IX Web Hosting Warning

Unreliable, Insecure, Incompetant Web Hosting

Helping IX Web hosting secure their servers.

Now we ALL know how rude, stuckup, obnoxious and un-caring the majority ( not all, some deserve respect) of IX Web Hosting’s Support are, so the following REAL LIFE examples will not come as a surprise to most of you.

These 2 examples were reported to IX Web Hosting in Jan. 2008, 3 months BEFORE the May disaster that led to 10’s of servers being seeded, and up to 200,000 sites infected… Now let me be clear, that these examples are probably not related to what happened, but the OBNOXIOUS mentality of IX Web Hosting definitely has!!…

Please note, that these issues have now been fixed ( otherwise I would not post them here) 

ISSUE 1 :

” – Using phpshell and runing the chsh program on server side
the users are able to change their default shell from /bin/nologin to any other shell and get
access to the IX servers by ssh.
I hope my effort to inform you about the flaw will you not understand as a malicious activity. ”

 

IX’s RESPONSE :

” – Although pointing out that minor security flaw wasn’t viewed as malicious activity, please understand that any other attempts to hack into our system will be viewed as such, and it will be treated according to our policies.

 

?? !! What not even a Thank You!!??… Nope.. wayyyyy to obnoxious for a Thank You!!

ISSUE 2 :


The default installation of IX’s “click and install” E-commerce software allows read and write rights to users directory to anyone on the internet. You probably  have lot of affected users..

( No state of the art hacking needed. There is a nice php admin interface without password. OK, I know what is in your mind: You will notice at the first login that nobody asked your admin password. The trap is that the admin interface is linked only in to the cPanel and when you access it you have the feeling that the password authentication is missing because the authentication is derived from your cPanel access (as in many other applications and settings in cPanel). After all, a hacker can easily upload a malicious php file and execute some nice exec() calls affecting the rest of your domains hosted by IX webhosting.)

IX’s Response : ( you’re gonna luv this one!!)

“If you don’t like it, don’t use our Easy Install products.”

Ooooohhh Yes, it is good to be appreciated!!

Credits to ZolTan for the info
zzixserver2


 




 

May 25, 2009 - Posted by neverixweb | IX Web Hosting | , , , , , , | No Comments Yet

No comments yet.

Leave a comment

« Previous | Next »