Bad Experiences Thread, Fasthosts in Purchasing and Trading; Anyone suffered any ill-affects of Fasthost's recently security scare?
I tried to log on to an FTP site this morning ...
30th November 2007, 10:40 AM #1
- Rep Power
Anyone suffered any ill-affects of Fasthost's recently security scare?
I tried to log on to an FTP site this morning to find my password being rejected. Apparently they have reset a lot of their customers passwords because someone has recently hacked into their system and obtained customer account details.
Last edited by AnnDroyd; 2nd May 2008 at 01:56 PM.
30th November 2007, 11:00 AM #2
Yeah, I had the email from them this morning - apparently some of the accounts have been compromised and whoever did the hack has been ftping into sites and changing stuff....
"Dear Customer, We wrote to you on 18th October 2007 advising that you change all of the passwords on your Fasthosts accounts (including control panel, FTP, database and email), in order to prevent any unauthorised account access following the network intrusion we previously communicated. Whilst we have found the vulnerability that caused this issue, and have instigated a system wide security audit to improve and enhance our current security, we also advised you to change your control panel, FTP and email passwords as a precaution. Today we have been made aware that a small number of our customers who did not change their passwords have experienced a compromise to their FTP space. As a result, in order to totally protect all of our customers, we have today implemented an automatic password change for every control panel, FTP or SQL password that was not previously reset. In 10 days time we will also reset all unchanged email passwords. To ensure complete security when communicating your new passwords to you, we will first take the stringent measure of sending the new control panel password via Royal Mail. Once you have received your new control panel password, you will then be able to go into your control panel and immediately change your FTP, SQL and email passwords. Please note that the email password reminder system will not work from the time you receive this mail, to the time you log in with your new control panel password. If you have already changed your control panel password, you will still need to go into your control panel and change ALL the FTP, SQL and email passwords associated with your accounts that haven’t already been changed. UNDER NO CIRCUMSTANCES WHATSOEVER SHOULD YOU TRY TO REUSE ANY OF YOUR OLD PASSWORDS We apologise for the inconvenience that this will cause you during this period, but trust you understand that our primary concern is for our customers and for the security of their websites and data. Unfortunately, an automatic password change is the only way of ensuring that all of our customers are totally secure. If you have any questions relating to this, please contact our Customer Support team on 0870 888 3600 or firstname.lastname@example.org, and they will be more than happy to help you. Thank you once again for your understanding and cooperation in this matter.Yours sincerely, The Fasthosts Team"
30th November 2007, 12:13 PM #3
What's even more annoying is that it took them about 8 days after the Register broke the story* (and the comments section was enlightening about their questionable security practices) to email me about the breach.
So yeah, between that and the continued poor performance and support, we don't use them anymore.
30th November 2007, 12:18 PM #4
Same here. I've moved all my accounts over to 123reg. I hope they are better. I was even more annoyed at how they automatically took £6 odd for renewal fees 30 days before expiration of the domain, without even telling me.
They told me they had sent numerous emails about it, none of which I got, but the invoice for £6 came through fine.
Never going to use them again. From what I have also read on the net, many people are doing the same.
30th November 2007, 12:24 PM #5
- Rep Power
well speaking of website security when i worked at longslade community college the embc or someone similar hosted their websites and the username and password for FTP was something like "siteID" "tuesday" then you got logged into the folder /siteID/ out of interest i went up a folder and could happily download/remove the websites of over 150 schools (i obviously didnt) but was shocked about the lack of permission based security.
Not surprising though as we all know these consortiums are ran by cowboys.
30th November 2007, 12:27 PM #6
Just out of pure curiousty who would you recomend over fasthosts ?
30th November 2007, 12:36 PM #7
- Rep Power
dreamhosts have been good for me but not for everyone.
I have also used servage.net in the past and they were ok although the databases seem to run a bit slow at times.
30th November 2007, 12:40 PM #8
I have been with fasthost for 1 year and i found them to be pretty poor. I had a billing issue where i had a new debit card issued and did not think to update there billing records. So the pay did not go through so they wanted to charge me 30 pounds for it. So i just closed my account and went with dreamhosts which are cheap and cheerful
30th November 2007, 12:43 PM #9
I'm with FastHosts and touch wood have not had any issues (apart from their security breach the numbnuts). Have you heard the horror stories about 1and1?
30th November 2007, 12:52 PM #10
EduGeek is hosted on a Fasthosts server. When the security breach came t light I spent an awful evening alerting all the site admins and changing passwords ad-nausium. Needless to say the service we have received in the past year has really not been up to scratch and better hosting will be sought next year after our contract is up (I've paid for the year). Hopefully a nice company will allow us to live on their server farm if we purchase our own server.
30th November 2007, 01:01 PM #11
30th November 2007, 01:28 PM #12
Last time I bothered to check, that hadn't changed. Trusting county to care about securing your data (export of pupil data via ftp, anyone?) is asking for trouble.
We're currently using www.positive-internet.com and in the 28 days trial period still. So far they haven't sucked, and the guys we quizzed on the phone before committing to a trial knew what he was talking about _and_ knew about Moodle. It's too early to tell whether we'll continue with them as "better than fasthosts" isn't really hard to achieve.
For personal websites, I've used www.purplecloud.net for nearly 4 years and they're brilliant but (last time I checked with them) they don't reccommend themselves for business websites.
Surely "...poor service, we reccommend $foo instead?"
30th November 2007, 02:23 PM #13
Fasthosts are RRRRRRRRubbish with a capital R.
Used to have a reseller account years ago with them, but had to drop them after they repeatedly emailed the account admin password to me in clear text despite me never even requesting it.
Useless. And if they have had further security breaches since then, it doesnt suprise me. I think someone need to pop in and actualy explain to them what security means?
30th November 2007, 02:41 PM #14
i've now noticed somthing that i'm not too hapy with about fasthosts
i have used them for years. and i use catchall mail forwarding so i can use throwaway email addresses eg: email@example.com, firstname.lastname@example.org 12345@@website.com etc.
However i'm now getting loads of junk mail sent to different addresses I used ONLY ONCE from years ago. So it poses the interesting question of how those addresses got out.
Either Fasthosts has been hacked before or more likley, someone within Fasthosts is selling email addresses.
30th November 2007, 02:50 PM #15
@ChrisP That's an interesting observation as I have FastHosts email and I get spam in accounts where I have never ever used or given out the email address.
By pete in forum Wireless Networks
Last Post: 12th July 2007, 02:05 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)