HACKED! Trials of self hosting

Okay folks, for the last two days my domain www.sumitmaitra.com was hacked and was showing a hackers’ page!  As soon as I found out I redirected my domain to this blog instead of the hacked name servers of dotnet-host.

Before I go into lessons learnt if you are still having trouble with the hacked site content, try to log in to your panel at http://panel.dotnet-host.com/. The forgot password was also working till yesterday.

Delete all the Index.php, Index.chm, Default.asp, Default.html, Index.html and Index.chm files. These were injected by the Hacker. I tried it but before I could see the results my name server change kicked in so I can’t vouch it works but most people have been able to restore their sited by deleting these files recursively off every folder.

Multiple lessons learnt

1. For all my love for Scott Hanselman, I should set the default home page of my favorite browser to my site. Sorry Scott, nothing personal, you are still my fav tech blogger! Basically keep an eye on your site. I dropped the ball for two full days (facepalm).

2. When a hosting provider is giving a deal that’s too good to be true, it might just be so! I think I was paying $4 per month. It was an awesome deal and I paid for the whole year in advance! Doesn’t look like my provider will last till the end of the year! Next time on, I am trying out a provider for a month before I put more money into them. There were some feelers I got about the amateurish-ness of www.dotnet-host.com but hey it was a suggested site from www.asp.net so I just went with it. I think dotnet-host cancelled monthly subscriptions but I don’t think anyone heard of reversal of yearly subscriptions pro-rated!

3. Things to look out for

- Are they sending you passwords in plain text?

I cringed when they sent me the password in plain-text via email, but by then I had paid them for the year, so thought heck go with it. Didn’t work out well.

- Do they have a good admin console?

Their admin console was very amateurish, functional but amateurish. GoDaddy.com on the other hand is a over done pile to junk! Need something in the middle but better be on overdone side than underdone and amateurish.

- SQL Server access

Their SQL Server access gave me access through Management Studio. Though an awesome feature this is one less layer of security. So be warned. However if you are able to see every other database on the server then your alarm bells should be ringing loud and jangling!!! I had a screen shot of this and I wanted to send it to them but never did! My bad, if you see something like that, raise hell!

4. If you are doing any serious hosting don’t be cheap look around and be safe. I wanted a place to host my .net code and play around. My home page was actually a pass-through to this blog. In other words it was non-critical hosting. I probably lost some SEO points and looks silly to people who visited my URL in the last two days (sorry folks from LinkedIn). My sample apps on a subdomain are still working. Now I gotta find a new provider and move them.

UPDATE:

5. Having domain registrars different from hosting providers help! Make it a policy if you can.

In case of the dotnet-host fiasco, my domain registrar was different from dotnet-host so I was quickly able to change the name server and forward my domain to this blog through my domain registrar (took about an hour to propagate).

6. If the hosting provider is so thoroughly hacked rest assured your credit-card info and passwords are NOT safe anymore. Take precautions as required.

That was my first ‘getting hacked’ experience, not a nice feeling!

Stay alert and stay safe folks!

Changes are coming!!!

Dear readers, some exciting changes are coming to www.sumitmaitra.com.

Please bear with the iframe workaround for now (don’t be alarmed by the white border around the page and the double scrollbars! It is a part of the change). Those coming to my blog through wordpress.com permalinks will see no change.

The Blog a Week Challenge!

At beginning of the year, WordPress was kind enough to send me a report of my Blog’s status. The saddest part of the report was the fact that I had blogged a total of 4 times in the year. It took a while to digest and actually before I could digest it WordPress threw the Blog a Day and Blog a week challenge at all it’s bloggers.

I won’t contemplate the blog a day challenge considering I find it hard to ‘tweet a day’, but I told myself I could blog once a week. Not could I HAD to blog once a week.

Well the first month is almost over and unless I put up three more articles in the next few hours I am –3 in the first month of my blog a week challenge too! That is a shame. But I am not giving up. Proof is this filler article that’s nothing but a personal rant, a public acceptance of the challenge, it might just spur me to do better!

BTW my first article of the year wasn’t on my blog but on dotnetcurry.com. It’s a Sharepoint article. I’ve written two on dotnetcurry so far. The third one is in the works.