Little followup to my post yesterday of how Ipower totally failed when they were hacked (“compromised” is their word) 2 times in one week. Thinking more about it, this is terrible management. First, to have such poor security, and second, not admitting the mistake and TELLING US exactly WHAT they were doing to fix it, and most importantly, make sure it didn’t happen again. All successful businesses admit their mistakes in public, but not Ipower. (although I wish they would man up, and be a better company for it. ) :(
Ipower took down the Facebook note I linked to yesterday, along with all the comments!!! That one concerned the first time they were hacked, 4 days ago. Guess it was too incriminating, with their poor, very late response, their attempt to shift the blame and the cleanup over to their clients, and above all, NOT DOING ANYTHING about the problem. Again, they just told us what we should do, which they copied from the WordPress thread! (However, if you look at their Facebook Note page, you will see a link on the left under Notes which says Notes About, and my Note is right there!)
Today they issued an acknowledgment about the 2nd malware attack.
To all customers whose site has recently been compromised. We have identified the area of intrusion and are now running a script to clean up all sites that have been affected. The clean up should be complete by tomorrow morning. There is no need for anything to be done on your part.
See, here’s the thing. Those of us who got scared again on Sunday when we found it happening again already did that work for you, Ipower. All it took was the Search and Replace plugin. So, yeah, there’s nothing to be done on our part, nor was there the first time, as far as changing passwords, etc. I’m sure it’s to do with MySql, their databases. Dangerous stuff.
Some of the comments there:
- Doesn’t look like I was compromised! Dumbass.
- yall just issue these statements at random, while hoping the magic cloud will fix itself. Hee!
- Good thing I recently transfered to Dreamhost!
- I hope it’s fixed. I’ve got some pissed off forumites
- “someone is using a script or application that allows them to read your wp-config.php file” – my question, why is “someone” allowed to read that file? Isn’t that server security?
One woman wrote that she submitted a ticket asking for a year of free hosting in response to these attacks and the work it costs us: “It is going to cost me more than that to fix all the problems that your unsecure servers have caused me. That sounds like awesome customer service to me.” (sarcastic!) Ipower’s reply: “No. But we have been removing the script for customers at no cost.”
Oh, you mean the script that we remove ourselves in seconds with the Search & Replace plugin? Some of the most recent comments have profiles of people who have no info – obviously, Ipower employees writing fake praise.
Below is a comment that concerns me greatly. I wish I understood it.
-
From what I was able to see, the script (most likely a grep) looks through files for “document.write” functions, makes the assumption that it is malicious code, and removes the functions from the file. Problem is that IPOWER did not conside…r the possibility that the script would also remove legitimate code in javascript libraries (such as dojo.js, tiny_mce.js, etc) which are necessary for certain site functionality. I have at least 5 legitimate files on my client site which were affected.
Which is worse – a site that doesn’t work because of a code injection, or a site that doesn’t work because code was removed?
Oh. My. Gah. Do I have to go through all my blogs AGAIN looking for what they screwed up??? HATE. Even though I would like to be a nicer person. Are they so stupid that they don’t know we buy them only so our sites can run quickly and smoothly, and yes, most, if not all, of us use WordPress!!! It may be too late for Ipower. They’re a tech company who isn’t up to date on anything.
We have had our site on IPower since 2004 – on Dec 14th they took the site down after sending one very spammy looking email to us. It looked so much like spam that I ignored it – the text stated that:
“We are contacting you because we noticed that malicious codes were inserted into your files at the domain http://www.creeksidecrittercare.com also the domain ‘creeksidecrittercare.com’ is blacklisted by Yandex. It is against our Terms of Service due to this we have disabled Website / CGI/ FTP service for your account.”
How weird is that and what the heck is Yandex?! I ignored the email. Our site came down and I had to call 5 times and email 6 times, also review our site to find no malware before they claimed to “fix” the problem and repost the site. They directed me to SiteLock for security support to the tune of $750 per year! I asked IPower for specific information on the fix they supposedly made to files and what malware was on our site – how surprising that they keep no records of what they do with client sites! This morning I logged into the support console to review the tickets I created regarding this incident and they were all REMOVED by IPower. We will be switching servers TODAY. Hope this helps others who might be caught in IPower hell.
Merry Christmas!
Wow, Maryellen, what a story. They shut down all my sites a couple of months ago, claiming there was too much traffic, like it was overloaded or something. I never got a straight answer. I think it was down for 2 days. I have WordPress, and I couldn’t even turn off my plugins in case that was the problem! Suspicions that it had been hacked…but no real answer.
They have tried to sell me additional services, but I always complain really loudly when they do that. :)
You’re right about records – inexcusable that they don’t keep details on what THEY do.
I just posted on the Ipower FB page – it will probably be removed in 2 seconds!
I’m blocked from commenting there after telling the truth too many times!