Business M3server support is weak

[pamon]

So I woke up Saturday to see a bunch of our wordpress sites taken over by a turkish hijacking page. Who knows how they got it, but all pages hosted at m3server. We put in a support page on Saturday, it's now Monday with several sites still down, and all they say is we manage the servers not the sites. I use hawkhost on several other adult sites and have had no problems, and running new with m3server. I know wordpress has its issues and security issues, but not a happy camper with m3server. might be time to move them and tighten up wordpress sites a little more closer now.

[brassmonkey]

could be a lot of things. email me some info on the highjacker and stuff

[pamon]

email sent @brassmonkey. thanks

[brassmonkey]

replied that is bad. i would do more in the morning

[k0nr4d]

Quote:

Originally Posted by pamon

So I woke up Saturday to see a bunch of our wordpress sites taken over by a turkish hijacking page. Who knows how they got it, but all pages hosted at m3server. We put in a support page on Saturday, it's now Monday with several sites still down, and all they say is we manage the servers not the sites. I use hawkhost on several other adult sites and have had no problems, and running new with m3server. I know wordpress has its issues and security issues, but not a happy camper with m3server. might be time to move them and tighten up wordpress sites a little more closer now.

I don't really see why you are upset at m3server. Wordpress itself is not insecure as long as you keep it up to date, but often the plugins/extensions people use because they treat wordpress like some magical swiss army knife. It's a blog script, it's not an online store, a tube, a cam script and everything all in one.

It's not your server that got hacked, it's your wordpress installation. You are hiring m3server as managed hosting. They are there to manage your server, not to maintain your websites as you wrote. They are not programmers, and they don't do penetration testing of web applications. They are server admins.

What were you expecting them to do? The most they can do is restore from backup, but at this point it's not even people hacking wordpress sites - it's just bots. Without patching the hole, it would just get hacked again in a couple of days at most.

The exact same thing would have happened hosting anywhere else. If it hasn't happened at hawkhost, it's either because you aren't using the same plugins or versions of plugins on those sites and don't have the security hole, or you are just lucky and bots haven't stumbled apon your sites there yet.

What you REALLY need to do is make sure your wordpresses and plugins are up to date, and if it's still getting hacked after that hire a programmer or pentester to find the hole and patch it.

[Klen]

Quote:

Originally Posted by k0nr4d

I don't really see why you are upset at m3server. Wordpress itself is not insecure as long as you keep it up to date, but often the plugins/extensions people use because they treat wordpress like some magical swiss army knife. It's a blog script, it's not an online store, a tube, a cam script and everything all in one.

It's not your server that got hacked, it's your wordpress installation. You are hiring m3server as managed hosting. They are there to manage your server, not to maintain your websites as you wrote. They are not programmers, and they don't do penetration testing of web applications. They are server admins.

What were you expecting them to do? The most they can do is restore from backup, but at this point it's not even people hacking wordpress sites - it's just bots. Without patching the hole, it would just get hacked again in a couple of days at most.

The exact same thing would have happened hosting anywhere else. If it hasn't happened at hawkhost, it's either because you aren't using the same plugins or versions of plugins on those sites and don't have the security hole, or you are just lucky and bots haven't stumbled apon your sites there yet.

What you REALLY need to do is make sure your wordpresses and plugins are up to date, and if it's still getting hacked after that hire a programmer or pentester to find the hole and patch it.

Well let me put this way - if they dont do anything, then webmaster have no choice to either shutdown sites or move to somewhere else who can fix that problem. Management sometime need to go over official duties otherwise it make it then pointless.

[Denny]

Quote:

Originally Posted by k0nr4d

I don't really see why you are upset at m3server. Wordpress itself is not insecure as long as you keep it up to date, but often the plugins/extensions people use because they treat wordpress like some magical swiss army knife. It's a blog script, it's not an online store, a tube, a cam script and everything all in one.

It's not your server that got hacked, it's your wordpress installation. You are hiring m3server as managed hosting. They are there to manage your server, not to maintain your websites as you wrote. They are not programmers, and they don't do penetration testing of web applications. They are server admins.

What were you expecting them to do? The most they can do is restore from backup, but at this point it's not even people hacking wordpress sites - it's just bots. Without patching the hole, it would just get hacked again in a couple of days at most.

The exact same thing would have happened hosting anywhere else. If it hasn't happened at hawkhost, it's either because you aren't using the same plugins or versions of plugins on those sites and don't have the security hole, or you are just lucky and bots haven't stumbled apon your sites there yet.

What you REALLY need to do is make sure your wordpresses and plugins are up to date, and if it's still getting hacked after that hire a programmer or pentester to find the hole and patch it.

[k0nr4d]

Quote:

Originally Posted by KlenTelaris

Well let me put this way - if they dont do anything, then webmaster have no choice to either shutdown sites or move to somewhere else who can fix that problem. Management sometime need to go over official duties otherwise it make it then pointless.

There's always the third choice - which is to fix their security holes, because it will be the same story if they move to another host once the bots have the site "in their rotation". I've seen this a hundred times. Weak wordpress installation, bots install backdoor, host finds backdoor/removes it, bot just readds it a day later. Would be exact same shit if he hosted anywhere else until someone does something about the root of the issue.

[brassmonkey]

i have never had a wordpress copy hacked ever! there are huge news stations that use it all over the freaking world with no issues. it's either a plugin or theme

[j3rkules]

Did you ask them to restore from backup? You should have back ups if you are hosting with them.

[NatalieMojoHost]

Quote:

Originally Posted by j3rkules

Did you ask them to restore from backup? You should have back ups if you are hosting with them.

In truth, you should have backups no matter where you host.

MojoHost takes support to a higher level as with our managed solutions we would help you work out the problem. This said, we're also not programmers, our team is made up of systems administrators - so to weed out the root of the problem you do have to review your WordPress setup and find how they got in.

[k0nr4d]

Quote:

Originally Posted by brassmonkey

i have never had a wordpress copy hacked ever! there are huge news stations that use it all over the freaking world with no issues. it's either a plugin or theme

WP is pretty ok now. A few years ago less so, but again this is base wp we're talking about. It's always the plugins at fault nowadays.

[Klen]

Quote:

Originally Posted by NatalieMojoHost

In truth, you should have backups no matter where you host.

MojoHost takes support to a higher level as with our managed solutions we would help you work out the problem. This said, we're also not programmers, our team is made up of systems administrators - so to weed out the root of the problem you do have to review your WordPress setup and find how they got in.

I was originally system administrator before and as system administrator it is possible to configure system to be safe even when script have a vulnerability . So for example, one of good security practices is following : dont use wordpress

[ryanservergeekk]

Pamon,

>all they say is we manage the servers not the sites.

We did say this, but we do not decline helping clients with website.

And in same reply from us, I asked for more details so that we could further assist.

We wait your reply since before you made this post and there are backups to be restored if you need them.

Look forward to your reply to our ticket and hopefully a more positive outlook on M3 in future.

[ryanservergeekk]

Quote:

Originally Posted by k0nr4d

I don't really see why you are upset at m3server. Wordpress itself is not insecure as long as you keep it up to date, but often the plugins/extensions people use because they treat wordpress like some magical swiss army knife. It's a blog script, it's not an online store, a tube, a cam script and everything all in one.

It's not your server that got hacked, it's your wordpress installation. You are hiring m3server as managed hosting. They are there to manage your server, not to maintain your websites as you wrote. They are not programmers, and they don't do penetration testing of web applications. They are server admins.

What were you expecting them to do? The most they can do is restore from backup, but at this point it's not even people hacking wordpress sites - it's just bots. Without patching the hole, it would just get hacked again in a couple of days at most.

The exact same thing would have happened hosting anywhere else. If it hasn't happened at hawkhost, it's either because you aren't using the same plugins or versions of plugins on those sites and don't have the security hole, or you are just lucky and bots haven't stumbled apon your sites there yet.

What you REALLY need to do is make sure your wordpresses and plugins are up to date, and if it's still getting hacked after that hire a programmer or pentester to find the hole and patch it.

Thank you, very well said.

[brassmonkey]

Quote:

Originally Posted by ryanservergeekk

Pamon,

>all they say is we manage the servers not the sites.

We did say this, but we do not decline helping clients with website.

And in same reply from us, I asked for more details so that we could further assist.

We wait your reply since before you made this post and there are backups to be restored if you need them.

Look forward to your reply to our ticket and hopefully a more positive outlook on M3 in future.

i was trying to find your email. i knew somebody was a member here

[ryanservergeekk]

Quote:

Originally Posted by brassmonkey

i was trying to find your email. i knew somebody was a member here

Thank you for thinking to reach out to us. We really appreciate that!

[Sly]

Quote:

Originally Posted by k0nr4d

WP is pretty ok now. A few years ago less so, but again this is base wp we're talking about. It's always the plugins at fault nowadays.

WordPress is much better these days than it used to be.

If you guys have WordPress sites, they should be isolated on their own users so that if one gets hacked it does not leak over and destroy all of the other sites on the same user. We have seen this happen countless times. Separating WordPress sites onto their own users was an absolute lifesaver and how we ensure all WordPress sites are installed moving forward.

It's also absolutely crucial that you are updating WordPress, the plug-ins and the themes that you use. Any plug-in that you do not actually use should be completely removed.

[ryanservergeekk]

Quote:

Originally Posted by Sly

they should be isolated on their own users so that if one gets hacked it does not leak over and destroy all of the other sites on the same user.

You're absolutely right!

[k0nr4d]

Quote:

Originally Posted by Sly

WordPress is much better these days than it used to be.

If you guys have WordPress sites, they should be isolated on their own users so that if one gets hacked it does not leak over and destroy all of the other sites on the same user. We have seen this happen countless times. Separating WordPress sites onto their own users was an absolute lifesaver and how we ensure all WordPress sites are installed moving forward.

It's also absolutely crucial that you are updating WordPress, the plug-ins and the themes that you use. Any plug-in that you do not actually use should be completely removed.

Yep, I do the same shit, isolated onto their own VPS

[brassmonkey]

thanks to all the buzzards stabbing people in the back

[ryanservergeekk]

Anyone reading this and want to see why we are a preferred adult hosting company by many of the top adult scripts for years now?

Use special promo code below to get 75% off three months on any VPS configuration of your choice and free one year domain name registration.

https://www.m3server.com/
enter promo at checkout
PROMOCODE: GFYROCKS2019

Expires dec 31, 2019

[sarettah]

Bump fo M3.

Been a customer of M3 for around 18 years. They are rock solid when it comes to support.

I also do a lot of work on Mojo servers, again, rock solid when it comes to support.

You can't go wrong with either of them.

Heard great stuff about Sly and Vacares too but do not have any actual experience with them so I cannot personally attest to them but others here can.



.

[ryanservergeekk]

Quote:

Originally Posted by sarettah

Bump fo M3.

Been a customer of M3 for around 18 years. They are rock solid when it comes to support.

I also do a lot of work on Mojo servers, again, rock solid when it comes to support.

You can't go worng with either of them.

Heard great stuff about Sly and Vacares too but do not have any actual experience with them so I cannot personally attest to them but others here can.



.

Thank you!! I'm loving the good vibes.

[Focus]

Dont know about all wordpress stuff since i stay away from it, but as a heavy sites manager 1M a day+, Vacares is def my choice on this. Dont know bout M3 nor Mojo but i did also heard good things about them. Good luck with your adventure mate.

[CaptainHowdy]

Quote:

Originally Posted by sarettah

Bump fo M3.

Been a customer of M3 for around 18 years. They are rock solid when it comes to support.

I also do a lot of work on Mojo servers, again, rock solid when it comes to support.

You can't go wrong with either of them.

Heard great stuff about Sly and Vacares too but do not have any actual experience with them so I cannot personally attest to them but others here can.



.

sarettah has spoken.

[brassmonkey]

Quote:

Originally Posted by Focus

Dont know about all wordpress stuff since i stay away from it, but as a heavy sites manager 1M a day+, Vacares is def my choice on this. Dont know bout M3 nor Mojo but i did also heard good things about them. Good luck with your adventure mate.

who gives a shit what you think??

[incredibleworkethic]

Quote:

Originally Posted by brassmonkey

i have never had a wordpress copy hacked ever! there are huge news stations that use it all over the freaking world with no issues. it's either a plugin or theme

Same. I'm running a site with over 20k uniques a day. But then again who knows which plugins are making the site vulnerable, if that's true. Open ended answer. Try another host if you need to.

[brassmonkey]

Quote:

Originally Posted by incredibleworkethic

Same. I'm running a site with over 20k uniques a day. But then again who knows which plugins are making the site vulnerable, if that's true. Open ended answer. Try another host if you need to.

he's at m3 stop already