• Howdy! Welcome to our community of more than 130.000 members devoted to web hosting. This is a great place to get special offers from web hosts and post your own requests or ads. To start posting sign up here. Cheers! /Peo, FreeWebSpace.net
managed wordpress hosting

WorldzonePro status?

Remy Canad

New Member
Does anyone know what the status is on Worldzone?

If you don't know they were hacked into a few days ago. It looked like the day after they had everything back up. But their site has now been down for some time and so has the MySQL server.

I am posting here because I know Webdude used to post here frequently back when I did. (Think really long ago, back when the forums ran on text files. :p )
 
All updates are at our backup support forum on our free service http://www.worldzone.net/ forum http://worldzone.net/phpBB2/index.php.

We've reinstalled Linux, backed up the current accounts, moved them to the new drives, reinstalled H-Sphere, and are now migrating member accounts into their H-Sphere accounts. pSoft told us that it would take 3 hours to finish, but we are keeping an eye on things since things can always go wrong.

About the hack, someone (basically some kid in brazil) tried to hack our servers but only got started in the main machine before we locked them out. That's why the main site and only a portion of our member sites are down. None of the accounts were damaged except for the defacement of the index pages but we needed to wipe everything in case there were other things waiting for us.
 
Alycia said:
About the hack, someone (basically some kid in brazil) tried to hack our servers but only got started in the main machine before we locked them out. That's why the main site and only a portion of our member sites are down. None of the accounts were damaged except for the defacement of the index pages but we needed to wipe everything in case there were other things waiting for us.
An explanation of the "hack" itself would be nice.

How was the security compromised, and have proper measures been taken to prevent a further occurance?
 
Thanks for for the info Alycia.

If it may be some time still until things are up I recommend pointing the address to a page with the current status of the replacement. As of right now if some people didn't know any better they would not know you guys are hard at working getting everything back up.

Being the geek that I am, I am also curious about the hack.
 
Remy Canad said:
Being the geek that I am, I am also curious about the hack.
I am curious due to the following reason:

A website defacement is usually an amateur stunt, which makes me believe that the individual used previous knowledge, obtained from an advisory, to compromise this system.
If this is the case I am curious as to why WorldZone did not keep their security up to date to prevent this. :confused4
 
I remember that there were other hacks too. An explanation would be nice, what happened and what worldzone does against it. Waht about IDS and hardened kernel?

Worldzone isn't the cheapest, compared to other hosters I know, they are about 6 times more expenisve compared to my "playground hoster". For an important site availability counts and they are not online till now.
 
Webdude is going to come in an explain everything. Right now he is going through the server and making sure everything was reinstalled properly. Once he is sure our members are all settled back in he said he would post here.
 
Alycia said:
Webdude is going to come in an explain everything. Right now he is going through the server and making sure everything was reinstalled properly. Once he is sure our members are all settled back in he said he would post here.
Thanks for the update. :)
 
My email isn't working on worldzonepro hosted email

I haven't been able to receive any email since last week on my worldzonepro hosted email accounts. I wonder if this is related to the "hack". I haven't even received a reply to my trouble ticket I posted three days ago. The lame thing is that there really isn't that much you can see in the worldzonepro forums about this and they are so slow that it takes an hour to get anywhere on them anyways. I guess you get what you pay for.
 
If you could tell me your username we could look at your email accounts. We had to reset the MX settings on a few of our accounts to get email working for them.
 
I am off handling other things. However, we did find that even though the tape backups are sufficient for restoring individual files, they werent sufficient for doing a server restore, which is the method I am currently working on. Basically mirror everything to tape in a sense with some way to wipe out everything on the server and do a full restore when needed. It's being tested this week. We will mirror to tape, then try a restore on an alternate server and see if it works. If it works now, these backups will be nightly. So if this ever happens again, we simply pop in a tape and issue the command. Everything will be back up within an hour. We do have mirror backups on a backup drive on each server, but for the server that was compromised, they got those too.
 
Webdude said:
I am off handling other things. However, we did find that even though the tape backups are sufficient for restoring individual files, they werent sufficient for doing a server restore, which is the method I am currently working on. Basically mirror everything to tape in a sense with some way to wipe out everything on the server and do a full restore when needed. It's being tested this week. We will mirror to tape, then try a restore on an alternate server and see if it works. If it works now, these backups will be nightly. So if this ever happens again, we simply pop in a tape and issue the command. Everything will be back up within an hour. We do have mirror backups on a backup drive on each server, but for the server that was compromised, they got those too.
If you could answer the above questions that would be great.
 
There has been another server problem so Webdude may not get around to answering you guys for a bit. A partition on one of the drives some how became totally messed up so he has to rebuild the drive to get the data off of it....
 
For everyone here hosting with them, keeping a server secure is a very very hard job to do. Even with advanced IDS and a hardened kernel/userland there can still be attacks. An attacker needs to only find one hole while we (server administrators) must plug all holes. It can be a hard job to say the least.
 
LP-Trel, that is very true. With a webhosting server you must run so many different applications that it is hard to secure everything. You don't have a choice not to run a specific php module if your client *must* have it.... It is a very different task to secure a machine that must do everything under the sun, than it is to secure your file server or personal webserver.
 
Last edited:
Just to fill in for Webdude while he is working on the server, he said the same thing as LP-Trel. We get hack attempts weekly if not daily and 99% of the time, no one even knows of it. We can lock up this server pretty tight but then ftp doesn't work or people start losing their shell access, half the cgi scripts stop working and then there is the hundreds of php modules that everyone needs installed. It's kind of the downfall of shared hosting, you get it for a reasonable price because why pay for your own dedicated server when you don't need one, but then you are at the mercy of everyone else on the server if someone writes a bad script that hogs all the cpu or a hacker decides to take advantage of the situation. Also, being a shared web host means we have hundreds to thousands of domains on our servers which is the perfect place for a hacker to make a name for themselves. While zone-h.com doesn't condone hacks it still has turned it into bragging rights for hackers everywhere it seems.

Back to what had happened. This doesn't seem like a direct hack as much as an "Easter Egg" left from the original hack. Probably to take down one of out other servers to occupy us while they hacked up our main server. We have many people working around the clock to get this issue resolved and are adding some new security procedures to do our best to keep this from happening again.
 
Back
Top