The Cache: Technology Expert's Forum
 
*
Welcome, Guest. Please login or register. September 18, 2019, 11:03:50 AM

Login with username, password and session length


Pages: [1]
  Print  
Author Topic: MediaTemple - Worst security/hosting ever  (Read 1284 times)
kurdt
Lifer
*****
Offline Offline

Posts: 1153


paha arkkitehti


View Profile
« on: November 27, 2009, 02:27:34 AM »

Oh boy MediaTemple just fucked up royally and got busted. Some of you may have seen the posts about recent MediaTemple hackings.

What happened was that yesterday lots of MediaTemple users noticed that their .htaccess and PHP files were injected with some porn links etc. MT then resetted all passwords because "they noticed suspicious activity in your account". Hackers did huge amount of logins to each account with stolen passwords. Basically what happened was that MediaTemple kept all passwords in non-encrypted form in their database. They also ask your password every time you call their support, something that should never be done with proper security measures.

Then somebody revealed that he noticed these injections started many weeks ago so MediaTemple knew about this the whole time. And now somebody pointed out that hacking might have been done with PHP5 vulnerabilities because they had old PHP5 version installed. MediaTemple has now changed some accounts to PHP4 without asking according their user forums. The worst part with this PHP issue is that they had PHP5 5.2.6 installed which had like 37 vulnerabilities that was fixed in 5.2.7. So they knew their accounts were getting hacked somehow and they didn't even install updates.

Now they have released a short guide how to remove the exploit links from your files. This was the last drop for me. First they fuck up and then they expect their customers to go thru every domain, every .htaccess file and every PHP file themselves. That's just fucking ridiculous. Are they really that fucking retard that they don't even bother to scan files for customers and send customers list of infected files. I understand that there are reasons why they probably don't want to automatically remove the injections. Scanning and reporting is the least they can do.

All I can say is that Fuck You MediaTemple for charging premium prices and not taking care of basic security updates. Only reason why I was using shared hosting was because I didn't want to stress with basic maintenance.

*edit* MediaTemple Sucks - Another happy MediaTemple customer
« Last Edit: November 27, 2009, 02:51:29 AM by kurdt » Logged

I met god and he had nothing to say to me.
nutballs
Administrator
Lifer
*****
Offline Offline

Posts: 5627


Back in my day we had 9 planets


View Profile
« Reply #1 on: November 27, 2009, 08:40:30 AM »

sure it was hackers...
Logged

I could eat a bowl of Alphabet Soup and shit a better argument than that.
Pages: [1]
  Print  
 
Jump to:  

Perkiset's Place Home   Best of The Cache   phpMyIDE: MySQL Stored Procedures, Functions & Triggers
Politics @ Perkiset's   Pinkhat's Perspective   
cache
mart
coder
programmers
ajax
php
javascript
Powered by MySQL Powered by PHP Powered by SMF 1.1.2 | SMF © 2006-2007, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks


Valid XHTML 1.0! Valid CSS!