Comments on: Servage hacked: Exploit-Iframe (Trojan) Infection

By: Chris

Chris — Wed, 21 Apr 2010 11:53:59 +0000

Well just hours after I posted this, it seems Servage is down and so is the email.
Or so I thought.
Doing a traceroute it seems they are up and running absolutely fine from everywhere… except my office IP!
I assume they have blocked out of spite due to my earlier comments, has anyone else experienced this sort of action?

By: Lawrence

Lawrence — Tue, 20 Apr 2010 16:58:25 +0000

Servage hosts many Porn sites, I’m not an expert but it seems Servage seems particularly, prone to such attacks. I closed my account with them many moons ago, mainly due to their banal, and patronising CS. They are obviously making way too much money to care about posters such as yourself and many 100′s of others, yes they are very complacent. Depending on the content I find 1 and 1 has grown into s more, well much more scripts, also much more control over individual choices regarding a shared hosting account than a few years ago. They are reliable, CS is A1, not cheap (unless your have an address in the US), but you get what you pay for as our grandparents always remind us of lol.

By: Chris

Chris — Tue, 20 Apr 2010 12:45:38 +0000

I’ve only just found this, but over 10 times, mostly concentrated in the period mentioned by the poster, malicious code was inserted into all sites hosted with Servage.
They blamed it on my using ‘old scripts with risks’ and said no other user had complained.
I’m moving all my accounts now, I’m decided (all my sites are down today; thanks servage!)… Can anyone recommend a good, HONEST alternative to the lying Germans?

By: Alan Myers

Alan Myers — Sun, 04 Apr 2010 23:48:36 +0000

We all know al about that. BUT that DOES NOT explain the constant hacking of Servage sites, the stealing of personal credit/ debit card details and the total lack of support from the clowns that run it. If you like Servage then good luck to you. If you ever ahve a problem with any aspect of their service and then try and get it resolved then you might realise why so many people run away from them and why so many people think they should be closed down for good. Judge for yourself.

By: Matt Langley

Matt Langley — Sat, 03 Apr 2010 17:18:34 +0000

Also, don’t migrate to HostDept. They are just as bad as Servage.

By: Matt Langley

Matt Langley — Sat, 03 Apr 2010 17:16:56 +0000

obviously I was talking about script tags above, but I used less than/greater than signs so it got filtered (rather than html encoded which is what I do with comments)…

By: Matt Langley

Matt Langley — Sat, 03 Apr 2010 17:14:22 +0000

The original issue on this thread of tags being inserted into web pages, sounds like a SQL Injection attack. This is where SQL in included in a form variable/query string and then incorporated into server script dynamic SQL statements, e.g.
querystring UserID=”1;update categories set title=’…’;”

causing the following sql to be created and run:
“select * from atable where UserID=1;update categories set title=’…’;”

If you then use the category titles when you build your page, your users get the script in their browser.

It may also be possible to update the file system from within the SQL statement by running shell commands, or using export functions of the database.

This is a common attack and form/querystring data must be cleaned to prevent it.

Normally I would only expect one account to be effected but if an account with sufficient privileges is effected, the whole server could be infected.

(and before you ask, they don’t need to know the table/column names, they just guess likely names and keep trying until they get a result.)

Hope this helps,

Matt.

By: ProXy

ProXy — Tue, 12 Jan 2010 20:44:19 +0000

If everything happened as stated above, you should be able to file a complaint and your credit card company should refund you the money, and next they should try and recover the money from servage.

By: Jack

Jack — Tue, 12 Jan 2010 20:18:03 +0000

Recently i signed up with Servage.net for hosting and domain name registration.

I paid with a creditcard and recieved an autometed email informing me that my order would be processed within 30 minutes.

24 hours later, having received no confirmation i sent an email to sales@servage.net asking for the status of my order.

No reply.

I sent another email to sales and also info@servage.net.

No reply.

I tried to cancel my order but the credit card company told me the oayment had been taken.

Using my right under Servage.net’s published terms and conditions I sent an email requesting cancellation of my account within the first 5 days.

No reply. I tried to login
with my username and password. Account not activated.

I sent another email repeating my request for a refund and asking for a resolution to the issue.

No reply.

Servage.net simply took my money and ignored my emails.

I call that theft.

Avoid servage.net
Use a different hosting firm or registrar.

By: Oli

Oli — Mon, 17 Aug 2009 18:24:51 +0000

My servage account was today hacked by NobodyCoder@mail.ru all my sites changed, massive loss of earnings, seriously considering changing providers!