hostedfx

In the past week there have been issues on several servers which point back to TopSites installations. TopSites is a popular site ranking script which you may be familiar with.

The problem we see is that many different IPs (most are hijacked PCs located in Turkey, used as bot networks) are hammering these TopSites directories, acting as mini DoS attacks against those servers. The last security advisory for TopSites was last year, but apparently it remains unpatched. This does not give us much faith in the developers - it could have been fixed a long time ago, then we would not be dealing with this problem now.

The bottomline is that we are forced to disable the affected directories as we find them. We do recommend replacing this script with a similar one. We are likely disabling TopSites in all Fantastico panels.

Unfortunately we have been having some downtime issues over the last 24 hours due to several DOS attacks. Be assured that we are working on stopping and preventing this from happening in the future.

We have been constantly monitoring the apache status of the server and could find that there is contact attack and heavy apache access from many IPs. The main problem is that the access IPs keep on changing. Due to this, we are now configuring our Brute Force Detection software in order to prevent any further attacks. Furthermore we have enabled Mod_Dosevasive in order to prevent this.

We thank you for your patience during this time, be assured that we at HostedFX are determined to deliver the best service to our customers at all times. We will always do everything within our power to ensure maximum performance and reliability.

Hello all,

Google’s new ‘Code Search‘ system has been finding a number of zip files uploaded on various customers’ sites and publishing the script contents, including sensitive data.

Please, do not leave your zip/tar.gz files or site backups in a web-accessible location!

Place them in password protected directories only.