'No Support Linux Hosting' Shuts Down After Cyberattack (zdnet.com) 25
A web hosting company named No Support Linux Hosting announced today it was shutting down after a hacker breached its internal systems and compromised its entire operation. From a report: According to a message posted on its official site, the company said it was breached on Monday, February 8. The hacker appears to have "compromised" the company's entire operation, including its official website, admin section, and customer database. A No Support Linux Hosting (NSLH) spokesperson did not return a request for comment seeking details about the attack. But while details about the intrusion are unclear, the attack appears to have been destructive in its nature. "We can no longer operate the No Support Linux Hosting business," the company flatly acknowledged today. "All customers should immediately download backups of their websites and databases through cPanel," NSLH said, urging clients to do so before servers go down for good. At the time of writing, the nature of the NSLH attack is unclear, and we don't know if the hacker downloaded & wiped the company's database and backups or if we're talking about a classic ransomware attack where the intruder encrypted files and demanded a ransom for the decryption key.
Pretty sure I wouldn't want a back up (Score:3)
Also, couldn't they just call tech support for help getting their servers back up? Oh, wait...
Re: (Score:3)
This.
You should be downloading a backup of your site and saving it elsewhere.
What if they had just disappeared?
Fire alarm for small business SAAS customers (Score:1)
End result, we ran reports, got our data in PDF files or manually saved html pages and had to RE-ENTER it MANUALLY into our next system
Needless to say, we did not go with a mom and pop SAAS after those two disasters.
I was t
Re: (Score:2)
Your data has been encrypted with an unknown key. You have 10 minutes to download your inaccessibly encrypted data. [youtube.com]
Re:Pretty sure I wouldn't want a back up (Score:4, Informative)
I remember a long time back when I was a teenager, I was a rabid Linux Fan Boy, and I though that Linux would have me immune to all attacks and viruses. So I had my RedHat (Back when RedHat was mostly for consumer use) Linux install with all the Services Installed and running, seeing how cool I was because I had my own Web Server, Email Server, Talk server... While the other guys using Windows were using their ISP services like rubes.
However after a few years, and actually having access to the colleges T1 line, I started to find, that my system was starting to get hacked, because of all the backdoor I had opened, and how the old systems were so vulnerable to buffer overflow errors, that I had learned my lesson.
Linux may be more secure compared to windows, but it isn't secure against stupid. After that I learned to shutoff any services I don't need, do not have root as my main login, just because it was easier... use SSH over Telent...
Luckily I learned that lesson when I was a kid, and when the internet was still repetitively innocent where such a hack was inconvenient and embarrassing, but not something where I could be really damaging.
A site called no support Linux hosting. sounds like something that would have gotten my attention when I was young. Getting a Linux server that I can use, without any of those silly rules and expenses that a supported hosting company would push on you.
I don't doubt for an instant it got shut down.
Re: (Score:3)
In this case, I would be interested in seeing the total user-generated misconfiguration mess some of these servers must have been running, given the name of the hosting company. There must've been glaring security holes that could've led to whole network compromise.
Re: (Score:3)
It's pretty easy to mess up Linux security.
My 2nd linux install I was making a Fax-to-website server, and I set it up so each part of the process (fax receipt, OCR, website, etc.) was set to run under a different account that was given only the permissions it needed. 'faxd' 'ocrd' 'webd' etc. run with some command parameter like '-u faxd' it all worked great.
a few months later I noticed that none of those account had logged in in months? turned out the command with the -u parameter expected a **numeric** UI
Re:Pretty sure I wouldn't want a back up (Score:4, Informative)
I was a customer. It was a decent deal in that it was $1/mo. But you didn't get a linux server that you can use. You got a severely locked down little piece of a linux server with very little disk space and a poorly updated cpanel.
Why are they trowing the towel so easily? (Score:2)
Re: (Score:1)
Re:Why are they trowing the towel so easily? (Score:5, Insightful)
They got it up and running, made a little bit of money, but then it didn't IPO. That was 10 years ago (at least based on the archive.org history of the domain) and they've since lost interest and moved on to the next project. They've let it slowly bring in money since then, but now that they have to do more than just collect the money, it's not worth it.
At least that's my guess.
Re: (Score:1)
Either this or it was an inside job wherein literally everyone inside was in on the job.
Re: Why are they trowing the towel so easily? (Score:2)
Re: (Score:2)
This! I'm reading the summary going "I'd stay away from anyone using cPanel..."
No Fuks Linux Hosting (Score:2)
Linux hosting. You pay us, minimally. No fuks given.
Re: (Score:2)
No fscks Linux hosting: filesystems run in permadeath mode
hahaha CPANEL (Score:4, Interesting)
CPANEL, enough said
the list of CVE over the years with worse than 5 out of 10 badness is scary
5/5 Would use again (Score:2)
...I mean, it says it right on the tin, right? "No Support." Totally lived up to its name!
Reminds me of a nameless client of a nameless MSP I once worked for. They got ransom'd thrice, after ignoring our advice and undoing all our work to secure them. Too stupid to live, is the trope, right? Textbook them.
Last one was as I turned in my resignation to that MSP's owner. I did so with a grin on my face, knowing full well from the sounds of the office that our star client had just been had *again*, right
This is just a white label rebrand service (Score:2)
Former customer (Score:5, Funny)
Re:Former customer (Score:4, Interesting)
Funny enough.
I tried using them a few years back, but their ssh host keys kept changing. I actually DID contact their support, because that's not supposed to happen.
I asked how I'm supposed to know I'm not being middled. They say their host keys change sometimes, just accept it, basically.
I closed the account due to "not getting security". I kept getting invoiced. Now they got pwned and I won't get invoiced anymore it sounds like.
But the business model is still pretty good! Just done without cpanel. And with basic security considerations.
One of the hosting providers I currently has so little support that I have to explain to the person answering the ticket what I'm asking for. But the machines are stable and they do stick with the ticket until the customer is happy, so I guess that's close enough and they're nearly as cheap.
Re: (Score:1)
Can you share what hosting are you using now?
Apparently "No clue Linux hosting" as well (Score:2)
Not selling support is one thing, but apparently having no security in place is quite another.