IX Web Hosting changes ALL FTP Passwords without warning.

Posted: February 20, 2009 in IX Web Hosting
Tags: , , , , , , , , , , ,

During the past 2 days I have been bombarded with unhappy IX Web Hosting customers that can no longer update / change their files because IX Web Hosting changed  ALL FTP Passwords without warning.

Here is one  Email I recieved today.

Dear  ******,

We would like to inform you of the new security updates we are making at IX Web Hosting. In our ongoing efforts to maintain security, we have dedicated our system administration team to investigating all possible vulnerabilities. One of the necessary updates we are making to enhance security is to change all FTP passwords. This will ensure that all of the protective measures we have and will be taking remain impervious to outside influence – this includes any security compromises that exist on the Internet that may negatively affect your account.

If you experience any problems logging in to your account via FTP, please take a look at the following information to regain FTP access.

You can visit http://www.ixwebhosting.com/index.php/pages.manual14 for an in-depth tutorial with screenshots on how to update your FTP password, or you can follow the simple steps below.

  • Visit https://manage.ixwebhosting.com and login.
  • Look for the section called “Hosting Products” and click on the Manage button for your hosting account.
  • Look for an icon called “FTP Manager” and click on it. In this area, you will find an icon that resembles a pencil and paper. Click on it to change your FTP password. Please note: to ensure the security of your website, you should not use the same password as your previous password.

It is always recommended that you choose a strong password. We have provided you with a website which will help evaluate the strength of the password you choose:
http://www.microsoft.com/protect/yourself/password/checker.mspx

We are in the process of performing several upgrades to strengthen security. As new developments are made on the server-side and in regards to your FTP account, we will be sure to keep you informed!

We would like to sincerely thank you for your understanding and also, of course, for hosting with us. If you have any questions about this topic, please contact us via ticket, live chat or our 24/7 phone support. We are here for you 24/7 and would be happy to address any concerns you might have!

Thanks again,

Sammie Taunton
Director of Customer Relations
http://www.ixwebhosting.com 

————–

I thought it was a scam because all the links pointed to “rs6.net“, so I just ignored it for a while.

Later in the evening, I was going to forward the email to IXWebhosting, but on a lark decided to check out rs6.net, and found out it was a mass email company.  It then occurred to me that IX might have used them, so I started digging into my sites.

I did indeed find that they had hosed ALL of my FTP passwords.  This is not a big deal if you are just uploading static HTML pages with pictures of your puppies, but I have 16 sites on a PHP CMS I wrote myself.  Since every site has at least one unique FTP password, and they are scattered here and there (trying to be somewhat unspecific on purpose 😉  ) it’s going to take a while to change all this.

I tried to call IX, but of course the wait was an hour, so to amuse myself I started a chat session with “customer support”.  Yes, those quotes are there for a reason.  I realize this may not place me in the best light, but I was REALLY ticked off.  Here’s the transcript of the chat…

—————————————————————————-

Chat InformationPlease wait for a site operator to respond.

Chat InformationYou are now chatting with ‘Kirill Skripka’

Kirill Skripka: Hello, my name is Kirill. How can I help you today?

you: I got a VERY strange email today about changing my FTP passwords – I think it’s a scam – have you seen it yet, or do you know anything about it?

Kirill Skripka: That is e-mail from us. Please change your password for the FTP from your Control panel->FTP manager->Password

Kirill Skripka: All password were changed, due to ProFtpd upgrade on the server side

Kirill Skripka: Please change your FTP password and try to connect to your site via FTP again

you: Are you guys out of your minds????? How about a little notice???? I have a lot of programming changes to make for several sites!!!!!!

you: Why isn’t there anything about this on the Control Panel?

Kirill Skripka: We have send notification e-mail to all costumers

you: No, you sent notification that you had DONE it, not that you were GOING to do it

Kirill Skripka: yes, that was notification. If we sent e-mail before changing password then could be misunderstanding about when exactly we will change it and other. Also we could not check if you have read our pre-notification and only then start to change passwords

Kirill Skripka: We are honestly apologize for inconveniences caused to you

you: Do you have any REAL programmers there???? I have like 16 sites I have to change RIGHT NOW. What is WRONG with you people????????

you: You have to be out of your freaking mind if you think this is good customer service!!!!!!!

you: I’m on hold on the phone line – I’ll be speaking to a supervisor. I figure I’ll be on hold for about 90 mins. at the rate it’s going.

you: And by the way – the email LOOKS like a scam. I’m not even sure I’m really talking to IXWebhosting here.

Kirill Skripka: We are sorry again, but that was necessary move to change FTP passwords

you: Actually, no, it wasn’t. You could have let us know this was GOING to happen. I’m gonna have a bunch of VERY pissed off customers. Not unlike the way I’m pissed off with IXWebhosting right now.

you: Is there anything on the site about this?

Kirill Skripka: there should not be anything on the site. It is not non-costumers business that we have something change to our costumers. They are not allow to see that info just view our site. We have sent e-mail.

you: That’s a bunch of crap and you know it. Or you should.

you: This is completely unacceptable. I’m going to be up half the night trying to fix this.

you: Explain to me again as best you can why this had no notice.

you: Did it not occur to anyone that there might be programming issues on sites to deal with????

you: As for non-customer business – I can understand that – BUT THE EMAIL LOOKS LIKE A SCAM

Kirill Skripka: We did notice you. E-mail is the best way to do it. Pre-information will not be fine.

you: Look, child, do you have any programming experience?

you: Have you ever dealt with anything like this?

you: Do you have a supervisor there with any experience?

you: Actually, in one regard you are correct – email is the best way to contact us – but an email pointing to a page visible to us AFTER we sign in, and with a notice that “in 48 hours (or whatever) we will be upgrading…blah, blah, blah…”

you: Honestly, this is BUSH league. I will be copying this chat exchange and putting it onto a blog for other people to see.

you: People need to know what kind of stuff IXWebhosting pulls

Kirill Skripka: I want to inform you of the new security updates we are making at IX Web Hosting. In our ongoing efforts to maintain security, we have dedicated our system administration team to investigating all possible vulnerabilities. One of the necessary updates we made to enhance security was to *change all FTP passwords*. This will ensure that all of the protective measures we have and will be taking remain impervious to outside influence – this includes any security compromises that exist on the Internet that may negatively affect your account. We are in the process of performing several upgrades to strengthen security. As new developments are made on the server-side and in regards to your FTP account, we will be sure to keep you informed!

you: Yes, thank you, I read it the first time. It doesn’t make any more sense now than it did when I first read it. The problem is THERE WAS NO NOTICE. I have to go SITE BY SITE and see if there is anything I have to change. My hope is the existing passwords are all still working.

you: Honestly – do you think I had nothing better to do tonight than change all my sites. WHAT WERE YOU THINKING!!!!!???? WERE YOU THINKING??????

you: Is there a supervisor available?

Kirill Skripka: Please note, that changing FTP password do not affect your site work  [NOTE:  I LOVED this line!  >.<]

Kirill Skripka: but you should change it to be able upload your files with FTP connection

you: You are REALLY stupid. Excuse me, but you are. THE FTP passwords are in the programs that my customers use to upload files.

you: They are embedded in the programs I wrote.

you: DO YOU HAVE A SUPERVISOR?????

Kirill Skripka: Yes, we have

you: THEN PLEASE PUT THE SUPERVISOR ON

Kirill Skripka: hold on please, let me transfer you to my supervisor

you: Thank you

Chat InformationPlease wait while I transfer the chat to ‘Yuliya Gordeeva’.

Chat InformationYou are now chatting with ‘Yuliya Gordeeva’

Yuliya Gordeeva: Hello, my name is Yuliya.

you: First, Yuliya – are you Kirill’s supervisor?

Yuliya Gordeeva: Let me read your conversation with Kirill

Yuliya Gordeeva: yes, I am

you: While you’re reading – I realize you probably can’t do anything about any of this – but I’m REALLY pissed off. This is completely unacceptable – both the way the change was handled and the idiot advice from Kirill

Yuliya Gordeeva: Please accept my apologies for some misunderstanding in the previous conversation

Yuliya Gordeeva: Let me draw your attention to that fact that our system administrators are investigating the problem related to the security of our servers in order to help customers protect their websites from any hack attempts. That is why changing all FTP password was an urgent action. Please accept my apologies that we have not informed you about such actions.

you: Yes, you sent me an email telling me you had already done it, not that you were going to do it. ALL MY SITES ARE BROKEN – EVERY LAST ONE. Well, I take that back, I’ve checked about four of them, but I’m certain they are all hosed

you: This is not in the presentation of the site to the public, but rather in the administration of the site by my clients.

Yuliya Gordeeva: As you already know we are in process of updating Apache on all

Yuliya Gordeeva: servers from 1.3.1 to 1.3.36, ProFTPd from 1.3.1 to 1.3.2

you: Again – if I’d had some notice, I could have made this a relatively transparent change.

you: Sorry, no, didn’t know that – no one notified me

you: It’s not that big a deal to me – I like upgrades, as a rule, but I needed some notice.

Yuliya Gordeeva: I’m sorry, but all your websites are not broken due to that fact that we have changed only your FTP password. Please understand that if such changes have not made all the websites can be hacked or affected by any malware

you: Since this one BROKE my passwords, it has a larger than normal effect

Yuliya Gordeeva: So all the actions were turned to increase the security of your websites

you: Excuse me, but as a matter of fact they ARE broken. I just tried several of them – not on the front end, but on the site administration for MY clients – through the PHP CMS I wrote

Yuliya Gordeeva: Please understand that you need to change only your FTP password and then use your new password to access your FTP

you: Again, I appreciate upgrading the security, but you made a false assumption that changing those passwords had a very small effect

Yuliya Gordeeva: Kindly please give it a tty

you: I’m number two on the telephone cue – I’ll see if someone there has more understanding of this. Have you ever tried programming FTP functions in PHP?

Yuliya Gordeeva: Please be sure that changing FTP password is not the only one change we made

you: It is relatively simple, but I have a lot of places to change it.

you: Thanks – I’m aware of that, and I really do appreciate the upgrade – I REALLY DO! But since they changed my passwords without any notice, I’m in a bit of a bind for time to fix it.

Yuliya Gordeeva: Please note that some widespread trojans have a functions to steal FTP passwords from user`s local PC`s and send these passwords to hackers (or special bots which were made by hackers). So please imagine that some of the password were stolen before we made such changes

Yuliya Gordeeva: and how many websites will be hacked if passwords are still the same

you: Yes, I know. It’s a very old problem. One I’m not sure we’ll ever beat as a computing community.

you: It’s not like I have a choice here, is it? 🙂

Yuliya Gordeeva: I’m really sorry that we made a couple problems for you by these changes but I hope that all that we are doing right now will save you and your websites from any hacking alerts

you: Gosh, thanks so much. Actually, it’s about 16-20 passwords, and 16-20+ scripts to change them in.

you: They were all random characters already.

Yuliya Gordeeva: I would like to assure you that we are trying to provide the best services including web service and fast technical support. We are working hard to prevent any issues from happening and doing our best in order to advance the level of services provided.

Yuliya Gordeeva: Yes, I really understand you

you: Yes, thanks. You’ve been so helpful.

Yuliya Gordeeva: You are always welcome!

you: I’ll talk to the phone support and let them know how REALLY UNHAPPY I am.

Yuliya Gordeeva: Again we deeply apologize for all inconveniences you have faced with our services and would like to say that we are more than thankful for your great patience and understanding. We will do our best to satisfy you as our customer and provide an upper-scale support and services to you.

Yuliya Gordeeva: I’m sorry, but there is really no way to restore previous passwords

Yuliya Gordeeva: So kindly please change it to the new ones

you: I’ll get right on that…

Yuliya Gordeeva: ok, that’s great. Thank you very much!

————–

(sigh)  I then talked to someone with a little better command of the English language on phone support, and he said something to the effect that he’d come on at 10:30 PM and when he heard what they had done he knew it was going to be a bad night.

Well, I’m looking for a new host.  Please feel free to post any of this you would like.

Advertisements
Comments
  1. root@ix says:

    @neverixweb: I am sorry about your problem. I would be happy to help you fix it. Posting this article on the blog probably took you 30 minutes to read it, changing 12 ftp password would have probably taken you 10 minutes. Of course, that’s beside the point.

    I will explain the reason behind ftp change: It came to our attention that through a malware called antivirus 2009 (google for it), a large number of people got their ftp passwords stolen. With those ftp passwords, an attacker can (and did) upload a .htaccess file that would redirect visitors of that particular site to HIS site, where he would infect them. THus gaining even more passwords.

    We sent an email a few months ago about this issue, with directions on how to disinfect yourself. We looked for and cleaned .htaccess files daily, only to have them back hours after. We tried to email known infected users and ask them to change their passwords, and the response was below 2%. We even wrote a proftpd module that would look for specific strings in the uploaded file, and quarantine it if it contained the redirect. However, whatever we did, the maliciuous user would adapt to it, creating even more problems, and (as he had ftp passwords) potentialy creating even more harm.

    I am not saying you are right or you are right, but we had to do something, so with the risk of upsetting some users (like you), we did something to protect all users. I am sure we can find ways to make you happy again. Our principal goal right now is to increase security, and protect our users.

  2. neverixweb says:

    @ root@ix

    The above issue does not at all affect me, I no longer host any of my sites with ix web hosting, the above issue, along with lots more are posted to me.

    Anyway, thank you for your time posting the previous 2 replies, with some explaination. If you would please take a few minutes to read all the “Comments” you will soon notice that most customers, ( me included ) did not have a mayor issue with the security issues ix web hosting has, EVERY web host can potentially be hacked, and injected. However, the fact that for over 10 months, ix web hosting knew they were under attack, they knew the issue was on the root servers, and that the problem was not customer related, but for more than 10 months, ix web hosting blatently lied about the issues. This as you will see, is the reason why everyone is so disappointed with ix web hosting.

    I really hope that one day soon, ix web hosting will be like they were 2-4 years ago.

    If ix web hosting would like me to post their side of the story, please feel free to send it to me, and I will gladly post it.

  3. root@ix says:

    @neverixweb:

    The main problem that i can see reading between the lines in the comments, is not the level of service (which I know it has dramatically improved in the past year), but the quality of helpdesk/techsupport. We are aware about that and we’re working in that direction also but it is my oppionion this will take a while.

    I know we still have technical problems also, but we work on fixing them.

    And as far as the “blatant lies” go, I am not necesarily contradicting you, but I would blame some issues on miscommunication, and misunderstanding. I’ve seen cases where customer A would call and say “my ftp is not working”, a CR rep would contact me, I will verify the issue, and determine it’s caused by the firewall on customer side. 5 minutes later, customer B would call and the same CR rep, without talking to a sysadmin would tell the customer “it’s your firewall”. Of course, this is OUR fault, not customer B’s fault. I take blame for that. But we’re working on it. We’re retraining our reps every time such issue is brought to our attention, and we even let them go if they go through too many retrainings.

    I promise you there will be a day (not too far in the future) when you will come back to IX and you will be happy here.

  4. ProNet says:

    Fathi Said (root@ix) keep your stupid promise to your self, you and your company are no more then a repeated failure from past (Feature Price first and IX second), I’ll cover my losses and cut further time waist by finding a new host asap.

  5. Mike says:

    FINALLY, all of my sites have now been removed from IX Webhosting since the great security debacle of May 2008 – present.

    It makes me sad because I used to really like them. However, I simply can never trust them again to fix or repair any security issues, and therefor I had to move on.

  6. root@ix says:

    ProNet: you’ll be surprised to learn Fathi Said is NOT root@ix. My first name is Tiberiu, and I am a system administrator here.

    Also, your bashing of the company (“you and your company are no more then a repeated failure from past”) looks like you’re paid by the competition to ruin our image. Nice try. It didn’t work.

  7. montana600 says:

    Bullshit root@ix.

    I’m a long time IX customer who got SCREWED by your shitastic security failrues since May. All of my sites were destroyed by the Yahoo insertion among other frequent hackings and malware.
    I did everything I could to wait for IX to fix this, and they never did. “oh, just two more weeks, just two more weeks”. Meanwhile Google blacklists my sites because of malware which cuts my page rank in half because you couldn’t figure out a damn thing.

  8. sunny says:

    Hi Root@ix
    Believe me since oct/nov 2008 the IXWebhosting has gone down both in term of service and quality. I have around 25 sites hosted on IX for last 2 year and now i am crying.

    The worst thing that NOW you people lack the ability to solve a problem. Whatever given to, you simple say Sorry!

    Recently one of you excellent chat support engineer suggested me to buy SSL for a static 10 pages html site and the problem was .htaccess hacking ( redirecting to another site )
    And he told me that I should look after my site we are not responsible for anything, our servers work great. such a stupid answer from the support.

    And Mr root@ix if you think I am paid for this I can provide you the ticket number and chat details because later I complained about it.

    You tech people are not able to solve a simple .htaccess issues in two month. My site was down for two month because it was using a simple rewrite code ( htaccess ) which was working fine with hostgator, lunarpage, and godaddy, huh!

    there a numerous incident in last 5 months. I am simply pissed of.

    Four Stars you. F*** off

  9. root@ix says:

    Montana600: discussing this on forums and comments on blogs rarely solve anything. I would gladly take a look at your sites if you’d put in a ticket. please ask in a ticket that the SA Department manager look at it, and I will.

    sunny: please provide me the ticket number, I will fix your problem. or if I cannot, you’ll get a good explanation with why.

  10. Mike says:

    Root thank you for your help but I have now removed all sites from IX webhosting to a new host.

    I hope you guys fix your problems. I really liked your service until 2008.

  11. ken says:

    Hello.

    It is sad to see how immature the conversation was between Kirill Skripka and the presumed owner of this website. Yes, it is a chore to change 16 FTP passwords. It would definitely take less time to just change them compared to the time it takes to have a meaningless conversation with tech support. What about all the other people on hold that actually have real issues? Real web-related issues. Not unproductive anger-related issues.

    Are you seriously updating all 16 sites the same day? Why not just change each FTP password as you need to access them?

    Just my two cents.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s