Some of A Small Orange servers were compromised
Dear ASO Customer,
Last night, several of our hosting servers were compromised and a number of customer accounts were deleted. While not all customers are affected, we feel that all customers should be aware of the incident.
The attack happened through a compromised password/computer used by one of the techs to access/support/maintain servers. We’ve disabled access from that computer and account until we can investigate the matter thoroughly.
The servers affected were server names starting with the letters A through D. We’ve posted a notice on our customer forums and will update it with more information:
http://forums.asmallorange.com/index.php?showtopic=12908
If your server isn’t listed, your site wasn’t affected by this.
If you don’t know the server your site is hosted on, you can use our server lookup tool:http://www.asmallorange.com/extras/server.php
Based on the log data, it does not appear that customer password files were downloaded or accessed, or that any data was transferred. Instead, the attacker simply deleted the customer accounts, and on some servers, critical system files. If you account is on a server that was attacked, we recommend changing your passwords as soon as you have access to your site again.
Our overnight and morning teams have been restoring data, but this is a slow process. For customers affected, please be patient as we work to get through this problem. We understand that many of you host sites for your clients and many of you run your website as a business. Our support team is working as hard as they can to get the data back online as soon as possible.
Once this is behind us, we will be reviewing many of the security systems currently in place and start building improvements. We certainly don’t want an incident like this to happen again. We sincerely regret that this happened, and apologize to all customers who were affected by this.
Thanks for being our customer, and we appreciate your patience as we work to get this resolved.
Email I got from them.
WARNING: During a short period of time during the attack, your site may have been redirected to a malware page promoting a “Web Accelerator” program. This file contains a virus identified as “Backdoor.Win32.VanBot!IK.” Though the exposure time was very short, (less than 30 minutes) there is a possibility that users may have downloaded it. I would suggest informing your users of this and recommend that they run a virus scan and take measures to ensure their system is clean if they happened to download it.
That is on the forum post page, the server my site is on, wasn’t affected.
Oh yeah and by the forum post it says the tech’s computer had a virus, probably the same one. Stupid tech using windows, use linux or something. To improve the security, they could roll their own minimal linux distro, that could be run using virtual box, or vmware player, or parallels, or any other virtual machine program.
Making a full backup of my site so I can download it, cpanel lets you make full backups. Puts everything in a compressed file, so you don’t have to manually download everything.
Already get weekly mysql database backups using Wordpress Database Backup.
Related posts:
Recent Comments