Home / Company / the rbTech Blog

Thoughts on the recent GoDaddy hosted website attacks

05/15/2010 09:04 am

Rubin Bennett

Tags: GoDaddy , hosting , hack , attack , php , vulnerability

Thanks to Dan Allen who alerted me to this series of attacks! Links to the original articles at the bottom of this article.

You may be aware of the recent spate of attacks against GoDaddy hosted WordPress sites. After doing a bit of research, it appears that successful attacks are not limited to GoDaddy hosted accounts, or WordPress installations. Further, the successful exploits appear to be limited to systems with shared hosting (e.g. many sites on one server).

To my eyes, it looks more like it's a javascript injection that is enabled by an installed PHP application. Specifically, it looks like it may be a vulnerability that is created when sites are running the CGI version of PHP rather than running PHP as an Apache module.

We stopped running the cgi version of PHP at least 5 years ago, as it creates security vulnerabilities that are difficult to mitigate. Many hosting companies use it because it allows them to 'jail' user websites, and keep a better level of separation between them, which is beneficial when hosting a large number of sites on a single system. Since we run only about 50 domains on our server, and access is tightly controlled, we made the decision to move to Apache2 and mod_php fairly early on.

At this time, I believe that our webserver is protected from this attack. We use mod_php on the server, and we only host a (comparably) small number of sites. We stay current with updates, and we're running an updated version of PHP that is not part of the standard CentOS distribution.

We will continue to monitor this situation carefully, and will update this page as we learn more.

Feel free to e-mail us with any questions or use the Contact Us page!

References:

[1] http://blog.sucuri.net/2010/05/reply-from-godaddy-regarding-latest.html

[2] http://www.GoDaddy.com/securityissue

[3] http://blog.sucuri.net/2010/05/second-round-of-godaddy-sites-hacked.html

[4] http://www.tgdaily.com/security-features/49744-go-daddy-counters-php-hack-attacks

US Court of Appeals rules against the FCC

04/06/2010 04:29 pm

Rubin Bennett

Tags: net neutrality , fcc , comcast , unintended consequences

The 'Net neutrality debate took an interesting turn today, where the US Court of Appeals sided with Internet Service Provider Comcast, agreeing with their assertion that the FCC had no authority to enforce network neutrality on an unregulated service. While this feels like a setback for Net Neutrality, it will likely ...turn out to be just the opposite, as the likely outcome will be that Congress will in turn explicitly grant the FCC the authority it doesn't currently have, and Net Neutrality will become law and not just policy.

"Comcast swung an ax at the FCC to protest the BitTorrent order, and they sliced right through the FCC's arm and plunged the ax into their own back." -Ben Scott, policy director for the public interest group Free Press

Read more here at the Associated Press website: http://hosted.ap.org/dynamic/stories/U/US_TEC_INTERNET_RULES?SITE=TXDAM&TEMPLATE=HOME.html&SECTION=HOME

Office expansion is underway!

07/15/2009 05:03 pm

Rubin Bennett

Tags: expansion , renovation , summer , construction

For those not aware, rbTechnologies is preparing for our next phase of growth by building a brand new office connected to our current space in East Montpelier. After looking carefully at options for buying, building elsewhere or renting space, we decided that expanding our current space was the best way to continue to achieve our goal of delivering unequalled expertise at the best possible value.

Once the decision to expand was made, plans began to coalesce fairly quickly - early this spring, we had our basic layout designed. We went through teh financing process, closed in June, and on Independance day weekend, Rubin celebrated by spending 24 hours running a backhoe to dig the trench for the frost walls of the new space.

As of today, the frost walls are poured, and the forms are stripped. The next steps are to backfill the walls, pour the new radiant slab, and then start putting up walls and framing the new building! We hope to have the space 'dried in' (walls up, doors and windows installed, roof on and weathertight) by fall. We'll post photos occasionally as the work progresses, and there will of course be an Open House once we're all moved in!

FairlyPointless?

03/13/2009 11:10 am

Rubin Bennett

Tags: Fairpoint , customer service

Ah, Fairpoint. On one hand I feel genuinely bad for the poor folks who are answering the phones there; their hands must tremble every time they take a call.
On the other hand, that company has managed to foul things up on an almost unimagineable scale.
First it was the Verizon/ Fairpoint email cutover... whoops, you no longer have any email. But we'll re-create your account for you... our bad. Seriously, Fairpoint?! Has no one in that company ever heard of imapsync?!

Last week, I received a notice in the mail from FairPoint that my long distance records had been lost in the cutover and that they were simply going to drop the charges for last month's calls. I'll bet that was a costly error for them - not so much on our side as we don't make a lot of calls, but there are plenty of companies out there that make a thousand dollars of long distance calls every month... But they're so flush with cash, they can afford it (not).

Then came the random disconnects. My fiance's bridal shop (Shaline Bridal, at 27 State Street in Montpelier http://shalinebridal.com) was mistakenly disconnected on a Friday night. Callers were given the dreaded "This number is not in service, please check the number and try again". She called in to FairlyPointless "customer service" and was told that the "programming department" would have to fix it. On Monday. Now this is a bridal shop that is in full swing right now with brides dropping off their dresses and calling to schedule appointments. Saturday is the busiest day of the week. Brides calling to check on dress and receiving a disconnected message are perfect candidates for "breathe into the paper bag" therapy, especially in light of current economic outlook and general consumer confidence. She explained the situation to the "customer service" representative who looked up the number and came back on the line to tell her that the problem was one that only the "programming department" could remedy, and further that the programming department was closed. Until Monday. What?! After expressing how damaging this could be to her business, the customer service rep was unsympathetic and she was told that there was absolutely nothing to be done until Monday. I took over the call, and after talking in circles with the operator for a few minutes, I eventually was *hung up on* after I made a mildly snarky comment about their commitment to their customers and botched cutover from Verizon (no cursing, and I was very careful not to direct anything at the operator). I called back immediately and was told that the magical and closed-for-the-weekend programming department would have the line back on within the hour. Huh. "Public Service Board? Yes, I'm calling with yet another complaint about Fairpoint..."

Last Thursday (March 12th), between our 2 Fairpoint business phone lines, my partner and I received 5 separately mailed, and different bills. 5!!! Do we get to pick which one to pay?! I'll pay the small one I think. On second thought, I think maybe I won't pay any of them until Failpoint sorts this mess out. I've spent enough time on hold already.

Yesterday here at the office, we got our new SIP trunks activated by SimpleSignal. Calls are routing and the lines are working just fine for everyone... except (you guessed it) FairlyPointless subscribers. They are routed to the old phone line, which no longer works. I called SimpleSignal, and was on the phone with an engineer within 2 minutes. They told me to call Fairpoint and ask them to pull our number from their switch and network server. I did so, and was told that they needed me to call the business office (which had closed right about the time I started sitting in FairPoints call queue) to "say goodbye" (I swear to God that's what the rep said!!!). I was pretty sure that the port of the phone number would be sufficient to indicate that I was no longer using the service, as that's what all the phone number porting forms said when I signed them but who knows... I guess they want to be broken up with in person. "Hello, Public Service Board? Yes, it's me again."

The amazing thing is that while all this is going on, Fairpoint's stock is sinking like a stone (it was at $0.35/share last I checked). Their market cap is at under $50mil and you can buy a controlling interest in this useless company for under $25Mil. For that money, you could almost buy the company, pull the damn phone lines off the poles and sell the copper on the scrap market! Hello, Warren Buffet? Would you like to show the world how to run a phone company? These guys have done a fine job of showing how *not* to do it.

At this point I can only hope that their end comes quickly and mercifully, and whoever picks up the pieces does a better job. And as for the Vermont Public Service Board, seriously, What the Hell were you thinking?! You guys let this deal happen, and signed off on the merger, despite loads of testimony that this was an impossible task that was bound to fail.

And I used to think Verizon was bad...

attack comcast construction customer service expansion Fairpoint fcc GoDaddy hack hosting net neutrality php renovation summer unintended consequences vulnerability

This is where the rbTech-ers share our thoughts on pretty much any old thing that's on our mind!

Tags

Archive

July 2010

Mon Tue Wed Thu Fri Sat Sun
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31