Following up from the email the other day (which you can read at https://blog.123host.net.au) I have been unable to repel the attackers. It seems that they have installed a back door into the system (their own lock and key) and can come and go as they wish. If there is one good thing in all this, they are not being destructive. Their method is to insert files into sites (not modify existing files) and extract bank details from people who click links in phishing emails. I have had a process running that advises me of some system changes and I have been jumping on anything quick smart and deleting it. But it is a stressful, unsustainable, tail chasing exercise and I am over it.
After a lot of deliberation and following a wave of intrusions this week, I have decided to abandon this server.
I have no choice…the bastards are smarter than me and are
relentless. The process of moving all accounts to a new clean server
and checking them for malware is under way. I don’t anticipate much
disruption (except to my weekend) but it is a semi- automated process so
errors do happen.
What I would like you to do is keep an eye on your website and let me know if anything changes. Keep an eye on your emails and make sure they keep working.
I know some of you have had your sites affected. If you have, please contact me, I would like to make it up to you.
To all of you I deeply and sincerely apologise. I have been humbled by
this event. It has affected me in many ways and has certainly made me
realise that there are some bastards out there who just don’t care…my
faith in human nature has been rattled a bit.
However I intend to keep offering the awesome level of support that has
seen 123host grow by word of mouth only. I thank you for your ongoing
123host server compromise from a while back stopped. We put in extra
security measures and audited the server. All felt good.
it seems that feelings of confidence were misplaced. The checking has
resumed and is overwhelming me. It is having a range of knock-on
effects as sites are marked deceptive and the server’s trust level
I have no choice but to rebuild the existing server in order to eliminate whatever back door software has been hidden.
Over the next few days all accounts will be moved one at a time to a new machine. During this time your site may be disrupted.
can’t even from the words of apology that are needed. You have trusted
me to look after your site and I have failed. I especially apologise
to newer customer who came to 123host based on someone’s recommendation
-FWIW 123host has never advertised and has grown by word of mouth.
can assure you that in consultation with the data centre we are
investigating all options. As you can imagine, this is going to have a
huge impact, not only on me and my business. I am quite behind
answering emails and I will get to them all asap.
I don’t want to overdo it with email updates so if you want to see the latest I will keep updating here.