+ Reply to Thread
Results 1 to 7 of 7

Thread: Domain name and security issues

  1. #1
    bitacom You Are Posting As A Guest - Please Register or Log In

    Question Domain name and security issues

    I am sorry that I did not register here, but I will asap. I have been a glowhost customer recently but there was problem with the domain name I registered with glowhost. While it was registered and I was told everything was set later it was found that there was some bug which did not give me the domain. It was escalated and Matt tried to help as much as possible.

    Today my quick question for a friend who is looking into web hosting options :

    Is the bug in domain name booking resolved ? I ask this specifically because after my initial incidence I found that the system did allow to register existing domain/s though this time I did not proceed towards the final payment.

    Question 2 :
    There seems to have been "compromises" on client accounts all over the net recently which has been reasoned due to ftp loopholes and spywares in client pc-s BUT this may not be true always as several tech people have reported acrosss the net despite thoroughly "cleaning" their pcs and very frequent change of ftp and all passwords there has been again re-infection of sites.

    Several hosts has taken this issue as critical red alert to protect innocent ciustomer/client's interest and undue account suspensions - they have among other measures enabled SFTP and started blocking .cn domains - Malicious ?Income? IFrames from .CN Domains | Unmask Parasites. Blog.

    Has glowhost SFTP enabled for shared accounts ?

  2. #2
    Alexander's Avatar
    Alexander is offline Technical Analyst
    Join Date
    Jul 2007
    Posts
    1,349

    Default

    Hello, please, open the ticket regarding the issue with your domain. As SFTP, we do provide it. You can find some threads about it below:
    http://glowhost.com/forums/knowledge...panel-921.html
    http://glowhost.com/forums/general-s...s-how-912.html
    http://glowhost.com/forums/knowledge...panel-926.html
    http://glowhost.com/forums/knowledge...main-1655.html

  3. #3
    bitacom is offline Newbie
    Join Date
    May 2009
    Posts
    2

    Default

    Hi Alex, Thanks a lot for your reply. I think there is no use opening that ticket [EFY-0819-518 ] as that matter is unresolved and closed despite Matt's best attempt ( is he still here ? )

    I just wanted to know if that bug with domain name booking system has been resolved. Has that system been updated ?

    Thanks a LOT for the info on SFTP - it is great to know that glowhost has that enabled for shared customers. Do you consider blocking access by .cn domains ( link above ) ?

    Regards

  4. #4
    Alexander's Avatar
    Alexander is offline Technical Analyst
    Join Date
    Jul 2007
    Posts
    1,349

    Default

    Hello, our programmers have fixed this issue. But anyway, if you found any bugs in the way our system works, please, let us know.

    As for the blocking access by .cn domains, IMHO it is useless to perform on the servers because code injection is performed from another compromised computer which can be located anywhere. Connection to these domains take place from the visitor's computer, when the person tries to brows infected site.

  5. #5
    bitacom is offline Newbie
    Join Date
    May 2009
    Posts
    2

    Default

    Hi Alex, Great to know that this has been fixed.

    The recent issue is too recent and experts are of opinion
    that whether it is the client machine or *something* in the host
    network the things happens in the following way - ftp is compromised
    so that ftp credentials are sent to the hacker's network. This much happens at this end. Now the .cn domains execute the script on
    client's account by accessing from .cn domains.
    That is to say, code injection can happen from anywhere in any computer but ultimately a script or whatever knows it from a .cn domain ( see list in above link ) and accesses the clinet from a .cn domain to do harmful things.
    Thus one malacious part of the code can remain in the client machine but it itself will be harmless if it is not accessed by a bot or human or whatever from those .cn domains.
    For these reasons some hosts are considering this pro-actively rather than doing something *after* something happens.

    The domain registration system is now apparently free of that bug as I tested it

    Best regards

  6. #6
    Matt's Avatar
    Matt is online now GlowHost Administrator
    Join Date
    Jan 2005
    Location
    Behind your monitor
    Posts
    5,259

    Default

    This hack is not limited to just .cn domains from what I have been seeing it can be any TLD.
    Send your friends and site visitors to GlowHost and get $125 plus bonus!
    GlowHost Affiliate Program | Read our Blog | GlowHost's Facebook | Follow us on Twitter | GlowHost on Google+

  7. #7
    raicol is offline No longer a Newbie
    Join Date
    May 2010
    Posts
    5

    Default

    What exactly you want to know?

    Regards,
    Raicol

+ Reply to Thread

Similar Threads

  1. Security Certificate Expired
    By MyWeaverville in forum cPanel Topics
    Replies: 1
    Last Post: 04-23-2010, 07:31 AM
  2. Great security protection
    By Angie in forum Customer Reviews
    Replies: 0
    Last Post: 02-19-2007, 10:52 PM
  3. Strange security issue
    By ampm designs in forum General Support
    Replies: 4
    Last Post: 03-03-2006, 12:36 PM
  4. Security Update:
    By Matt in forum Outages and Scheduled Maintenance
    Replies: 0
    Last Post: 01-22-2005, 02:42 AM

Bookmarks

Posting Permissions

  • You may post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16