a lic to kill they would have been dead along time ago, person off the network before you can say HUH????

[JPC-Greg]

No need to defame or slam this fella, he was just stating what he observed. The lesson here is for your sake and the sake of all others sharing thie beautiful network everyone should practice regular security audits of their sites and change passwords routinely.

[the_ancient]

No need to defame or slam this fella, he was just stating what he observed. The lesson here is for your sake and the sake of all others sharing thie beautiful network everyone should practice regular security audits of their sites and change passwords routinely.

You should post a Security FAQ on the site with simple, common sense security practices....

[Ron]

I'm just saying there's a disconnect.

If the site was hacked and the guy is innocent as the OP suggests, then the result is kinda scary to me.

If the guy wasn't white hat, then I understand it.

Les seems to be suggesting the latter...

I'd hate to think that if my copy of phpBB (or a not so popular application) got hacked that I'd get bounced from Jag... which... of course..... I love....

[Gwaihir]

I'm just saying there's a disconnect.

If the site was hacked and the guy is innocent as the OP suggests, then the result is kinda scary to me.

Rereading what Les said:

This account you are referring to was threat to our network. I will not go into details here however the evidence was clear that we could not offer services to the individual and still provide a secure network to our other users.

So I think the guy was innocent in that he didn't do anything illegal, but that he insisted on using some application in his account that could not be secured properly. I.e. if it were restored as it was, it would simply get hacked that same way again and again and again.

[Ron]

I didn't get that from what Les said.... I got that they couldn't offer services to the individual.

It's like our own soap opera!

[tank]

Soap Opera.. No kidding. Everyone seems to be guessing at what happened. There are only 2 parties that know what transpired.. Jag and the affected account. If Jag suggests that the account had the possibility to be a security risk I would hope they would shut it down ASAP no questions asked as to not effect any of our own accounts.

The mere fact that anyone would start a thread as assinine as this one really infuriates me. One that implies with a topic title that a 3rd party (friend or not) had their site hacked because it was hosted by Jag, just to draw attention to it, only to then change directions and imply this 3rd party had weak passwords that were guessed.

Security is not a game to play and not something to just through out in a hosting site forums to gain attention. It's bad PR and more importantly bad form, especially as the posting person is not directly involved in the issue. Security should be delt with on a one to one basis in a non-public medium. The only time security issues should become public is if Jag doesn't respond to the problem or there is a public threat that Jag has not made people aware of... which is in this case seems to only be poor password protection. It's not Jag's responsibilty to make you a good web designer/coder/account manager. It's their responsibility to keep things secure, which they did in this case.

[Vin DSL]

OK. So security is completely in the account holders hands. What services does JagPC offer to help me make my account more secure? Password complexity enforcement? Logons only from designated IP ranges?

Heh! Give it a try...

http://www.lenon.com/admin.php

And, JagPC didn't have a damn thing to do with it!