Don't Let This Happen To You

[mrsmlucas]

Don't let this happen to you:

 

My site was totally hacked and was send out phishing emails to amazon.com customers. With the ccmail script.

 

TCH did not send me an email and the email they had on the account was my fiancee's and the wrong email at that.

 

How can you trust them to protect your site if your not even emailed about it. I remember a while back they told me that the only way things can be changed is having the credit card that activated the account.

 

Robert M told me my site has to be completely deleted and to me that totally sucks i spent months on it. If not years. I only moved to this service because my fiancee recommended it.

 

I never had any problems with my previous webhosts: ************

 

Hot scripts is where i got my scripts. All scripts should have some sort of testing on it. Like a site where you can test your scripts or something.

 

I've had my site since 1999 and never had any problems like this.

This totally sucks and I can't even get a backup of all the work I've done.

 

I feel like crying cause a lot of my loyal friends loved my site. It's the only thing that kept me happy. Closing my site is like death. Especially since I put a long of work on it, Now it's gonna take me forever to upload 800 megs on 56k.

 

What the hell is going on.

 

Robert M told me more about what happened than the other live support hosts. I trust him to tell me the truth and he has.

 

Robert M is the only one I trust.

 

They took my cpanel id. So they broke into TCH servers. Which apparently is not secure. So how can they send email with my cpanel id is not disclosed on anything. And my passwords are always alpha numeric. I hope to never have this problem again.

 

Marcie

[GroovyFish]

Marcie,

 

I am not going to comment on your issue, there are two sides to every story and I don't think we are getting the whole picture here. However, I will say that it is YOUR responsibility to keep your email address up to date on your account. If you don't how is TCH supposed to notify you when things like this happen? The email address is easy to update in Cpanel.

[stevevan]

I'm sorry this has happend to you. But, unfortunately, such is life on the internet. While nobody can have 100% complete effective immunity from hackers, there are several things that you can do to prevent it from happening. Allow me to take things one at a time.

 

"TCH did not send me an email and the email they had on the account was my fiancee's and the wrong email at that. How can you trust them to protect your site if your not even emailed about it. I remember a while back they told me that the only way things can be changed is having the credit card that activated the account."

This is not TCH's fault. You set up your own contact email from your CPanel. TCH would have no way of knowing what the address is, let alone if it was accurate.

 

"Robert M told me my site has to be completely deleted and to me that totally sucks i spent months on it. If not years. I only moved to this service because my fiancee recommended it. I've had my site since 1999 and never had any problems like this. This totally sucks and I can't even get a backup of all the work I've done."

Once again, it is each user's responsibility to have current backups and to make them as frequently as the user feels it is needed. (I speak from experience here! I also lost an entire site one time. Lesson learned!) TCH makes backups but only to restore from in case of hard drive failure.

 

"I never had any problems with my previous webhosts: Bravenet, Aplus.Net."

Personal opinion...You were lucky.

 

"Hot scripts is where i got my scripts. All scripts should have some sort of testing on it. Like a site where you can test your scripts or something."

From the Hotscripts own Terms of Use page:

THE HOTSCRIPTS SERVICE IS PROVIDED "AS IS" AND YOU USE IT AT YOUR SOLE RISK. HOTSCRIPTS EXPRESSLY DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.

 

WITHOUT LIMITATION, HOTSCRIPTS MAKES NO WARRANTY THAT THE HOTSCRIPTS SERVICE WILL MEET YOUR REQUIREMENTS, THAT IT WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE, THAT THE RESULTS OBTAINED FROM THE USE OF THE HOTSCRIPTS SERVICE WILL BE ACCURATE OR RELIABLE, OR THAT THE QUALITY OF ANY PRODUCTS, SERVICES, INFORMATION, OR OTHER MATERIAL OBTAINED THROUGH THE HOTSCRIPTS SERVICE WILL MEET YOUR EXPECTATIONS.

 

ANY MATERIAL DOWNLOADED OR OTHERWISE OBTAINED THROUGH THE USE OF THE HOTSCRIPTS SERVICE IS DONE AT YOUR SOLE RISK AND YOU WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO YOUR COMPUTER SYSTEM OR LOSS OF DATA THAT RESULTS FROM THE DOWNLOAD OF ANY SUCH MATERIAL..

 

"They took my cpanel id. So they broke into TCH servers. Which apparently is not secure. So how can they send email with my cpanel id is not disclosed on anything. And my passwords are always alpha numeric. I hope to never have this problem again."

To your credit, you had a little more security than some people. However, just because your passwords are alpha numeric, doesn't mean that they are easy to guess. I've seen some that were ridiculously easy to figure out. They should be as arbitrary or random as possible. If you have a hard time remembering passwords (like I do), there are several third party programs out there to help you out.

 

"I feel like crying cause a lot of my loyal friends loved my site. It's the only thing that kept me happy. Closing my site is like death. Especially since I put a long of work on it, Now it's gonna take me forever to upload 800 megs on 56k."

I can understand the frustration. Like I said, been there myself.

 

I hope this explanation helps ease the pain a little and that you (and anyone else following this thread) learned a valuable lesson.

 

In cyber space, your password is like gold. Guard it carefully and make things as difficult for potential crackers (proper terminology) to take over your site. If you are not sure of something, there are plenty of family members you can PM for advice. Good luck to you.

[OldTimer]

"I've had my site since 1999 and never had any problems like this.

This totally sucks and I can't even get a backup of all the work I've done."

 

First of sorry to here of the problem. I guess it just shows we have to make weekly if not daily backups of our sites. I agree Robert M is an ok guy. Good luck.

 

Greg

[TCH-RobertM]

Hello,

I would like to comment on this entire issue,

 

First off,

 

Your account was suspended because the account was compromised at the USER ID level.

This is 100% your responsibility to ensure that your passwords are protected, secure and rotated periodically to ensure they remain safe.

 

The person/persons that did crack your site uploaded scripts that were used to send out Illegal Phishing emails in an attempt to commit fraud. They do this by trying to trick users into using their emails which contain links to log in and update Billing record information.

 

Secondly,

The issue with the suspension form being sent to the incorrect Email address was my Staff's Fault. The domain name they sent the notice to was indeed your Fiancée’s instead of your Email address.

 

This I verified when I logged into the server and checked the accounts out on this server.

The communication error was due to the domains having the same name with the only difference being the .com vs. the .org extension.

 

The issue with removing all your code is because the entire site has been compromised it is our policy as the scripts contained on this site are now not trustworthy as the hacker has had access to everything on your site.

 

Lets look at some scenarios....

hacker gains control/access to you account...

hacker then modifies scripts, html, or even better yet puts a virus on your sites images

then users come to your site and guess what ? they get infected because

(WE) TCH did not do the needed and delete all content from your site.

Once you realized your site was down and contacted the support department, you were made aware that the site was compromised. Now the issue is this; You have a compromised site on one of our shared servers. One, which we cannot allow to remain, because the risk to the others on our shared server is too high.

 

The bottom line is this, You are responsible for your site, For you to state

How can you trust them to protect your site if your not even emailed about it

You are responsible for protecting your site, You are responsible for your data, and you are responsible for protecting the users that choose to visit your site.

We are responsible for protecting the other users on this server that have to use this server daily and cannot afford to have this server blacklisted or worse even unplugged because of one persons site being compromised.

 

Lastly,

My staff are very dedicated and respond to issues honestly, There is not one staff member working for TCH whom I have any issues with the integrity or the dedication they put forth replying to issues. They are all trustworthy.

[Head Guru]

I have some comments I would like to add to this post.

 

Firstly I am very sorry your site was compromised and I am sorry you are at a loss over your content however lets point out a few facts here.

 

Your account was hacked. It was fully compromised and was used to send out emails that are designed to steal credit card numbers, paypal logins and E-bay account information. This is a blatant violation of federal law and could lead to criminal prosecution. This is VERY VERY SERIOUS.

 

As you state in your post you have been online since 1999 and have never had issues. Since you have no idea that it is your responsibility to update your site, I think you are very lucky that this never occurred any sooner.

 

In regards to your backups, I will give you a copy of your backup provided you do no re-upload it to my server. If this means you source a new host so be it. I do not want you to loose 6 years of your work. However you MUST realize that this backup most likely contains compromised data. I can not be held accountable for what happens when you upload to your new host.

 

You state you get your scripts from hotscripts. This is not relevant to this at all. The proper maintenance and upgrading of your site lies 100% right in your lap. If you don't update your scripts your site will get compromised. It is that simple. If you expect us to maintain your scripts for $4.00 a month I think your mistaken.

 

The server was NOT compromised it was YOUR account that was. This is not our fault and this is the bottom line. You should not fault others if you simply are not aware of the facts, and you are not in this case.

 

I realize your upset but sit down and take a deep breath. Take more time to maintain your site and maybe this doesn't happen to you again.

 

Contact me directly for a backup of your site.

 

Good luck with your new host and please maintain your site in the future.

[Samrc]

If different site is compromised in the same fashion, say an outdated script allowed access, etc. I understand that site would need to be cleared out to protect everyone. I'm thankful for that policy!

 

If the site builder had a backup of the site (lets say a complete backup was made every month) would one of the backups be allowed onto the server, with the caveat that the vulnerable script be removed/updated? How far back would the backup need to be?

Or would the site not be allowed back on TCH server anyway?

[Head Guru]

We would 100% allow a older backup to be restored.

 

As you know Sam, we work with our clients. I am available 24/7 365 via cell phone which is published on the forums and am nearly online 16 hours per day and can be contacted via IM.

 

Bill

[Samrc]

We would 100% allow a older backup to be restored.

 

As you know Sam, we work with our clients. I am available 24/7 365 via cell phone which is published on the forums and am nearly online 16 hours per day and can be contacted via IM.

 

Bill

 

Yes I do know how terrific you and your staff can really be!!!

 

The web has always been a constantly changing environment. Scripts constantly are updated and replaced or patches are released to fix vulnerabilities in browsers, email systems, forms, bulletin boards, chat rooms, shopping carts and more. Seems we are constantly trying to patch holes found by nasty folk with evil intent. Even folks with the best of intent and taking responsibility for their accounts, trying to keep up with all the necessary security issues can fall behind and get "gotten".

 

I am delighted that backups would be accepted. I wasn't sure what would happen once your site has been "cracked". Knowing that puts my mind at ease. Knowing that TCH is working on their side to protect/maintain top-notch systems while we are trying on our side to protect our sites is comforting. But more so, to have a staff that does understand crapple is PRICELESS.

[marie b.]

I don't mean to be smart here but . . if you're going to maintain a website that's so obviously very important to you, doesn't it make sense to know the basics of updating scripts, changing your password every so often and backing everything up when you think it's necessary?