Dear ******,
We would like to inform you of the new security updates we are making at IX Web Hosting. In our ongoing efforts to maintain security, we have dedicated our system administration team to investigating all possible vulnerabilities. One of the necessary updates we are making to enhance security is to change all FTP passwords. This will ensure that all of the protective measures we have and will be taking remain impervious to outside influence – this includes any security compromises that exist on the Internet that may negatively affect your account.
If you experience any problems logging in to your account via FTP, please take a look at the following information to regain FTP access.
You can visit http://www.ixwebhosting.com/index.php/pages.manual14 for an in-depth tutorial with screenshots on how to update your FTP password, or you can follow the simple steps below.
- Visit https://manage.ixwebhosting.com and login.
- Look for the section called “Hosting Products” and click on the Manage button for your hosting account.
- Look for an icon called “FTP Manager” and click on it. In this area, you will find an icon that resembles a pencil and paper. Click on it to change your FTP password. Please note: to ensure the security of your website, you should not use the same password as your previous password.
It is always recommended that you choose a strong password. We have provided you with a website which will help evaluate the strength of the password you choose:
http://www.microsoft.com/protect/yourself/password/checker.mspx
We are in the process of performing several upgrades to strengthen security. As new developments are made on the server-side and in regards to your FTP account, we will be sure to keep you informed!
We would like to sincerely thank you for your understanding and also, of course, for hosting with us. If you have any questions about this topic, please contact us via ticket, live chat or our 24/7 phone support. We are here for you 24/7 and would be happy to address any concerns you might have!
Thanks again,
Sammie Taunton
Director of Customer Relations
http://www.ixwebhosting.com
————–
I thought it was a scam because all the links pointed to “rs6.net“, so I just ignored it for a while.
Later in the evening, I was going to forward the email to IXWebhosting, but on a lark decided to check out rs6.net, and found out it was a mass email company. It then occurred to me that IX might have used them, so I started digging into my sites.
I did indeed find that they had hosed ALL of my FTP passwords. This is not a big deal if you are just uploading static HTML pages with pictures of your puppies, but I have 16 sites on a PHP CMS I wrote myself. Since every site has at least one unique FTP password, and they are scattered here and there (trying to be somewhat unspecific on purpose 😉 ) it’s going to take a while to change all this.
I tried to call IX, but of course the wait was an hour, so to amuse myself I started a chat session with “customer support”. Yes, those quotes are there for a reason. I realize this may not place me in the best light, but I was REALLY ticked off. Here’s the transcript of the chat…
—————————————————————————-
Chat InformationPlease wait for a site operator to respond.
Chat InformationYou are now chatting with ‘Kirill Skripka’
Kirill Skripka: Hello, my name is Kirill. How can I help you today?
you: I got a VERY strange email today about changing my FTP passwords – I think it’s a scam – have you seen it yet, or do you know anything about it?
Kirill Skripka: That is e-mail from us. Please change your password for the FTP from your Control panel->FTP manager->Password
Kirill Skripka: All password were changed, due to ProFtpd upgrade on the server side
Kirill Skripka: Please change your FTP password and try to connect to your site via FTP again
you: Are you guys out of your minds????? How about a little notice???? I have a lot of programming changes to make for several sites!!!!!!
you: Why isn’t there anything about this on the Control Panel?
Kirill Skripka: We have send notification e-mail to all costumers
you: No, you sent notification that you had DONE it, not that you were GOING to do it
Kirill Skripka: yes, that was notification. If we sent e-mail before changing password then could be misunderstanding about when exactly we will change it and other. Also we could not check if you have read our pre-notification and only then start to change passwords
Kirill Skripka: We are honestly apologize for inconveniences caused to you
you: Do you have any REAL programmers there???? I have like 16 sites I have to change RIGHT NOW. What is WRONG with you people????????
you: You have to be out of your freaking mind if you think this is good customer service!!!!!!!
you: I’m on hold on the phone line – I’ll be speaking to a supervisor. I figure I’ll be on hold for about 90 mins. at the rate it’s going.
you: And by the way – the email LOOKS like a scam. I’m not even sure I’m really talking to IXWebhosting here.
Kirill Skripka: We are sorry again, but that was necessary move to change FTP passwords
you: Actually, no, it wasn’t. You could have let us know this was GOING to happen. I’m gonna have a bunch of VERY pissed off customers. Not unlike the way I’m pissed off with IXWebhosting right now.
you: Is there anything on the site about this?
Kirill Skripka: there should not be anything on the site. It is not non-costumers business that we have something change to our costumers. They are not allow to see that info just view our site. We have sent e-mail.
you: That’s a bunch of crap and you know it. Or you should.
you: This is completely unacceptable. I’m going to be up half the night trying to fix this.
you: Explain to me again as best you can why this had no notice.
you: Did it not occur to anyone that there might be programming issues on sites to deal with????
you: As for non-customer business – I can understand that – BUT THE EMAIL LOOKS LIKE A SCAM
Kirill Skripka: We did notice you. E-mail is the best way to do it. Pre-information will not be fine.
you: Look, child, do you have any programming experience?
you: Have you ever dealt with anything like this?
you: Do you have a supervisor there with any experience?
you: Actually, in one regard you are correct – email is the best way to contact us – but an email pointing to a page visible to us AFTER we sign in, and with a notice that “in 48 hours (or whatever) we will be upgrading…blah, blah, blah…”
you: Honestly, this is BUSH league. I will be copying this chat exchange and putting it onto a blog for other people to see.
you: People need to know what kind of stuff IXWebhosting pulls
Kirill Skripka: I want to inform you of the new security updates we are making at IX Web Hosting. In our ongoing efforts to maintain security, we have dedicated our system administration team to investigating all possible vulnerabilities. One of the necessary updates we made to enhance security was to *change all FTP passwords*. This will ensure that all of the protective measures we have and will be taking remain impervious to outside influence – this includes any security compromises that exist on the Internet that may negatively affect your account. We are in the process of performing several upgrades to strengthen security. As new developments are made on the server-side and in regards to your FTP account, we will be sure to keep you informed!
you: Yes, thank you, I read it the first time. It doesn’t make any more sense now than it did when I first read it. The problem is THERE WAS NO NOTICE. I have to go SITE BY SITE and see if there is anything I have to change. My hope is the existing passwords are all still working.
you: Honestly – do you think I had nothing better to do tonight than change all my sites. WHAT WERE YOU THINKING!!!!!???? WERE YOU THINKING??????
you: Is there a supervisor available?
Kirill Skripka: Please note, that changing FTP password do not affect your site work [NOTE: I LOVED this line! >.<]
Kirill Skripka: but you should change it to be able upload your files with FTP connection
you: You are REALLY stupid. Excuse me, but you are. THE FTP passwords are in the programs that my customers use to upload files.
you: They are embedded in the programs I wrote.
you: DO YOU HAVE A SUPERVISOR?????
Kirill Skripka: Yes, we have
you: THEN PLEASE PUT THE SUPERVISOR ON
Kirill Skripka: hold on please, let me transfer you to my supervisor
you: Thank you
Chat InformationPlease wait while I transfer the chat to ‘Yuliya Gordeeva’.
Chat InformationYou are now chatting with ‘Yuliya Gordeeva’
Yuliya Gordeeva: Hello, my name is Yuliya.
you: First, Yuliya – are you Kirill’s supervisor?
Yuliya Gordeeva: Let me read your conversation with Kirill
Yuliya Gordeeva: yes, I am
you: While you’re reading – I realize you probably can’t do anything about any of this – but I’m REALLY pissed off. This is completely unacceptable – both the way the change was handled and the idiot advice from Kirill
Yuliya Gordeeva: Please accept my apologies for some misunderstanding in the previous conversation
Yuliya Gordeeva: Let me draw your attention to that fact that our system administrators are investigating the problem related to the security of our servers in order to help customers protect their websites from any hack attempts. That is why changing all FTP password was an urgent action. Please accept my apologies that we have not informed you about such actions.
you: Yes, you sent me an email telling me you had already done it, not that you were going to do it. ALL MY SITES ARE BROKEN – EVERY LAST ONE. Well, I take that back, I’ve checked about four of them, but I’m certain they are all hosed
you: This is not in the presentation of the site to the public, but rather in the administration of the site by my clients.
Yuliya Gordeeva: As you already know we are in process of updating Apache on all
Yuliya Gordeeva: servers from 1.3.1 to 1.3.36, ProFTPd from 1.3.1 to 1.3.2
you: Again – if I’d had some notice, I could have made this a relatively transparent change.
you: Sorry, no, didn’t know that – no one notified me
you: It’s not that big a deal to me – I like upgrades, as a rule, but I needed some notice.
Yuliya Gordeeva: I’m sorry, but all your websites are not broken due to that fact that we have changed only your FTP password. Please understand that if such changes have not made all the websites can be hacked or affected by any malware
you: Since this one BROKE my passwords, it has a larger than normal effect
Yuliya Gordeeva: So all the actions were turned to increase the security of your websites
you: Excuse me, but as a matter of fact they ARE broken. I just tried several of them – not on the front end, but on the site administration for MY clients – through the PHP CMS I wrote
Yuliya Gordeeva: Please understand that you need to change only your FTP password and then use your new password to access your FTP
you: Again, I appreciate upgrading the security, but you made a false assumption that changing those passwords had a very small effect
Yuliya Gordeeva: Kindly please give it a tty
you: I’m number two on the telephone cue – I’ll see if someone there has more understanding of this. Have you ever tried programming FTP functions in PHP?
Yuliya Gordeeva: Please be sure that changing FTP password is not the only one change we made
you: It is relatively simple, but I have a lot of places to change it.
you: Thanks – I’m aware of that, and I really do appreciate the upgrade – I REALLY DO! But since they changed my passwords without any notice, I’m in a bit of a bind for time to fix it.
Yuliya Gordeeva: Please note that some widespread trojans have a functions to steal FTP passwords from user`s local PC`s and send these passwords to hackers (or special bots which were made by hackers). So please imagine that some of the password were stolen before we made such changes
Yuliya Gordeeva: and how many websites will be hacked if passwords are still the same
you: Yes, I know. It’s a very old problem. One I’m not sure we’ll ever beat as a computing community.
you: It’s not like I have a choice here, is it? 🙂
Yuliya Gordeeva: I’m really sorry that we made a couple problems for you by these changes but I hope that all that we are doing right now will save you and your websites from any hacking alerts
you: Gosh, thanks so much. Actually, it’s about 16-20 passwords, and 16-20+ scripts to change them in.
you: They were all random characters already.
Yuliya Gordeeva: I would like to assure you that we are trying to provide the best services including web service and fast technical support. We are working hard to prevent any issues from happening and doing our best in order to advance the level of services provided.
Yuliya Gordeeva: Yes, I really understand you
you: Yes, thanks. You’ve been so helpful.
Yuliya Gordeeva: You are always welcome!
you: I’ll talk to the phone support and let them know how REALLY UNHAPPY I am.
Yuliya Gordeeva: Again we deeply apologize for all inconveniences you have faced with our services and would like to say that we are more than thankful for your great patience and understanding. We will do our best to satisfy you as our customer and provide an upper-scale support and services to you.
Yuliya Gordeeva: I’m sorry, but there is really no way to restore previous passwords
Yuliya Gordeeva: So kindly please change it to the new ones
you: I’ll get right on that…
Yuliya Gordeeva: ok, that’s great. Thank you very much!
————–
(sigh) I then talked to someone with a little better command of the English language on phone support, and he said something to the effect that he’d come on at 10:30 PM and when he heard what they had done he knew it was going to be a bad night.
Well, I’m looking for a new host. Please feel free to post any of this you would like.
IX Web Hosting Warning 
