Welcome to WebmasterWorld Guest from 54.196.244.186

Forum Moderators: phranque

Message Too Old, No Replies

huge security hole at affinity.com's hosting

     
10:33 pm on Jul 25, 2001 (gmt 0)

Full Member

10+ Year Member

joined:Mar 23, 2001
posts:244
votes: 1


Today affinity.com proved to be one of the worst webhosting companies one can imagine.

Typing my username and password i was able to access the very rute of their server i dont know how, access all files of the sites hosted by affinity.

I called affinity.com and notified them about the error. First, they could not belive me, then then tried to convince me it is not possible and finaly promised to do something about it. well it is already good couple of hours affinity did not take any action.

My advice is do not trust affinity.com to host your site. never.

With Regards
Arman Galstyan
unhappy customer of affinity.com

10:46 am on July 27, 2001 (gmt 0)

Junior Member

10+ Year Member

joined:Sept 28, 2000
posts:174
votes: 0


I have been a reseller for Affinity since -97. I have allmost all of our own web sites hosted with them.
They are like many other hosts. Some times they stink, some times they are excellent.

It does not come as surprise that a thing like this can happen. Neither is the reaction from the sevice person.

You also have to talk to the right person. Their marketing manager took time and flew to Stockholm to meet us. After that I have contacted him direct whenever I have concerns that customer support does not handle satisfactory.

I have experienced a lot of incidents, like the DNS servers been down, mail servers stop working, anonumous ftp was opened for many of our accounts, etc.
But in all, that is what you get from most hosts over a period of time. To Affinitys defence, I have to say that they have fixed the problems and compensated me afterwards.

1:02 am on Aug 10, 2001 (gmt 0)

New User

5+ Year Member

joined:May 14, 2007
posts:13
votes: 0


What do you mean "access"?

On a standard unix machine the most lowly user can do a command like "ls /" to receive a list like this:

cdrom floppy initrd mnt proc t usr
bin dev home lib root var
boot etc lost+found sbin tmp

That doesn't mean I can read files I'm not supposed to. E.g., I type ls /root and I get this:

ls: /root: Permission denied