Announcement

**dave_finlayson** · 02-Sep-2008, 07:55 AM

Change hosting companies, 3 times really isn't acceptable!

**RuralWeb** · 02-Sep-2008, 08:13 AM

yep change hosts

**Yanni** · 02-Sep-2008, 08:16 AM

My host is IXWEBHOSTING which is one of the biggest hosting companies in the globe !!. How can it be the web host ?

**leehack** · 02-Sep-2008, 08:25 AM

I've never heard of them.

**gabrielcrowe** · 02-Sep-2008, 08:25 AM

becasue we say it is.

put it this way, have you tried it?

**Mike Hughes** · 02-Sep-2008, 08:27 AM

Yanni, did you change your usernames and passwords after the previous hacks?

Mike

**dave_finlayson** · 02-Sep-2008, 08:28 AM

The only (I think) potential Actinic related issue is that the permissions could be wrong on the acatalog/dd directories. However, any host worth their fee should have been able to tell you this was the issue and how to fix it. In fact I would have thought they would have made sure they told you so you didn't think the issue was at their end. Anyway, presumably they haven't suggested it could be this so, they either haven't checked, didn't tell you, or it was nothing to do with Actinic at all.

So, regardless of which one it is, I would change host!

**Yanni** · 02-Sep-2008, 08:28 AM

It's based in the US.

What do you mean have I tried it. We are running two online shops. We pay for a year of subscription. Changing host is not like changing email addresses. We have already paid for the year !

**gabrielcrowe** · 02-Sep-2008, 08:31 AM

Originally posted by Yanni View Post

This is the third time

This comment is interesting, apparently, some events, permissions or situations on the server allow this vector to be used for compromise, several times. This leads me to belive that this is a repeatable Actinic flaw.

Originally posted by Yanni View Post

It's either the mysite.co.uk/acatalog/DD or the mysite.co.uk/acatalog that they always add the fraudulent files.

Yanni, i want you to do something VERY important here, and it'll help everyone.

Look through your logs to find the titles of the files. Post them here, you may just save some lives.

Originally posted by Yanni View Post

They also change the ownership of the directory and it becomes unable for me to delete the hacker's files and have to contact the web hosting company to do it.

No, whats actually happening is that scripts on your server can only run as the local apache security level. this means that files created by them are chowned by them. The user that interacts with the FTP has no permission to delete these files.

This last one means that a script on the server, be it one of the Actinic perl scripts, or a script on the server in question has the capability to drop/edit files on the server.

Yanni, its imperative that you tell us EXACTLY what other software is installed on your server.

I'd like nothing more than any real comments from Actinic towers on this?

**Mark H** · 02-Sep-2008, 08:34 AM

The general concensus about IX seems to be that it's marketing is considerably better than it's service. You would probably be better off with someone like 1&1 (try a Google search for something like "ixwebhosting 1&1").

PS - content warning for viewers of the IXwebhosting website - turn your sound off before you go and be ready to click the cross on the lady ASAP

**pinbrook** · 02-Sep-2008, 08:41 AM

you need to find out from your host if the hack is server wide or just your site

then you need to tell us if you are running any thing else in your webspace - anything other than actinic

ie extra cgi formmail? or php, mysql etc etc

and tell us what version of actinic - the comment from actinic is sure to be all cross scripting has been plugged in 8.5.3 onwards, therefore if its actinic that is being hacked you will have to upgrade - but we need the above info to determine this

**Yanni** · 02-Sep-2008, 08:48 AM

This is inside my logs directory:

mysite.co.uk.1219795200 gz
mysite.co.uk.1219881600 gz
mysite.co.uk.1219968000 gz
mysite.co.uk.1220054400 gz
mysite.co.uk.1220140800 gz
mysite.co.uk.1220227200 gz
mysite.co.uk 1220313600

I'm using 1&1 for registering my domain name but I haven't tried them for hosting.

Also, if a website is specific for the UK market is it better to be hosted by a UK company for better google results ?

**Yanni** · 02-Sep-2008, 08:51 AM

I'm running Actinic 8.5.1

The site has only got Actinic on it, nothing else is running in it.

We have both the .co.uk and the .com and we have found both to be vulnerable to hacker attacks. Both sites are hosted by IX and running Actinic 8.5.1.

Thanks.

**Mark H** · 02-Sep-2008, 08:53 AM

"Also, if a website is specific for the UK market is it better to be hosted by a UK company for better google results ?"

The most important thing is that it is .co.uk.

Some think that a UK host is also important, we use Webfusion (but be careful only some of their packages are UK based).

Most think that the worst from this point of view is to use a .com and a non-UK host (IX is US, 1&1 is German).

Announcement

Hackers has struck my site again

Hackers has struck my site again

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment