Msg#: 4430617 posted 6:13 pm on Mar 18, 2012 (gmt 0)
On 3/15, 4 of 5 sites (my clients) hosted at NetworkSolutions went down.
All four of those hit were on Linux servers. The one site using a Windows server went untouched. The NetSol tech helpline ackowledged that there was an outage accross multiple sites.
On Friday, 3/16 service was spotty with many page requests suffering from latency issues.
On Saturday it seemed everything was back to normal, except that I found all FTP passwords had been reset to random generated pws. Their system would not allow pws to be changed back to old original.
As of today, 3/18, I have discovered that .htaccess files were overwritten early this morning, redirecting traffic to an address in The Netherlands.
I am no expert on these issues, but my guess is that NetSols servers were attacked on Thursday. I am thinking that they changed ftp pws as a security measure, and banned the use of old pws because they suspected --or knew-- that the old pws had been compromised.
The worst news is that the new security parameters were breached, apparently, in the .htaccess hack that I discovered this morning.
Does this interpretation of the events make sense? Should those of us with NetSol hosting beware of new hacks tomorrow?
BTW, NetSol help lines, which are usually pretty quick to answer, are encountering wait times of about an hour as I write this.
Msg#: 4430617 posted 7:33 pm on Mar 18, 2012 (gmt 0)
Urk. Something of the same kind happened at Dreamhost... a month back? Two months? They didn't get as far as actual damage-- at least not in my corner of the farm-- but I remember the password-resetting part. File under: better safe than sorry.
I'm thinking it could be the internet equivalent of locking the door while the thief is still hiding in the attic?
Msg#: 4430617 posted 8:19 pm on Mar 18, 2012 (gmt 0)
I work for Network Solutions. These types of issues are very concerning. Please send me details of what you observed so that I can pass it on to our tech and security teams, it would be greatly appreciated. smedia at network solutions dot com