SinoHosting.net Blog: China Hosting News, Web Hosting Promotions and more

Security breach at server central

We have experienced today a security breach at our new server central hosted in Hong Kong. A hacker has been able to gain root access to the server and modify homepages of over 40 clients hosted on this server. Since the issue has been known our server admins have started investigating the issue and find out whether this is due to an outdated client or server software through which SSH access was gained from, or otherwise that the root password was gained from other sources. Furthermore they will need to do an in-depth server scanning to find out if any automated script has been uploaded to the server by the hacker.

Due to the complexity of the issue such investigation can take some time. We will update this post as soon as possible.

Meanwhile server logons have been modified and server admins have been working in securing various scripts and cleaning up hosted sites homepages. If only the home pages are affected then the sites should be back to normal as soon as possible. However in case these are sites wide issues then a restoration from latest available backups will be done.

We apologize for the inconvenience caused to all affected clients and are working around the clock to get the situation back to normal as soon as possible. For clients who have their own backups and would like to be moved immediately to a new server in Hong Kong please open a support ticket for us to activate a new account for you.

The Management
www.sinohosting.net

3 Responses to “Security breach at server central”

  1. It appears the kernel of this server was also affected so we have decided to migrate all clients accounts on the server to a new one. The process will take three days. We recommend not to make changes to your site until then as we will be restoring backups generated prior to the hack.

    Thank you for your understanding.
    The Management
    http://www.sinohosting.net

  2. From our investigation results the hack was due to a malicious shell script running from an account hosted at this server. The account has been suspended while we investigate whether this was done on purpose by said client or if this was due to a vulnerability in his script. We have taken additional measures to prevent scripts run from clients accounts to access the server system.

    We have reported the security breach as well as access logs to the relevant authorities but as the hacker appears to be operating from a middle east country (Middle East) and without any information on his identity we are not positive that anything can be done to prosecute him/her.

  3. The restoration of available backups is in progress and you will receive your new access details by email as soon as your account is ready. We appreciate your patience and understanding.