Little followup to my post yesterday of how Ipower totally failed when they were hacked (“compromised” is their word) 2 times in one week. Thinking more about it, this is terrible management. First, to have such poor security, and second, not admitting the mistake and TELLING US exactly WHAT they were doing to fix it, and most importantly, make sure it didn’t happen again. All successful businesses admit their mistakes in public, but not Ipower. (although I wish they would man up, and be a better company for it. ) :(
Ipower took down the Facebook note I linked to yesterday, along with all the comments!!! That one concerned the first time they were hacked, 4 days ago. Guess it was too incriminating, with their poor, very late response, their attempt to shift the blame and the cleanup over to their clients, and above all, NOT DOING ANYTHING about the problem. Again, they just told us what we should do, which they copied from the WordPress thread! (However, if you look at their Facebook Note page, you will see a link on the left under Notes which says Notes About, and my Note is right there!)
Today they issued an acknowledgment about the 2nd malware attack.
To all customers whose site has recently been compromised. We have identified the area of intrusion and are now running a script to clean up all sites that have been affected. The clean up should be complete by tomorrow morning. There is no need for anything to be done on your part.
See, here’s the thing. Those of us who got scared again on Sunday when we found it happening again already did that work for you, Ipower. All it took was the Search and Replace plugin. So, yeah, there’s nothing to be done on our part, nor was there the first time, as far as changing passwords, etc. I’m sure it’s to do with MySql, their databases. Dangerous stuff.
Some of the comments there:
- Doesn’t look like I was compromised! Dumbass.
- yall just issue these statements at random, while hoping the magic cloud will fix itself. Hee!
- Good thing I recently transfered to Dreamhost!
- I hope it’s fixed. I’ve got some pissed off forumites
- “someone is using a script or application that allows them to read your wp-config.php file” – my question, why is “someone” allowed to read that file? Isn’t that server security?
One woman wrote that she submitted a ticket asking for a year of free hosting in response to these attacks and the work it costs us: “It is going to cost me more than that to fix all the problems that your unsecure servers have caused me. That sounds like awesome customer service to me.” (sarcastic!) Ipower’s reply: “No. But we have been removing the script for customers at no cost.”
Oh, you mean the script that we remove ourselves in seconds with the Search & Replace plugin? Some of the most recent comments have profiles of people who have no info – obviously, Ipower employees writing fake praise.
Below is a comment that concerns me greatly. I wish I understood it.
Which is worse – a site that doesn’t work because of a code injection, or a site that doesn’t work because code was removed?
Oh. My. Gah. Do I have to go through all my blogs AGAIN looking for what they screwed up??? HATE. Even though I would like to be a nicer person. Are they so stupid that they don’t know we buy them only so our sites can run quickly and smoothly, and yes, most, if not all, of us use WordPress!!! It may be too late for Ipower. They’re a tech company who isn’t up to date on anything.