This week has been a complete disaster for 1000’s of IX Web Hosting’s  customers.

reported-web-forgeryx

A new wave of the .htaccess injection is affecting 1000’s of sites, but things just get worse and worse, Google is flagging sites hosted by IX Web Hosting because of the sites being redirected to infected sites.
Some customers sites are even getting “Splashed” by Google with “‘Reported Attack Site’ ” can you imagine spending YEARS building up a reputation and then having your site and your reputation  Destroyed because of a hosting company that after 10 MONTHS!! still cannot and has not fixed this security issue…

10 MONTHS!!!  IX WEB HOSTING… You should be ASHAMED!!

Here is an example of someone who has spent YEARS working hard to build a (basic) website and a reputation, and all was lost…

This is the third time I’ve requested review and had it result in a continuation of the ban. I’m a simple artist trying to make a living while going to school. My reputation is being destroyed by this, as well as my art. I’m not a programmer but I know my html that I wrote for my site, and it’s ridiculously simple. All the 3 pages, even though it was said there where 5 pages, that were listed in webmaster tools were the same exact html files I wrote. These were:
 http://www.****art.com/ADAbout.html
http://www.****art.com/ADBreedKirin.html
http://www.****art.com/Itemhtml/directions.html     { Links killed by neverix}

I’ve downloaded and looked at the code of each of these, finding nothing wrong with them.
I also have called my Host, IXwebhosting, who crawled through my site and looked at my files. They said they couldn’t find anything either and that there seemed to be nothing wrong. They also said the ‘Reported Attack Site’ html page google slapped on top of my index wasn’t showing up for them. I had posted once on this forum before with the question: ‘WHERE is the malicious code showing up,’ and I was told how to submit a review. Google is ruining my reputation, my site, my client base, and wasting my precious time. I don’t know what to do anymore, because nothing I have done seems to have worked. I re-uploaded my site, changed permissions to 444, removed any kind of php and unnecessary files, changed my two user passwords to more secure ones, and everything else I’ve mentioned in the above text. I don’t know what else to do. I’ve spent years establishing that site and it’s reputation…years now wasted and ruined.  Please someone help me.

I hereby invite IX WEB HOSTING to send me their side of the story about this issue, I will post it on this blog for everyone to read…  It’s only fair to hear both sides of the story.

And NO, this is not just a “One Off”  see 1000’s more : http://www.google.com/search?hl=en&safe=off&q=%27Reported+Attack+Site%27+ix+web&start=0&sa=N

 

Advertisements

From a Unhappy  IX  customer

I was beginning to think I was crazy. My site would get hacked and I would change the password. This would keep happening over and over. Yet every time I would call in they would say it was my fault. Well today I discovered that once again my site had been hacked as well as all the other domains in my userid for them.  While going through one of my sub domains I found a hackers control panel which I downloaded and took a screen shot. I even looked around in it. I realized quite quickly that I had server root access and I could see other peoples files like I was on a regular computer. This control panel seems to have it all. Anyway here is a screen shot for all you who wonder what is going on:

I have marked my info out to spare me as well as the folder I was browsing. But this control panel seems to have any exploits you want on it with very little effort.  It even has a handy self kill button which I used. Of course I am sure they will be back and hack right back in. Meanwhile I have to look into another host.

IXhackerscreen6

CLICK ON IMAGE FOR LARGER PREVIEW

 

First of all, lets break this down for the wise folks at ix web hosting that follow these rantings..

100% ….. 30 day(s) …. Money Back ….. Guarantee 

Sounds good, but is this really true??.. or are the small letters hidden in some dark corner.. Well we found someone that gave it a try, and here is the story…..

PACKAGE :  Business package incl. 2 FREE domain names

PRICE PAID: With their end-of-year special, I even got a special price ($17.27 for three months, with a year agreement)  and paid $95.40 via credit card for a year’s worth of service.

CANCELLED : on day 30 ( the last day)

( needed for 100% refund) REASON OF CANCELLATION :  I was blindly suckered in by your outrageous claims regarding the quality of your service. In the last two weeks I have experienced no less than *THREE* outages due to database issues. I’m going back — no, *RUNNING* back — to a former provider. They  provide better service, and at a better price to boot. Please terminate this account immediately. Monetarily, rape me for whatever your contract allows — I don’t care. At this point, I’d just about pay you to be done with you. Good riddance. [name witheld]

So, they refunded you the full $95.40??

hahahahahaahaa!!!

As mentioned above, IX Web Hosting’s package came with two “FREE” domains, which I promptly registered. They were stupid domain names that I’ll probably never use, but hey, they were “FREE”, right? Uh, no. Of the $95.40 I paid to IX Web Hosting, they credited me :

  • $57.45 “for unused but prepaid period of Business Plus”
  • charged me $18.21 for the first domain
  • charged me $18.21 for the second domain
  • refunded me a grand total of $21.03

WHAT!!!!  $21.03!! … but that is just 22% of $95.40

Now that is what we call DECEIVING YOUR CUSTOMERS!!!

ixmoneyback

 

Now we ALL know how rude, stuckup, obnoxious and un-caring the majority ( not all, some deserve respect) of IX Web Hosting’s Support are, so the following REAL LIFE examples will not come as a surprise to most of you.

These 2 examples were reported to IX Web Hosting in Jan. 2008, 3 months BEFORE the May disaster that led to 10’s of servers being seeded, and up to 200,000 sites infected… Now let me be clear, that these examples are probably not related to what happened, but the OBNOXIOUS mentality of IX Web Hosting definitely has!!…

Please note, that these issues have now been fixed ( otherwise I would not post them here) 

ISSUE 1 :

” – Using phpshell and runing the chsh program on server side
the users are able to change their default shell from /bin/nologin to any other shell and get

access to the IX servers by ssh
.
I hope my effort to inform you about the flaw will you not understand as a malicious activity. ”

 

IX’s RESPONSE :

” – Although pointing out that minor security flaw wasn’t viewed as malicious activity, please understand that any other attempts to hack into our system will be viewed as such, and it will be treated according to our policies.

 

?? !! What not even a Thank You!!??… Nope.. wayyyyy to obnoxious for a Thank You!!

ISSUE 2 :


The default installation of IX’s “click and install” E-commerce software allows read and write rights to users directory to anyone on the internet. You probably  have lot of affected users..

( No state of the art hacking needed. There is a nice php admin interface without password. OK, I know what is in your mind: You will notice at the first login that nobody asked your admin password. The trap is that the admin interface is linked only in to the cPanel and when you access it you have the feeling that the password authentication is missing because the authentication is derived from your cPanel access (as in many other applications and settings in cPanel). After all, a hacker can easily upload a malicious php file and execute some nice exec() calls affecting the rest of your domains hosted by IX webhosting.)

IX’s Response : ( you’re gonna luv this one!!)

“If you don’t like it, don’t use our Easy Install products.”

Ooooohhh Yes, it is good to be appreciated!!

Credits to ZolTan for the info
zzixserver2


 




 

One of IX Web Hosting’s  EXTREMELY OVERLOADED Server crashed a few days ago, leaving thousands of customers sites offline for …… more than 35 HOURS!!… Not minutes, HOURS!!.

When we contacted Support, we were told ( lied to) that the server was down for maintenance, and to be patient (hahaha) things would be up and running within an hour!!.. after the SEVENTH phonecall (28 hours later) we were finally told that the server was fried  and backups needed to be transfered to the new server..

AGAIN another example of how IX Web Hosting LIES to their customers as for long as they can get away with it.. When they have been rumbled, and have their backs to the wall, only then do they admit to the truth!!

This is going to be pretty tricky for IX Web Hosting  to keep to their 99.99% uptime guarantee

IX2server

:: EDIT May 25th ::

We just recieved information from an insider at IX Web Hosting, that for months they had KNOWN issues with the server that fried… but the issues were ignored.

Just goes to show how much they care..

So many people being banned by Google, and cannot find the source of the Injection..

 I have previously posted on this blog WHY you cannot find the code.. Because  the code is NOT on your page. The code is, and can be anywhere on the server ( I have posted 3 links to the code that was hidden as a .jpg)  The code added to your site is actually an Iframe, so what you should be looking for is a small snippet of code that calls the script. ( check your Config, Header, Footer, Index.php etc.. ALL pages that get called on every page

Yesterday someone contacted me with this issue, and that person was also banned by Google, and had spent weeks trying to solve this problem.. They  finally found the code in the CONFIG File . ( thanks to this blog)
The site is now clean, but it will only be a matter of days before it is injected AGAIN!!

Here is the post I posted in December last year:

Hundreds of  IX customers, are contacting me to ask about the Injected script ( posted in a previous post) they are asking me HOW to remove it, because they cannot find it…

The Reason they cannot find it??

Because of a MASSIVE SECURITY ISSUE on IX WEB HOSTING’s SERVERS!!.. the script is NOT actually put onto any of your pages, the script is actually hidded somewhere on the server..

So far I have found 5 “seeds” .. These are the codes that are appearing  in  over 100,000 sites

( These have now been removed by ix web hosting but as you can see, the actual file is well hidden and disguised as an image. REMEMBER, this is where the files were stored that YOU can see on YOUR pages )

Remember to view the “source code” in the above links.

Very interesting is the second “seed” that is actually in an IX standard “modlogan” folder, that is standard a chmod 700 .

Secondly it should not be possible on any shared server to inject this script onto EVERY file on that server. The fact that this is happening means that IX web Hosting has not got a clue how to protect their servers, and customer web sites. 

So as you can see, this script IS  NOT actually put into your script, that is why you cannot find it.. HOWEVER, somewhere on your site, there is a bit of code  ”Calling” this script, and that appears in your pages.
Check  ALL the pages that get called for every page, ie. header, footer, index, config, sidebar etc. 

So far I have evidence and proven that the following IX servers running the following Database’s  are seeded:

  • mysql33.ixwebhosting.com
  • mysql15.ixwebhosting.com
  • mysql27.ixwebhosting.com

If you know of any others that are seeded, please let me know.

Hope this helps

:: Some people have contacted me to tell me that the Injected Script is ( also ) injected into the database, and in some cases a new table is created.
I have checked 9 databases of infected sites, and I have not yet come across the script in my Database’s, so I think that this might be “script” related, maybe that some scripts such as PhpBB2 allows for this to happen, so I recommend searching your Database for the script as well ::

=================================================================

This issue has now been going on for more than 10 months…. 1 year this May.. Will IX Web Hosting be celebrating  this milestone?

Advertising and Root@IX

Posted: March 10, 2009 in IX Web Hosting

Recently I have been contacted by people / companies wanting to advertise on this blog because of the high PR, in 3 cases I was offered a very generous sum. However, it is not, and has never been my intention to make money from this blog, and I will never use advertising on this blog  

This blog is intended as a warning, and hopefully help / prevent  innocent   customers from having to go through what I myself  and 100s of 1000s others went through and are still going through with ix web hosting.
As you can see, there is no advertising on this site at all, and I will never recommend another hosting company on this site.

Also, I would like to thank Root@ix,   (s)he has been extremely helpful and willing to help and listen to people posting on this blog with issues, and I have personally sent a few people who contact me by email with issues to him directly, and each time he has helped these people.
I must  say that it is big shame that the people I sent to him, had already been through the normal IX Support procedure, and got nowhere!!..
I do not post peoples details /  Email @ , but you can find Root’s details on this blog somewhere in the comments, and I do recommend contacting him directly with issues that cannot be solved through the normal IX support.
I’m sure he / she will do his / her best to help you.. I just wish everyone at ix web hosting was as helpful and open as Root@ix  is.

Thank you Root@ix