M3server support is weak

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • pamon
    Confirmed User
    • Dec 2007
    • 3113

    #1

    Business M3server support is weak

    So I woke up Saturday to see a bunch of our wordpress sites taken over by a turkish hijacking page. Who knows how they got it, but all pages hosted at m3server. We put in a support page on Saturday, it's now Monday with several sites still down, and all they say is we manage the servers not the sites. I use hawkhost on several other adult sites and have had no problems, and running new with m3server. I know wordpress has its issues and security issues, but not a happy camper with m3server. might be time to move them and tighten up wordpress sites a little more closer now.
    Email: [email protected]
    TG: Davidamodt
    US Adult Content & Porn Writer Project/Sites/Tubes/Reviews & More
  • brassmonkey
    Pay It Forward
    • Sep 2005
    • 77396

    #2
    could be a lot of things. email me some info on the highjacker and stuff
    TRUMP 2026 KEKAW!!! - The Laken Riley Act Is Law!
    DACA ENDED - SUPPORT AZ HCR 2060 52R - email: brassballz-at-techie.com

    Comment

    • pamon
      Confirmed User
      • Dec 2007
      • 3113

      #3
      email sent @brassmonkey. thanks
      Email: [email protected]
      TG: Davidamodt
      US Adult Content & Porn Writer Project/Sites/Tubes/Reviews & More

      Comment

      • brassmonkey
        Pay It Forward
        • Sep 2005
        • 77396

        #4
        replied that is bad. i would do more in the morning
        TRUMP 2026 KEKAW!!! - The Laken Riley Act Is Law!
        DACA ENDED - SUPPORT AZ HCR 2060 52R - email: brassballz-at-techie.com

        Comment

        • k0nr4d
          Confirmed User
          • Aug 2006
          • 9231

          #5
          Originally posted by pamon
          So I woke up Saturday to see a bunch of our wordpress sites taken over by a turkish hijacking page. Who knows how they got it, but all pages hosted at m3server. We put in a support page on Saturday, it's now Monday with several sites still down, and all they say is we manage the servers not the sites. I use hawkhost on several other adult sites and have had no problems, and running new with m3server. I know wordpress has its issues and security issues, but not a happy camper with m3server. might be time to move them and tighten up wordpress sites a little more closer now.
          I don't really see why you are upset at m3server. Wordpress itself is not insecure as long as you keep it up to date, but often the plugins/extensions people use because they treat wordpress like some magical swiss army knife. It's a blog script, it's not an online store, a tube, a cam script and everything all in one.

          It's not your server that got hacked, it's your wordpress installation. You are hiring m3server as managed hosting. They are there to manage your server, not to maintain your websites as you wrote. They are not programmers, and they don't do penetration testing of web applications. They are server admins.

          What were you expecting them to do? The most they can do is restore from backup, but at this point it's not even people hacking wordpress sites - it's just bots. Without patching the hole, it would just get hacked again in a couple of days at most.

          The exact same thing would have happened hosting anywhere else. If it hasn't happened at hawkhost, it's either because you aren't using the same plugins or versions of plugins on those sites and don't have the security hole, or you are just lucky and bots haven't stumbled apon your sites there yet.

          What you REALLY need to do is make sure your wordpresses and plugins are up to date, and if it's still getting hacked after that hire a programmer or pentester to find the hole and patch it.
          Mechanical Bunny Media
          Mechbunny Tube Script | Mechbunny Webcam Aggregator Script | Custom Web Development

          Comment

          • Klen
            • Aug 2006
            • 32235

            #6
            Originally posted by k0nr4d
            I don't really see why you are upset at m3server. Wordpress itself is not insecure as long as you keep it up to date, but often the plugins/extensions people use because they treat wordpress like some magical swiss army knife. It's a blog script, it's not an online store, a tube, a cam script and everything all in one.

            It's not your server that got hacked, it's your wordpress installation. You are hiring m3server as managed hosting. They are there to manage your server, not to maintain your websites as you wrote. They are not programmers, and they don't do penetration testing of web applications. They are server admins.

            What were you expecting them to do? The most they can do is restore from backup, but at this point it's not even people hacking wordpress sites - it's just bots. Without patching the hole, it would just get hacked again in a couple of days at most.

            The exact same thing would have happened hosting anywhere else. If it hasn't happened at hawkhost, it's either because you aren't using the same plugins or versions of plugins on those sites and don't have the security hole, or you are just lucky and bots haven't stumbled apon your sites there yet.

            What you REALLY need to do is make sure your wordpresses and plugins are up to date, and if it's still getting hacked after that hire a programmer or pentester to find the hole and patch it.
            Well let me put this way - if they dont do anything, then webmaster have no choice to either shutdown sites or move to somewhere else who can fix that problem. Management sometime need to go over official duties otherwise it make it then pointless.

            Comment

            • Denny
              Too lazy to set a custom title
              • Feb 2005
              • 17390

              #7
              Originally posted by k0nr4d
              I don't really see why you are upset at m3server. Wordpress itself is not insecure as long as you keep it up to date, but often the plugins/extensions people use because they treat wordpress like some magical swiss army knife. It's a blog script, it's not an online store, a tube, a cam script and everything all in one.

              It's not your server that got hacked, it's your wordpress installation. You are hiring m3server as managed hosting. They are there to manage your server, not to maintain your websites as you wrote. They are not programmers, and they don't do penetration testing of web applications. They are server admins.

              What were you expecting them to do? The most they can do is restore from backup, but at this point it's not even people hacking wordpress sites - it's just bots. Without patching the hole, it would just get hacked again in a couple of days at most.

              The exact same thing would have happened hosting anywhere else. If it hasn't happened at hawkhost, it's either because you aren't using the same plugins or versions of plugins on those sites and don't have the security hole, or you are just lucky and bots haven't stumbled apon your sites there yet.

              What you REALLY need to do is make sure your wordpresses and plugins are up to date, and if it's still getting hacked after that hire a programmer or pentester to find the hole and patch it.

              Comment

              • k0nr4d
                Confirmed User
                • Aug 2006
                • 9231

                #8
                Originally posted by KlenTelaris
                Well let me put this way - if they dont do anything, then webmaster have no choice to either shutdown sites or move to somewhere else who can fix that problem. Management sometime need to go over official duties otherwise it make it then pointless.
                There's always the third choice - which is to fix their security holes, because it will be the same story if they move to another host once the bots have the site "in their rotation". I've seen this a hundred times. Weak wordpress installation, bots install backdoor, host finds backdoor/removes it, bot just readds it a day later. Would be exact same shit if he hosted anywhere else until someone does something about the root of the issue.
                Mechanical Bunny Media
                Mechbunny Tube Script | Mechbunny Webcam Aggregator Script | Custom Web Development

                Comment

                • brassmonkey
                  Pay It Forward
                  • Sep 2005
                  • 77396

                  #9
                  i have never had a wordpress copy hacked ever! there are huge news stations that use it all over the freaking world with no issues. it's either a plugin or theme
                  TRUMP 2026 KEKAW!!! - The Laken Riley Act Is Law!
                  DACA ENDED - SUPPORT AZ HCR 2060 52R - email: brassballz-at-techie.com

                  Comment

                  • j3rkules
                    VIP
                    • Jul 2013
                    • 22111

                    #10
                    Did you ask them to restore from backup? You should have back ups if you are hosting with them.

                    Comment

                    • NatalieMojoHost
                      Confirmed User
                      • Aug 2013
                      • 1479

                      #11
                      Originally posted by j3rkules
                      Did you ask them to restore from backup? You should have back ups if you are hosting with them.
                      In truth, you should have backups no matter where you host.

                      MojoHost takes support to a higher level as with our managed solutions we would help you work out the problem. This said, we're also not programmers, our team is made up of systems administrators - so to weed out the root of the problem you do have to review your WordPress setup and find how they got in.

                      MojoHost.COM | natalie at mojohost dot com | Skype natalie.ac | Telegram @znatalie. Since 1999: 70 Adult Industry awards for Best Hosting Company and professional excellence.

                      Comment

                      • k0nr4d
                        Confirmed User
                        • Aug 2006
                        • 9231

                        #12
                        Originally posted by brassmonkey
                        i have never had a wordpress copy hacked ever! there are huge news stations that use it all over the freaking world with no issues. it's either a plugin or theme
                        WP is pretty ok now. A few years ago less so, but again this is base wp we're talking about. It's always the plugins at fault nowadays.
                        Mechanical Bunny Media
                        Mechbunny Tube Script | Mechbunny Webcam Aggregator Script | Custom Web Development

                        Comment

                        • Klen
                          • Aug 2006
                          • 32235

                          #13
                          Originally posted by NatalieMojoHost
                          In truth, you should have backups no matter where you host.

                          MojoHost takes support to a higher level as with our managed solutions we would help you work out the problem. This said, we're also not programmers, our team is made up of systems administrators - so to weed out the root of the problem you do have to review your WordPress setup and find how they got in.
                          I was originally system administrator before and as system administrator it is possible to configure system to be safe even when script have a vulnerability . So for example, one of good security practices is following : dont use wordpress

                          Comment

                          • ryanservergeekk
                            Confirmed User
                            • Oct 2015
                            • 118

                            #14
                            Pamon,

                            >all they say is we manage the servers not the sites.

                            We did say this, but we do not decline helping clients with website.

                            And in same reply from us, I asked for more details so that we could further assist.

                            We wait your reply since before you made this post and there are backups to be restored if you need them.

                            Look forward to your reply to our ticket and hopefully a more positive outlook on M3 in future.
                            __________________
                            M3Server - Celebrating 26 years of hosting
                            Mention this sig for free hosting credits.
                            Fully Managed Virtual & Dedicated Servers
                            Ryan the ServerGeek - [email protected] Skype: ryan.m3server
                            https://www.m3server.com/promo/virtu...r_deals/?=rGFY

                            Comment

                            • ryanservergeekk
                              Confirmed User
                              • Oct 2015
                              • 118

                              #15
                              Originally posted by k0nr4d
                              I don't really see why you are upset at m3server. Wordpress itself is not insecure as long as you keep it up to date, but often the plugins/extensions people use because they treat wordpress like some magical swiss army knife. It's a blog script, it's not an online store, a tube, a cam script and everything all in one.

                              It's not your server that got hacked, it's your wordpress installation. You are hiring m3server as managed hosting. They are there to manage your server, not to maintain your websites as you wrote. They are not programmers, and they don't do penetration testing of web applications. They are server admins.

                              What were you expecting them to do? The most they can do is restore from backup, but at this point it's not even people hacking wordpress sites - it's just bots. Without patching the hole, it would just get hacked again in a couple of days at most.

                              The exact same thing would have happened hosting anywhere else. If it hasn't happened at hawkhost, it's either because you aren't using the same plugins or versions of plugins on those sites and don't have the security hole, or you are just lucky and bots haven't stumbled apon your sites there yet.

                              What you REALLY need to do is make sure your wordpresses and plugins are up to date, and if it's still getting hacked after that hire a programmer or pentester to find the hole and patch it.

                              Thank you, very well said.
                              __________________
                              M3Server - Celebrating 26 years of hosting
                              Mention this sig for free hosting credits.
                              Fully Managed Virtual & Dedicated Servers
                              Ryan the ServerGeek - [email protected] Skype: ryan.m3server
                              https://www.m3server.com/promo/virtu...r_deals/?=rGFY

                              Comment

                              • brassmonkey
                                Pay It Forward
                                • Sep 2005
                                • 77396

                                #16
                                Originally posted by ryanservergeekk
                                Pamon,

                                >all they say is we manage the servers not the sites.

                                We did say this, but we do not decline helping clients with website.

                                And in same reply from us, I asked for more details so that we could further assist.

                                We wait your reply since before you made this post and there are backups to be restored if you need them.

                                Look forward to your reply to our ticket and hopefully a more positive outlook on M3 in future.
                                i was trying to find your email. i knew somebody was a member here
                                TRUMP 2026 KEKAW!!! - The Laken Riley Act Is Law!
                                DACA ENDED - SUPPORT AZ HCR 2060 52R - email: brassballz-at-techie.com

                                Comment

                                • ryanservergeekk
                                  Confirmed User
                                  • Oct 2015
                                  • 118

                                  #17
                                  Originally posted by brassmonkey
                                  i was trying to find your email. i knew somebody was a member here
                                  Thank you for thinking to reach out to us. We really appreciate that!
                                  __________________
                                  M3Server - Celebrating 26 years of hosting
                                  Mention this sig for free hosting credits.
                                  Fully Managed Virtual & Dedicated Servers
                                  Ryan the ServerGeek - [email protected] Skype: ryan.m3server
                                  https://www.m3server.com/promo/virtu...r_deals/?=rGFY

                                  Comment

                                  • Sly
                                    Let's do some business!
                                    • Sep 2004
                                    • 31376

                                    #18
                                    Originally posted by k0nr4d
                                    WP is pretty ok now. A few years ago less so, but again this is base wp we're talking about. It's always the plugins at fault nowadays.
                                    WordPress is much better these days than it used to be.

                                    If you guys have WordPress sites, they should be isolated on their own users so that if one gets hacked it does not leak over and destroy all of the other sites on the same user. We have seen this happen countless times. Separating WordPress sites onto their own users was an absolute lifesaver and how we ensure all WordPress sites are installed moving forward.

                                    It's also absolutely crucial that you are updating WordPress, the plug-ins and the themes that you use. Any plug-in that you do not actually use should be completely removed.
                                    Vacares - Web Hosting, Domains, O365, Security & More - Paxum and BTC Accepted

                                    Windows VPS now available
                                    Great for TSS, Nifty Stats, remote work, virtual assistants, etc.
                                    Click here for more details.

                                    Comment

                                    • ryanservergeekk
                                      Confirmed User
                                      • Oct 2015
                                      • 118

                                      #19
                                      Originally posted by Sly
                                      they should be isolated on their own users so that if one gets hacked it does not leak over and destroy all of the other sites on the same user.
                                      You're absolutely right!
                                      __________________
                                      M3Server - Celebrating 26 years of hosting
                                      Mention this sig for free hosting credits.
                                      Fully Managed Virtual & Dedicated Servers
                                      Ryan the ServerGeek - [email protected] Skype: ryan.m3server
                                      https://www.m3server.com/promo/virtu...r_deals/?=rGFY

                                      Comment

                                      • k0nr4d
                                        Confirmed User
                                        • Aug 2006
                                        • 9231

                                        #20
                                        Originally posted by Sly
                                        WordPress is much better these days than it used to be.

                                        If you guys have WordPress sites, they should be isolated on their own users so that if one gets hacked it does not leak over and destroy all of the other sites on the same user. We have seen this happen countless times. Separating WordPress sites onto their own users was an absolute lifesaver and how we ensure all WordPress sites are installed moving forward.

                                        It's also absolutely crucial that you are updating WordPress, the plug-ins and the themes that you use. Any plug-in that you do not actually use should be completely removed.
                                        Yep, I do the same shit, isolated onto their own VPS
                                        Mechanical Bunny Media
                                        Mechbunny Tube Script | Mechbunny Webcam Aggregator Script | Custom Web Development

                                        Comment

                                        • brassmonkey
                                          Pay It Forward
                                          • Sep 2005
                                          • 77396

                                          #21
                                          thanks to all the buzzards stabbing people in the back
                                          TRUMP 2026 KEKAW!!! - The Laken Riley Act Is Law!
                                          DACA ENDED - SUPPORT AZ HCR 2060 52R - email: brassballz-at-techie.com

                                          Comment

                                          • ryanservergeekk
                                            Confirmed User
                                            • Oct 2015
                                            • 118

                                            #22
                                            Anyone reading this and want to see why we are a preferred adult hosting company by many of the top adult scripts for years now?

                                            Use special promo code below to get 75% off three months on any VPS configuration of your choice and free one year domain name registration.

                                            https://www.m3server.com/
                                            enter promo at checkout
                                            PROMOCODE: GFYROCKS2019

                                            Expires dec 31, 2019
                                            __________________
                                            M3Server - Celebrating 26 years of hosting
                                            Mention this sig for free hosting credits.
                                            Fully Managed Virtual & Dedicated Servers
                                            Ryan the ServerGeek - [email protected] Skype: ryan.m3server
                                            https://www.m3server.com/promo/virtu...r_deals/?=rGFY

                                            Comment

                                            • sarettah
                                              see you later, I'm gone
                                              • Oct 2002
                                              • 14296

                                              #23
                                              Bump fo M3.

                                              Been a customer of M3 for around 18 years. They are rock solid when it comes to support.

                                              I also do a lot of work on Mojo servers, again, rock solid when it comes to support.

                                              You can't go wrong with either of them.

                                              Heard great stuff about Sly and Vacares too but do not have any actual experience with them so I cannot personally attest to them but others here can.



                                              .
                                              All cookies cleared!

                                              Comment

                                              • ryanservergeekk
                                                Confirmed User
                                                • Oct 2015
                                                • 118

                                                #24
                                                Originally posted by sarettah
                                                Bump fo M3.

                                                Been a customer of M3 for around 18 years. They are rock solid when it comes to support.

                                                I also do a lot of work on Mojo servers, again, rock solid when it comes to support.

                                                You can't go worng with either of them.

                                                Heard great stuff about Sly and Vacares too but do not have any actual experience with them so I cannot personally attest to them but others here can.



                                                .
                                                Thank you!! I'm loving the good vibes.
                                                __________________
                                                M3Server - Celebrating 26 years of hosting
                                                Mention this sig for free hosting credits.
                                                Fully Managed Virtual & Dedicated Servers
                                                Ryan the ServerGeek - [email protected] Skype: ryan.m3server
                                                https://www.m3server.com/promo/virtu...r_deals/?=rGFY

                                                Comment

                                                • Focus
                                                  Last of a dying breed.
                                                  • Jun 2004
                                                  • 669

                                                  #25
                                                  Dont know about all wordpress stuff since i stay away from it, but as a heavy sites manager 1M a day+, Vacares is def my choice on this. Dont know bout M3 nor Mojo but i did also heard good things about them. Good luck with your adventure mate.

                                                  Comment

                                                  • CaptainHowdy
                                                    Too lazy to set a custom title
                                                    • Dec 2004
                                                    • 94730

                                                    #26
                                                    Originally posted by sarettah
                                                    Bump fo M3.

                                                    Been a customer of M3 for around 18 years. They are rock solid when it comes to support.

                                                    I also do a lot of work on Mojo servers, again, rock solid when it comes to support.

                                                    You can't go wrong with either of them.

                                                    Heard great stuff about Sly and Vacares too but do not have any actual experience with them so I cannot personally attest to them but others here can.



                                                    .
                                                    sarettah has spoken.

                                                    Comment

                                                    • brassmonkey
                                                      Pay It Forward
                                                      • Sep 2005
                                                      • 77396

                                                      #27
                                                      Originally posted by Focus
                                                      Dont know about all wordpress stuff since i stay away from it, but as a heavy sites manager 1M a day+, Vacares is def my choice on this. Dont know bout M3 nor Mojo but i did also heard good things about them. Good luck with your adventure mate.
                                                      who gives a shit what you think??
                                                      TRUMP 2026 KEKAW!!! - The Laken Riley Act Is Law!
                                                      DACA ENDED - SUPPORT AZ HCR 2060 52R - email: brassballz-at-techie.com

                                                      Comment

                                                      • incredibleworkethic
                                                        Confirmed User
                                                        • Sep 2009
                                                        • 2302

                                                        #28
                                                        Originally posted by brassmonkey
                                                        i have never had a wordpress copy hacked ever! there are huge news stations that use it all over the freaking world with no issues. it's either a plugin or theme
                                                        Same. I'm running a site with over 20k uniques a day. But then again who knows which plugins are making the site vulnerable, if that's true. Open ended answer. Try another host if you need to.

                                                        Comment

                                                        • brassmonkey
                                                          Pay It Forward
                                                          • Sep 2005
                                                          • 77396

                                                          #29
                                                          Originally posted by incredibleworkethic
                                                          Same. I'm running a site with over 20k uniques a day. But then again who knows which plugins are making the site vulnerable, if that's true. Open ended answer. Try another host if you need to.
                                                          he's at m3 stop already
                                                          TRUMP 2026 KEKAW!!! - The Laken Riley Act Is Law!
                                                          DACA ENDED - SUPPORT AZ HCR 2060 52R - email: brassballz-at-techie.com

                                                          Comment

                                                          Working...