Thread

Ok.  I will speak with them again.

although the site is still up, when i did a content update today, I saw a parse error on line 58, By the time I got to the hosting co, the site was running again with the new content.  That’s strange.  But I will post after I speak with them again.

hello derek,

Finally got a response from my hosting company regarding the problem.  Is there anyway or need to verify all is well.

Please read:

musicnew / Copying without prompting for overwrite [C03745263000000000]
Body:   

Hello Tim,

I am writing regarding your ticket # 3745263 . We thank you for your patience during this delay.

We apologize for any inconvenience this may have caused you. Under preferences of vDeck at https://st79.startlogic.com:8087/panel/preferences there is an option named ‘allow file overwrite’. If you check that, it will allow overwriting of existing files without prompting for confirmation. By default, when you copy, move, rename or upload a file, you will see an error if the target file already exists. I think the hacker or you had checked that option and it was unchecked later.

In order to test, I have uploaded an existing file to your account and received the following error in the FileManager:

Destination file already exists. Rename file before uploading, delete/rename existing file on the server, or enable file overwrite in preferences.

The overwriting will not occur now.

If you have any further questions, please don’t hesitate to contact us. We are available 24x7.

Sincerely,

Did they send you any further information?  Did they explain HOW a hacker could gain access to that folder, or how even if you knowingly turned off that setting that anyone except you would be able to change your index.php page?

Don’t let them off the hook here.  I don’t see that they explained how the hack happened, or what they’ve done to prevent it from happening again.

It sounds to me like their solution is simply to prevent write access to your file(s).  What about read access?  If this hacker can’t write to the index.php file, they can still ready your config.php file with your database username and password file.  Were this me, I’d not be satisfied with this response.

I’d also add that 9 days seems a long time for you to finally get a response on a matter of such importance.

This was a ticket response.  Its incredibly hard to get convenient contact with this company.  It will probably take about 5 hours to initiate a phone call or chat for a response today (since its Sunday).  I am seriously considering going to godaddy.

by the way, Sunday is the fastest day to get a response.

Musicnews, give the good folks at EngineHosting a look.  They have an impeccable security record, specialize in EE sites, and are very responsive.

They are opening a new ticket (after 2 hours of wait to chat).  I will look into the enginehost and plan a change.  I will keep you posted.  Hopefully, not to long.

Unbelievable.  I just got a response from my hosting company (Startlogic.com):

Dear Customer,

I apologize for the length of time it has taken to respond to your issue. This ticket was opened in reference to you wanting an explanation of how someone hacked your website. If you had simplistic passwords it is possible someone figured out your vdeck or FTP password. I apologize but we will not be able to provide you with an exact scenerio as for how your website was hacked, per we do not know. To better protect yourself in the future I would recommend generating strong, random passwords for your site and changing them periodically.
Again, I apologize for any inconvenience this has caused.

Thank you for contacting Technical Support .
Sincerely ,
Jason J

Needless to say, I will be moving on.