Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security IT

'No Support Linux Hosting' Shuts Down After Cyberattack (zdnet.com) 25

A web hosting company named No Support Linux Hosting announced today it was shutting down after a hacker breached its internal systems and compromised its entire operation. From a report: According to a message posted on its official site, the company said it was breached on Monday, February 8. The hacker appears to have "compromised" the company's entire operation, including its official website, admin section, and customer database. A No Support Linux Hosting (NSLH) spokesperson did not return a request for comment seeking details about the attack. But while details about the intrusion are unclear, the attack appears to have been destructive in its nature. "We can no longer operate the No Support Linux Hosting business," the company flatly acknowledged today. "All customers should immediately download backups of their websites and databases through cPanel," NSLH said, urging clients to do so before servers go down for good. At the time of writing, the nature of the NSLH attack is unclear, and we don't know if the hacker downloaded & wiped the company's database and backups or if we're talking about a classic ransomware attack where the intruder encrypted files and demanded a ransom for the decryption key.
This discussion has been archived. No new comments can be posted.

'No Support Linux Hosting' Shuts Down After Cyberattack

Comments Filter:
  • by rsilvergun ( 571051 ) on Tuesday February 09, 2021 @04:32PM (#61045426)
    pulled from a company so completely hosed by a hacker they shut down entirely.

    Also, couldn't they just call tech support for help getting their servers back up? Oh, wait...
    • by redback ( 15527 )

      This.

      You should be downloading a backup of your site and saving it elsewhere.

      What if they had just disappeared?

      • Had two different SAAS vendors shut down with 30 days notice which my business used for invoicing and CRM. Small, cheap SAAS means high risk they will shut down without enough warning, tell you to pull your own data, and be unable to do any any data extract even if you pay them.

        End result, we ran reports, got our data in PDF files or manually saved html pages and had to RE-ENTER it MANUALLY into our next system

        Needless to say, we did not go with a mom and pop SAAS after those two disasters.

        I was t
    • by jellomizer ( 103300 ) on Tuesday February 09, 2021 @04:50PM (#61045494)

      I remember a long time back when I was a teenager, I was a rabid Linux Fan Boy, and I though that Linux would have me immune to all attacks and viruses. So I had my RedHat (Back when RedHat was mostly for consumer use) Linux install with all the Services Installed and running, seeing how cool I was because I had my own Web Server, Email Server, Talk server... While the other guys using Windows were using their ISP services like rubes.
      However after a few years, and actually having access to the colleges T1 line, I started to find, that my system was starting to get hacked, because of all the backdoor I had opened, and how the old systems were so vulnerable to buffer overflow errors, that I had learned my lesson.

      Linux may be more secure compared to windows, but it isn't secure against stupid. After that I learned to shutoff any services I don't need, do not have root as my main login, just because it was easier... use SSH over Telent...
      Luckily I learned that lesson when I was a kid, and when the internet was still repetitively innocent where such a hack was inconvenient and embarrassing, but not something where I could be really damaging.

      A site called no support Linux hosting. sounds like something that would have gotten my attention when I was young. Getting a Linux server that I can use, without any of those silly rules and expenses that a supported hosting company would push on you.

      I don't doubt for an instant it got shut down.

      • In this case, I would be interested in seeing the total user-generated misconfiguration mess some of these servers must have been running, given the name of the hosting company. There must've been glaring security holes that could've led to whole network compromise.

        • by Kaenneth ( 82978 )

          It's pretty easy to mess up Linux security.

          My 2nd linux install I was making a Fax-to-website server, and I set it up so each part of the process (fax receipt, OCR, website, etc.) was set to run under a different account that was given only the permissions it needed. 'faxd' 'ocrd' 'webd' etc. run with some command parameter like '-u faxd' it all worked great.

          a few months later I noticed that none of those account had logged in in months? turned out the command with the -u parameter expected a **numeric** UI

      • by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Wednesday February 10, 2021 @10:00AM (#61047274) Homepage Journal

        I was a customer. It was a decent deal in that it was $1/mo. But you didn't get a linux server that you can use. You got a severely locked down little piece of a linux server with very little disk space and a poorly updated cpanel.

  • Any business would try to recover or rebuild the brand after a disaster.
  • Linux hosting. You pay us, minimally. No fuks given.

  • hahaha CPANEL (Score:4, Interesting)

    by iggymanz ( 596061 ) on Tuesday February 09, 2021 @04:55PM (#61045508)

    CPANEL, enough said

    the list of CVE over the years with worse than 5 out of 10 badness is scary

  • ...I mean, it says it right on the tin, right? "No Support." Totally lived up to its name!

    Reminds me of a nameless client of a nameless MSP I once worked for. They got ransom'd thrice, after ignoring our advice and undoing all our work to secure them. Too stupid to live, is the trope, right? Textbook them.

    Last one was as I turned in my resignation to that MSP's owner. I did so with a grin on my face, knowing full well from the sounds of the office that our star client had just been had *again*, right

  • This service is a white label rebrand of Shanje, which you also have never heard of, right down to the plain "taking our ball and going home" screen: http://shanje.com/ [shanje.com]
  • by jemtallon ( 1125407 ) on Tuesday February 09, 2021 @06:12PM (#61045742) Journal
    So many years ago I don't think the term "cloud" existed yet, I had a website I wanted to host but I didn't really give a crap about it. I just wanted the cheapest place to drop some flat HTML files I could find and I found No Support Linux Hosting. Their model of "if you have to contact us for something, we probably don't want you" resonated with me as a nerd and the price was perfect (I think $1 if I'm remembering correctly?). It felt like it was a pet project of some admin who also wanted a place to host some sites they didn't care about and figured they'd split the cost as long as it didn't cost them a minute of their time. I'm not at all surprised that they're shutting down - cleaning up from a hack is work and the entire business model is that they don't want to do any work. Well done, mates. You did exactly what you said you'd do from start to finish. That's a level of integrity and laziness I can respect.
    • Re:Former customer (Score:4, Interesting)

      by bill_mcgonigle ( 4333 ) * on Tuesday February 09, 2021 @06:46PM (#61045852) Homepage Journal

      Funny enough.

      I tried using them a few years back, but their ssh host keys kept changing. I actually DID contact their support, because that's not supposed to happen.

      I asked how I'm supposed to know I'm not being middled. They say their host keys change sometimes, just accept it, basically.

      I closed the account due to "not getting security". I kept getting invoiced. Now they got pwned and I won't get invoiced anymore it sounds like.

      But the business model is still pretty good! Just done without cpanel. And with basic security considerations.

      One of the hosting providers I currently has so little support that I have to explain to the person answering the ticket what I'm asking for. But the machines are stable and they do stick with the ticket until the customer is happy, so I guess that's close enough and they're nearly as cheap.

  • Not selling support is one thing, but apparently having no security in place is quite another.

No spitting on the Bus! Thank you, The Mgt.

Working...