Page 2 of 2

Posted: Tue Jul 05, 2005 4:04 pm
by Chris Corbyn
Hmm... It's happened again. Different code added (an IFRAME) and it (was) sending out trojans...

I've asked the host to do some proper checking of logs this time and I'm dumping them now, enough is enough. It's a shared server actually but they only have 3 users on it... I wonder if they've used some sort of code to access my home dir?

You cant do it with SSH directly but it would be possible using nasty scripts on the server.

Bye bye web host
(starts looking for a more reliable host)
Just wish I had the money to run my own 10Mbit server :(

Posted: Tue Jul 05, 2005 6:53 pm
by nickvd
Would you feel comfortable informing us which host you are/were using? This way we are able to steer other people (who probably wont know any better re: hacking) away from them... If they only have 3 hosts on the server, they WILL be able to find out the entry point and close it, if they're not willing/able to do even the most basic of data forensic's they shouldn't be running a hosting company.

Posted: Wed Jul 06, 2005 4:42 am
by Chris Corbyn
http://www.pickaweb.co.uk/

When asked if they even offer dedicated hosting the response of the call centre guy was "Ermmm.... I'll just pop you on hold.".

He came back a minute later and said "No, the only hosting we offer at present are the plans shown on the site".

I have asked them to do a proper log check and try to detrmine what happened. He took my email address and I haven't heard back - not even a note to say they're looking into it.

I was really happy with them when I first started using them and perhaps they will put extra meausre in place to prevent this in future but I won't be using them to find out ;)

plenty of sucky hosting providers out there

Posted: Fri Jul 08, 2005 6:00 pm
by digitil
oh, I remember this .... I used to be with an el cheapo host until i had enough bad support and weird server stuff happening.

by the way, back then i wasn't nearly as proficient in PHP as I am now - and I was able to look into other people's sites (about 140 of them), by simply running an off-the-web directory listing script. showed me all the files people had. I bet your old host had lousy permissions, allowing php or perl or whatever to access all user sites. and then some geek just started placing this file into everyone else's pages.

better spend a bit more money on hosting and get a provider that has enterprise level set-up. i'd say if you spend less than $25/month you are sitting on a liability.

Re: plenty of sucky hosting providers out there

Posted: Fri Jul 08, 2005 6:24 pm
by Chris Corbyn
digitil wrote:i'd say if you spend less than $25/month you are sitting on a liability.
I say someone should send me a brand spanking shiny new server and provide a fast net connection :P

Ok that was a joke. But I'd love to run my own server ;)

Posted: Fri Jul 08, 2005 6:38 pm
by timvw
Meaby uml (usermode linux) is an option..

Posted: Fri Jul 08, 2005 7:01 pm
by patrikG
I'ved had very good experiences with http://www.hostroute.co.uk (or .com). Very reliable, professional hosting company. Almost all my sites are hosted with them. In the four years I've been with them a good 99% uptime, good and knowledgable support (ticketsystem). If you rent a shared server in the USA you save a couple of quid.

Posted: Fri Jul 08, 2005 7:28 pm
by McGruff
timvw wrote:Meaby uml (usermode linux) is an option..
Mythic Beasts offer UML deals if you're up for maintaining your own server. Haven't used them myself.

Posted: Sat Jul 09, 2005 7:31 am
by Chris Corbyn
McGruff wrote:
timvw wrote:Meaby uml (usermode linux) is an option..
Mythic Beasts offer UML deals if you're up for maintaining your own server. Haven't used them myself.
Thanks for that McGruff. This looks great, and also not as expensive as I was expecting. I think I'm gonna give this a shot. Has anyone used these guys before?

Posted: Sat Jul 09, 2005 12:36 pm
by Chris Corbyn
Okay I'm liking the sound of this....
> I'd be taking out the £41/quarter option until I get a good feel for the
> service.
>
> Although I run Linux at home as well as maintain and update my own
> PHP/Apache/MySQL etc I'm new to the whole concept of UML. Things I'm
> wondering are:
> How close is this to actually connecting to a dedicated server by SSH?

`Reasonably' -- enough that you would notice, but not so
much as to get in the way of the vast majority of
applications. Specifically...

> By that I mean....
> + Can I add/delete user accounts?
> + Can I set up "Virtual Servers" in httpd.conf so that I can provide
> websites for clients too?
> + Can I maintain my own IMAP server?
> + Can I install software which would require root access?

Yes to all of these.

> + Not important, just a bonus but, could I have x-VNC access or is
> an X desktop environment not installed?

There's nothing to stop you running X or VNC, though I
don't think any of our images would have them installed by
default. With modern packaging tools installation should
be pretty painless.

> Also, I'm curious if you are able to install SuSE 9.2 on such a setup
> (installs straight off the FTP)?

I'm afraid we don't have any SuSE images at the moment.
Creation of a new image should, in principle, be pretty
easy, but there are often unexpected incompatibilities,
and I have not yet looked at the SuSE distribution to see
how painless an installation would be. I will get back to
you on this if you especially want to run SuSE.

> I'd be happy to go with FC2 if this
> will mean significantly quicker setup time. What is a rough timescale
> from the point of application to obtaining server access by the way?

Should be same working day, though usually quicker.

> When I get access will anything other than the base packages be
> installed or do I need to set this up myself? i.e. Could it
> theoretically run as a webserver with PHP/Python/Perl/MySQL before I
> even install anything? - on another thought, I'd quite like to have
> CPanel running on the server too so it could be an advantage to have a
> clean install anyway since the install for this recommends starting from
> a fresh install of linux.

The images we provide are typically quite minimal
configured.

> Until now I've been on shared hosting plans with poor security (I've had
> applications vandalised by other users residing on the servers).
>
> I'd be grateful if you could clear up the points I'm unsure on and I'd
> then be very happy to apply for a hosting account straight away and hope
> for a long-term business relationship with yourselves.

No problem. Please get back in touch if you have any
further questions. If you'd like us to set up an account
for you it would be helpful if you could complete the
application form at,
https://secure.mythic-beasts.com/cgi-bin/newvdsapp
I should point out that that reply was received, *on a saturday*, within an hour of sending it!.

Thanks Guys ;)

Posted: Sat Jul 09, 2005 3:24 pm
by timvw
Although we're going way off-topic it's always a good idea to perform a little search at webhostingtalk.com etc... I assume not so kosher hosters would be mentionned there...

Posted: Sun Jul 10, 2005 10:15 am
by Chris Corbyn
If anybody's interested these guys are great. I got my account setup last night at 23:00 and today have connected, installed Gentoo on the server within ten mins and started adding users and installing things I need. You DO need GNU/Linux experience to take on such hosting though since all you get is a blank Filesystem initially.

If anybody else signs up, provide my name "d11wtq" in the box which asks who referred you and I'll half your first 3 months cost with you because I would otherwise get 3 months free. i.e Sign up now and you can have 3 months of UML hosting for 20 GBP. PM me first please.

http://mythic-beasts.com/vds.html

[Topic solved]

Posted: Sun Jul 10, 2005 2:02 pm
by patrikG
timvw wrote:Although we're going way off-topic it's always a good idea to perform a little search at webhostingtalk.com etc... I assume not so kosher hosters would be mentionned there...
True, but do not treat webhostingtalk's recommendations as gold standard. They've recommended a hosting company which, after I set up a site there, failed me repeatedly at very crucial moments (fasthosts.co.uk - ridiculous support, unclear maintenance etc.)