Sector6Three
New Member
- Impact
- 0
This is about a hacking & malware injection attack we had on our websites in Nov 2021. About 12 of our websites were badly hit and it took us many months to clean up all that mess and restore services. Luckily for us, the guys who hacked our website left backlinks to their own website using which we were able to track them down in no time. But that these crooks are still roaming freely is another story altogether. (We put this whole story on our blog: just search for "Tekzilver hacking" on Google and you will find our story)
My question is this: all of these malicious activities were carried out by a reseller of OVH in India, (by the name of Bullten Web Hosting Service) using an OVH VPS and their infrastructure. We wrote to OVH about it and requested them more information about their IP addresses which we found in our server access logs but they haven't done anything so far. Apparently, they (OVH) only have access to the power source of the VPS and what was done using their servers, didn't look like a problem to them, even if it was used for malicious purposes. What can we do to get OVH to share this information?
Next, all our websites were hosted on Godaddy (which we now believe was a big mistake). We were shocked when we started seeing news of how Godaddy's hosting servers were hacked repeatedly since 2019 (pandemic time), and the most recent attack was in Dec 2022. Our websites were hacked in Nov 2021 and Godaddy's servers were also hacked around the same time. Multiple reports online point to the fact that these hacking attacks started happening after their current CEO came into the picture.
From the way they (Godaddy) behaved, it sometimes makes us believe there could be a strong possibility that the login credentials to the Godaddy hosting servers could have been deliberately leaked to known threat players so that customers whose websites were hacked could be up-sold more Godaddy products such as malware protection, ssl certificates, backups etc. In our case, that is exactly what Godaddy did! Far from helping us or provide any advice on how to restore our services when our websites were hacked, thy simply tried to sell us more products! And till date, we have not had any response from Godaddy to our complaint about the hacking attack on our websites. What do you make of this?
My question is this: all of these malicious activities were carried out by a reseller of OVH in India, (by the name of Bullten Web Hosting Service) using an OVH VPS and their infrastructure. We wrote to OVH about it and requested them more information about their IP addresses which we found in our server access logs but they haven't done anything so far. Apparently, they (OVH) only have access to the power source of the VPS and what was done using their servers, didn't look like a problem to them, even if it was used for malicious purposes. What can we do to get OVH to share this information?
Next, all our websites were hosted on Godaddy (which we now believe was a big mistake). We were shocked when we started seeing news of how Godaddy's hosting servers were hacked repeatedly since 2019 (pandemic time), and the most recent attack was in Dec 2022. Our websites were hacked in Nov 2021 and Godaddy's servers were also hacked around the same time. Multiple reports online point to the fact that these hacking attacks started happening after their current CEO came into the picture.
From the way they (Godaddy) behaved, it sometimes makes us believe there could be a strong possibility that the login credentials to the Godaddy hosting servers could have been deliberately leaked to known threat players so that customers whose websites were hacked could be up-sold more Godaddy products such as malware protection, ssl certificates, backups etc. In our case, that is exactly what Godaddy did! Far from helping us or provide any advice on how to restore our services when our websites were hacked, thy simply tried to sell us more products! And till date, we have not had any response from Godaddy to our complaint about the hacking attack on our websites. What do you make of this?
