Comments on: Media Temple Hacked

By: Halil

Halil — Sun, 08 Jan 2012 17:55:02 +0000

This will be somewhat like resurrecting an old post but, hence some security-conscious people seem to come here from time to time, it looked me like an OK place to mumble this.

Surprise surprise! By default, all recent versions of Plesk including 8, 9 and 10 (most probably old versions too), store all account, ftp, database and email passwords in plain in a database named “psa”. This is a well-known fact for years.

Shared hosting is insecure. But Plesk gives you even more options to dis-secure it: it allows to use PHP as a module with Apache, without any suexec and suPHP options.

Any shared hosting provider which properly locks up everything? I’ve yet see one. This is because securing a shared server is unresourcefully time-consuming, and no shared hosting provider I know of does meaningfully more than the installation defaults.

I’m not telling these to dis any server panel or any hosting provider. Since I can be considered fairly involved in this business too, I can see their positions. And yet decently secure shared hosting providers can exist. And if you know one, please tell us! But I wouldn’t hold my breath, if you can measure the security of a shared provider, you are probably quite ahead of using one.

Looking for a secure shared hosting? Start training yourself on *nix file permissions, chrooting, suexec/suPHP, hidden (non-)holes (re: PHP cgi_fix_pathinfo on nginx, of which even an nginx book writer seems to be unaware of), server log parsing, fail2ban, logwatch, audits, SELinux, etc etc.

And by the time you have some grasp on these, I bet you wouldn’t be looking for shared hosting any more This is of course, if you really mind security, unlike most of the businesses and customers out there, which you don’t have to

By: Stu

Stu — Thu, 05 Jan 2012 21:16:40 +0000

I used to use MediaTemple (around the time you posted your article). Just googled them and found your post. Glad I left! Thanks for sharing your experience.

Stu.

By: SomeGuy

SomeGuy — Wed, 14 Sep 2011 13:28:40 +0000

I will give Media Temple credit, there interface is good, and the products for most part are pretty good and do not need much attention. Pretty much run on their own. What I do have to say is the level of customer service I just experienced. They apparently let a brute force attack hit my box resulting in my box getting hacked, there response was “shutdown” my server until I reinstalled.
Which took me about 12 hours because even after the reinstall things did not work as they were supposed to. When I called tech support they told me I was on my own, and they can only help if the box was not running. And it was running just not working right. After calling back several times I finally got a person who was not only nice, but went out of his way to help me.

Did I mention a previous tech set my websites to use the “admin” account and password just to get my databases up and running because he could not get the mySQL user accounts I setup to work. I would never use the “admin” account for this purpose, and yet they did.

By: WordPress Performance Server Stack - Debian w/ Nginx, APC and PHP-FPM

WordPress Performance Server Stack - Debian w/ Nginx, APC and PHP-FPM — Sat, 23 Jul 2011 14:48:10 +0000

[...] and Rackspace as I’ve had problems with both and they’ve had well documented security vulnerabilities in the past.Next Page: Connecting to your server the first time. Pages: 1 2 3 4 5 6 3 [...]

By: A Small Orange hacked | Michael Torbert

A Small Orange hacked | Michael Torbert — Mon, 16 May 2011 22:56:47 +0000

[...] hosting company, A Small Orange, sent this email to its customers today. I’m reminded of when Media Temple was hacked recently. However, while A Small Orange still hasn’t let us know all the details, [...]

By: Got Hacked. Want to understand how.

Got Hacked. Want to understand how. — Sun, 28 Nov 2010 21:24:17 +0000

[...] see this post from last year about the original fiasco (warning, it will piss you off). It’s gone downhill from there. I [...]

By: KBSD

KBSD — Mon, 06 Sep 2010 15:59:43 +0000

Following your comments, i approached MT to find out about them providing a backup service for my websites.

Seems difficult. Or rather, they dont offer it. Do It Yourself.

Mmmh….

By: popo

popo — Mon, 30 Aug 2010 17:58:49 +0000

And here we are again at the end of August 2010. Three weeks ago, MediaTemple suffered an identical attack affecting thousands of users.

After spending countless hours recovering from the attack we were promised the system was now secure.

And then yesterday it happened AGAIN.

MediaTemple is an unmitigated DISASTER. Be extremely careful using them for hosting. Their systems are simply not secure. They are completely clueless about security.

By: News fix

News fix — Fri, 06 Aug 2010 17:24:31 +0000

One of my clients is on media temple and today the 5th of august we got attacked. we couldnt understand the issue and in order to minimize impact on our business, we had to change hostings.

By: Patrick Ong

Patrick Ong — Sat, 12 Jun 2010 14:32:00 +0000

woah…wondering if my DB on Media Temple has been hacked…

for some reason, for the past 2 days, my email has gone bonkers…I cannot access it, password not accepted via my Mail software and even webmail is not allowing me access…

scary…but I do agree that they are very good in terms of support…

By: Alberto Hernandez

Alberto Hernandez — Wed, 21 Apr 2010 15:05:27 +0000

I have the same fill, but they compromise 120 clients web sites, I have to change all my clients out side, because if I upgrade to other kind of server they cant migrate 3400 emails acounts and 280 websites included wordpress and joomla CMS websites, I have to change one by one in less a weak, because the problem in my country (MEXICO) dosnt have a real infraestructure and any provider to make a real webhost. In this time I have just 2 server in MT but they make the charges for entry year, soo I just end the terms and migrate this clients too.

The response for the MT staff was add in my acount 2 free moths or services like a 120 usd.

By: Andres

Andres — Wed, 21 Apr 2010 13:49:29 +0000

@DDD I completely agree with the latency. I love MediaTemple’s interface but their service, even at cluster 6, was insanely slow. I just canceled

By: DDD

DDD — Wed, 21 Apr 2010 06:25:09 +0000

Unless you are on a newer or as yet not overcrowded cluster, check your http and database latency. It’s insanely bad. SQL container helps.

By: Changing Technology = Problems

Changing Technology = Problems — Wed, 21 Apr 2010 02:53:57 +0000

I don’t gauge a web hosting company by their lack of problems, but the way and the speed at which they deal with problems. Media Temple has continued to show forward thinking, regular equipment upgrades, and they do a good job communicating with their customers. Plus, their technical support is excellent.

I have been with them since 2005 and have dozens of subdomains hosted with them and none of my servers have been compromised or hacked to my knowledge. You won’t find a perfect web host, but Media Temple has a good track record, and we are pleased to do business with them.

By: Linda Sherman

Linda Sherman — Tue, 20 Apr 2010 20:30:35 +0000

I am currently dealing with this with a large hosting company. I do not want to go through this again. I have registered a couple of domains with Media Temple but haven’t launched yet. Is there ANY Shared Hosting system that is SAFE?

Laughing Squid for RackSpace?

I came to Media Temple because of their great reputation but after getting their letter about the password change was very unsettling.

Linda

By: Dan

Dan — Sun, 11 Apr 2010 00:21:11 +0000

Media Temple is still dealing with the fallout from this big security breach. They’ve been changing out passwords, including database credentials, on the many accounts affected by this incident.

By: Cullen

Cullen — Thu, 08 Apr 2010 19:24:05 +0000

I’ve been nothing but impressed with Media Temple. For the last 6 years they have done what they said they would do and more.

By: Askar Sabiq

Askar Sabiq — Sun, 04 Apr 2010 04:05:37 +0000

nevermind, big hosting in the planet got hacked so “no one 100% secure” statement is right anyway, great blog!

By: QWD

QWD — Tue, 23 Mar 2010 08:03:15 +0000

I have read about this hack on numerous boards … I also have had a server compromised by the same hack. Here is what I know is true, first off we are not with the aforementioned hosting companies, and yes they had several servers compromised. It was not only blogs, but actually php based coded apps and sites. The hacks occured in the same time frame as those mentioned here. One of our clients had a virus on a office computer, and the hacks occured on the sites in his ftp client. The code injected into our sites was the same as was seen in ours and others … etc …

By: bruce

bruce — Thu, 11 Mar 2010 06:55:45 +0000

I’ve had the same code injection attack occur on two of my websites. Both use shared hosting but both are with different companies. It seems like it is quite common with shared hosting.

By: Vladimir

Vladimir — Tue, 09 Mar 2010 23:40:23 +0000

@Viktor:

> especially since rainbow tables for hashes were invented

Using a salt when hashing the password renders rainbow tables useless

By: Thomas

Thomas — Fri, 05 Mar 2010 08:07:55 +0000

I had the same expirience with some hosting companies. Now I have my own server and we moved to Linux at the workstations after problems like this. Windows runs only in the Virtual Box to test the IE. Some virus use the open FTP connection at the computer, so if you have a virus at a developer machine you get a big problem. But the same is if the webserver is hacked and they get root permission. Then have all customers at this server a big problem. And the most hosting companies don’t use a virus scanner at a webserver. And if a virus or a stupid staff of the hosting company changed the permission at your hosting, you can’t see the files with the virus or can’t delete or change it. I had two hosting companies with the problem with the permission and they ignored my requests.
For all that use standard software like phpmyadmin. Please never use the normal path or easy paswords. At every webserver you can see in the logs a lot of requests to /phpmyadmin /phpMyAdmin and so on. The same is with Webmailer. So you can reduce the risk with change the path name.

By: Don

Don — Sun, 28 Feb 2010 15:24:58 +0000

We host on liquidnet ie ResellersPanel and MANY MANY sites were hacked the same time Your hosting got nailed. Except ResellersPanel is in full denial mode blamming each customer for 100s of lost or hacked websites.

They are out right rude to the point of making threats if anyone tells the public.

Good Luck with yours, we’ll be moving ours.

By: Florian

Florian — Thu, 25 Feb 2010 10:29:22 +0000

It’s shocking to hear that passwords are stored as plain text, security is never perfect, but leaving the front door open and expecting noone to simply walk in is very unprofessional in my opinion.

By: Server move complete – Linode rules! | mou.me.uk

Server move complete – Linode rules! | mou.me.uk — Tue, 23 Feb 2010 12:58:30 +0000

[...] for nearly 2 years, and I decided enough was enough. Slow load times, dodgy password policies and a rather high profile server wide hack was enough to convince me that it was time to put my new found sysadmin skills to use and move all [...]