User comments on ISPs
  >> PlusNet plc


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | (show all)   Print Thread
Standard User Jaowon
(fountain of knowledge) Wed 29-Feb-12 18:30:08
Print Post

Anyone else been "compromised"?


[link to this post]
 
Last month I was contacted by Plusnet and told my webspace had been compromised, to resolve it, and to come back to them with a plan to ensure it didn't happen again. I also spotted this post from someone else at the same time http://forum.webuser.co.uk/showthread.php?t=101881

Being the cynic I am (I've experienced 2 previous Plusnet compromises) I asked for copies of the logs so that I can see exactly how my files were modified (they were linking to malware infected sites).

I was told that Plusnet don't keep any logs.

So I'm in a position where I have to provide Plusnet with a plan explaining how I'm going to stop this happening again in future, but because they don't keep logs, I'm unable to ascertain how the compromise took place.

I think it's highly unlikely that Plusnet don't keep logs, because a) despite being a customer for over 20 years, I still get lied to any time I initially raise any issue (oh no, we've had no problems with that, no we don't traffic shape, no we've never applied throttling to port 25, yada yada yada no no no) and b) they've been compromised at least twice that I know of (that I've been affected by) and logs have always been available that have show exactly what happened after the issue was raised on a public forum.

So anyone else been told that their webspace has been compromised?
Standard User jelv
(knowledge is power) Wed 29-Feb-12 18:38:27
Print Post

Re: Anyone else been "compromised"?


[re: Jaowon] [link to this post]
 
The reason they don't keep the logs is because there was an option to have the log files available (not sure if that is still available) and it's then your responsibility to download them from your ftp site if you want them kept. They rotate the files daily so there's only the last 6 or 7 days available.

Does Advanced Webstats appear in https://portal.plus.net/my.html?action=mywebsite&?me... for you?

jelv

Plusnet user since November 2001

Edited by jelv (Wed 29-Feb-12 18:38:59)

Standard User Jaowon
(fountain of knowledge) Wed 29-Feb-12 18:58:50
Print Post

Re: Anyone else been "compromised"?


[re: jelv] [link to this post]
 
Yes it does, but it isn't activated. Does this have details of FTP access to my website?


Register (or login) on our website and you will not see this ad.

Standard User jelv
(knowledge is power) Wed 29-Feb-12 20:19:56
Print Post

Re: Anyone else been "compromised"?


[re: Jaowon] [link to this post]
 
Why do you need details of FTP access? Surely the compromise will have happened via http.

jelv

Plusnet user since November 2001
Standard User camieabz
(sensei) Wed 29-Feb-12 21:33:43
Print Post

Re: Anyone else been "compromised"?


[re: Jaowon] [link to this post]
 
I imagine a decent .htaccess file would be a good start. Also double checking the file and folder permissions and ensuring they are 644 or 755 or whatever is suitable for their purpose. Filezilla shows the file and folder permissions.

~~~~~~~~~~


© Camieabz 2002-2012

All Connection Data ~ plusnet

Scottish Labour politician: “The SNP are on a very dangerous tack. What they are doing is trying to build up a situation in Scotland where the services are manifestly better than south of the border in a number of areas.”

Interviewer: ”Is that a bad thing?”

Scottish Labour politician: “No, but they are doing it deliberately.”
Standard User Jaowon
(fountain of knowledge) Wed 29-Feb-12 22:14:40
Print Post

Re: Anyone else been "compromised"?


[re: camieabz] [link to this post]
 
@ Jelv - Why surely?

@ Camie - Directory permissions are 755, and all files are 644

@ Both, the point I'm making, is that all the .html files in my website were amended last month, and were redirecting to A N Other site. If the logs show no FTP access, then as far as I'm concerned, Plusnet's web server has been compromised, and in turn, they should be the ones that are giving me a plan for how they intend to resolve the issue, and not vice versa. My website contains no PHP or database. It's a plain old html website.
Standard User RobertoS
(sensei) Wed 29-Feb-12 22:34:13
Print Post

Re: Anyone else been "compromised"?


[re: Jaowon] [link to this post]
 
Have you ever changed the password to something fairly uncrackable? Like 62 characters mixed upper/lower/numeric, and any special characters allowed?

My broadband basic info/help site - www.robertos.me.uk
My domains,website and mail hosting - Tsohost. Internet connection - Plusnet Value Fibre.

"Where talent is a dwarf, self-esteem is a giant." - Jean-Antoine Petit-Senn.
Standard User Jaowon
(fountain of knowledge) Wed 29-Feb-12 22:39:11
Print Post

Re: Anyone else been "compromised"?


[re: RobertoS] [link to this post]
 
The password was as complex as Plusnet would allow me to be at the time when I created it.

Either way, a brute force attack would show up in FTP logs.
Standard User orly
(fountain of knowledge) Wed 29-Feb-12 22:53:21
Print Post

Re: Anyone else been "compromised"?


[re: Jaowon] [link to this post]
 
How it is your responsibility if plusnets system has been compromised?

---
> Comparison chart of FTTC ISPs
> Got FTTC? Complete the survey

BT Infinity 8th July 2010
(NIBA)
600m (approx) to cabinet
Speedtest Tracking
Standard User Jaowon
(fountain of knowledge) Wed 29-Feb-12 22:54:22
Print Post

Re: Anyone else been "compromised"?


[re: orly] [link to this post]
 
That's my point.
Pages in this thread: 1 | 2 | (show all)   Print Thread

Jump to