Helping IX Web hosting secure their servers.

Posted: May 25, 2009 in IX Web Hosting
Tags: , , , , , ,

Now we ALL know how rude, stuckup, obnoxious and un-caring the majority ( not all, some deserve respect) of IX Web Hosting’s Support are, so the following REAL LIFE examples will not come as a surprise to most of you.

These 2 examples were reported to IX Web Hosting in Jan. 2008, 3 months BEFORE the May disaster that led to 10’s of servers being seeded, and up to 200,000 sites infected… Now let me be clear, that these examples are probably not related to what happened, but the OBNOXIOUS mentality of IX Web Hosting definitely has!!…

Please note, that these issues have now been fixed ( otherwise I would not post them here) 

ISSUE 1 :

” – Using phpshell and runing the chsh program on server side
the users are able to change their default shell from /bin/nologin to any other shell and get

access to the IX servers by ssh
.
I hope my effort to inform you about the flaw will you not understand as a malicious activity. ”

 

IX’s RESPONSE :

” – Although pointing out that minor security flaw wasn’t viewed as malicious activity, please understand that any other attempts to hack into our system will be viewed as such, and it will be treated according to our policies.

 

?? !! What not even a Thank You!!??… Nope.. wayyyyy to obnoxious for a Thank You!!

ISSUE 2 :


The default installation of IX’s “click and install” E-commerce software allows read and write rights to users directory to anyone on the internet. You probably  have lot of affected users..

( No state of the art hacking needed. There is a nice php admin interface without password. OK, I know what is in your mind: You will notice at the first login that nobody asked your admin password. The trap is that the admin interface is linked only in to the cPanel and when you access it you have the feeling that the password authentication is missing because the authentication is derived from your cPanel access (as in many other applications and settings in cPanel). After all, a hacker can easily upload a malicious php file and execute some nice exec() calls affecting the rest of your domains hosted by IX webhosting.)

IX’s Response : ( you’re gonna luv this one!!)

“If you don’t like it, don’t use our Easy Install products.”

Ooooohhh Yes, it is good to be appreciated!!

Credits to ZolTan for the info
zzixserver2


 




 
Advertisements
Comments
  1. Kaycee Orio says:

    wow, that server looks ridiculous! I’ve compared different web hosting services, here’s a collection of IX Web Hosting complaints

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s