+ Reply to Thread
Page 1 of 2 1 2 LastLast
Results 1 to 15 of 22

Thread: Servage - Awful Security

  1. #1
    Registered Member
    My recent posts put me 3335th (-50)
    norbie is on a distinguished road

    Servage - Awful Security

    Here is a support ticket I just submitted on my Servage account:

    Quote Originally Posted by 2008-10-21 22:19
    Customer

    Subject: Major Security Issue

    Hi,

    I just went to open phpmyadmin to look at some data in one of my mysql databases and I was presented with this:

    http://img.photobucket.com/albums/v4...phpmyadmin.jpg
    http://img.photobucket.com/albums/v4...hpmyadmin2.jpg

    As you can see, this gives me full access to other customers' databases.

    I am also unable to access my own databases.

    Please can you explain why there is a massive security flaw here? I seriously hope that my data is more secure than these other poor sods.
    Quote Originally Posted by 2008-10-22 00:30
    Support - Mark
    Hello Andrew,

    Thank you for submitting ticket.

    Please provide us the exact database name for which you are facing problem. In order to further investigate and assist you in a better way.

    Kind Regards
    Mark, Support
    Servage Hosting
    *Sigh*.
    Attached Images

  2. #2
    935 Posts
    I am a registered host on this forum.
    DediPower Managed Hosting Limited
    My recent posts put me 27th (-9)
    Schumie is on a distinguished road
    LOL... out of interest, can you actually see the data in the DB's, or just the database names in the drop down list?

    IIRC with phpMyAdmin, this is one of the configurable things to show all databases or not off the top of my head (or it used to be ~5 years ago... a lot has changed since then I know!)

  3. #3
    4557 Posts
    I am a registered host on this forum.
    Freethought Internet Limited
    My recent posts put me 1st
    Ed-Freethought is on a distinguished road
    at least you need to authenticate to get PHPMyAdmin - I just tried the URL to be cheeky but it wouldn't let me in without logging in
    Now THAT would be one hell of a security flaw!
    Freethought Internet Limited - Hosting, Servers and Connectivity
    Freethought Internet Limited registered in London No. 5862996. Registered office: The Old Church Hall, 2A Cromwell Street, Lincoln, LN2 5LP. VAT number GB 987 0952 66.
    Powercore Networks is a trading name of Freethought Internet Limited.

  4. #4
    Registered Member
    My recent posts put me 3335th (-50)
    norbie is on a distinguished road
    Quote Originally Posted by Schumie View Post
    LOL... out of interest, can you actually see the data in the DB's, or just the database names in the drop down list?

    IIRC with phpMyAdmin, this is one of the configurable things to show all databases or not off the top of my head (or it used to be ~5 years ago... a lot has changed since then I know!)
    Yes I can see all the data, and change it if I wanted to (See the second screenshot).

    This has happened once before - for some reason the authentication allows me to see other people's databases (which of course I shouldn't be able to do).

    It's quite annoying really as I can't see my databases (And I wonder who can!)

    Quote Originally Posted by freethought View Post
    at least you need to authenticate to get PHPMyAdmin - I just tried the URL to be cheeky but it wouldn't let me in without logging in
    Now THAT would be one hell of a security flaw!
    Haha, yes that would be even more amazing.

  5. #5
    2517 Posts
    I am a registered host on this forum.
    Mooharr
    My recent posts put me 32nd (-6)
    JamesSykes is on a distinguished road
    Would it be illegal to sign up to servage and wipe everyone's databases?
    Mooharr
    E-Mail Hosting Services

    These are not my views and i cannot be held accountable for anything he says.

  6. #6
    2517 Posts
    I am a registered host on this forum.
    Mooharr
    My recent posts put me 32nd (-6)
    JamesSykes is on a distinguished road
    OH THIS IS PURE COMEDY :

    Customer Survey


    "At this exact moment we host 179994 websites."
    Mooharr
    E-Mail Hosting Services

    These are not my views and i cannot be held accountable for anything he says.

  7. #7
    3901 Posts
    I am a registered host on this forum.
    INX-Network LTD
    My recent posts put me 24th (-15)
    [inx]Olly is on a distinguished road
    I might be wrong, but that kind of reply tends to be from an Indian / outsourced support person.

    If it's not, and it was one of my staff, I'd be firing a rocket up their arse!!
    Oliver Warburton
    INX-Network Ltd.

    Join us on Facebook
    INX game servers

    Add me on LinkedIn

    Need help with SEO? Drop me an email
    These are not the views of a company director. These are strictly my personal views.

  8. #8
    1071 Posts
    I am a registered host on this forum.
    Data Republic Ltd
    My recent posts put me 69th (-35)
    - Tim is on a distinguished road
    Indeed they haven't actually read the guys ticket, there do seem to be a fair few issues with servage on this sort of thing, I am sure I read some threads about it on wht.

  9. #9
    444 Posts
    I am a registered host on this forum.
    Europhase UK
    My recent posts put me 54th (-7)
    ThomasC is on a distinguished road
    Quote Originally Posted by JamesSykes View Post
    "At this exact moment we host 179994 websites."
    I also noticed that but I found it more interesting to read all about "ServageOS"

  10. #10
    917 Posts
    I am a registered host on this forum.
    Othello Technology Systems Ltd
    My recent posts put me 214th (+7781)
    BurtyB is an unknown quantity at this point
    Quote Originally Posted by JamesSykes View Post
    "At this exact moment we host 179994 websites."
    I guess that's about right looking at the domains they have on their DNS servers.

    ChrisB.
    Chris Burton Othello Technology Systems Ltd AS29527 Company#03894981 VAT#GB-782561410 Tel:0871 277 6875
    consultancy - domains - email forwarding - resellers - ecommerce - colo - rackspace - ip transit - secondary mx/dns - dedicated servers - backup/DR
    * OthelloHosts.net Linux and Windows High-Availability Professional Email / Web / Secure Hosting
    * OthelloVPS.net Managed Xen Enterprise Virtual Private Servers and Dedicated Servers
    Views expressed in this post are my own and not Othello Technology Systems Ltd.

  11. #11
    5296 Posts
    I am a registered host on this forum.
    Serverstream Ltd
    My recent posts put me 28th (-11)
    JamieBeeston is on a distinguished road
    DNS serve != Host
    Register1.net
    .co £17.99
    .com .net .org .uk £5.48
    Premium UK Virtual Hosting from £16 a year
    Quad Core 2.66Ghz 1GB 2TB 250GB Xeon Servers from £49
    Company reg: 04186664 VAT reg: GB 815 5899 88
    [Any views expressed on this forum are my own, and may not represent the views of any organisation that I own or am connected with.]

  12. #12
    Registered Member
    My recent posts put me 3319th (-50)
    ms2134 is on a distinguished road
    Quote Originally Posted by JamesSykes View Post
    Would it be illegal to sign up to servage and wipe everyone's databases?

    , The screen shot's ... !!! DAMM!..

    It is yet another issue that has been brought to attention. I wonder what other issues they may have at their end...

    As with, what i have quoted...

    It may be illegal, but sure would be funny to make a complete backup, then clear them all and go to Severage, and ask them if they would like to purchase them back or go to the Media and show them up...

    ~ Mike
    Corporate Internet Solutions
    Registered reseller for Liquidnet (Registration No. 4654498)

  13. #13
    Registered Member
    My recent posts put me 3335th (-50)
    norbie is on a distinguished road
    Quote Originally Posted by 2008-10-23 12:09
    Customer
    Did you even read my ticket?

    Did you see the subject which read - MAJOR SECURITY ISSUE?

    You are an extremely disappointing host. I cannot believe how bad you have become.
    Quote Originally Posted by 2008-10-23 12:14
    Support - John
    Hello Andrew,

    I have checked access to the databases' phpMyAdmin from your control panel by could not replicate the issue as shown in the jpg file.

    Suggest you clear your browser's cache and check again.

    Thanks.

    Kind Regards
    John, Support
    Servage Hosting
    The problem appears to be fixed now, but it will happen again as they didn't actually resolve anything - it resolved itself.

    They just don't seem to understand how serious it was. Imagine if it was an e-commerce site database or something.

  14. #14
    Registered Member
    My recent posts put me 3335th (-50)
    norbie is on a distinguished road
    Ignore that. I get another database server with full access to someone else's database now.
    Attached Images

  15. #15
    1440 Posts
    I am a registered host on this forum.
    aTech Media
    My recent posts put me 18th (+7)
    AdamC is on a distinguished road
    I hope you already in the process of moving hosts then. I'd suggest the requests forum on here is the best place to start if you haven't already.
    Adam Cooke
    aTech Media - UK Ruby on Rails development specialists
    Codebase - a full source control hosting solution for Git, Mercurial & Subversion
    Point - really easy and attractive FREE DNS hosting

    Company Registration Number: 5523199 VAT Registration Number: GB 868 861 560
    All views expressed in my posts are my own and not those of aTech Media Limited.

+ Reply to Thread
Page 1 of 2 1 2 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

     

Similar Threads

  1. Servage - a lost cause?
    By ezhost in forum Discuss a hosting company
    Replies: 3
    Last Post: 1st May 2010, 10:31 PM
  2. Replies: 0
    Last Post: 2nd February 2006, 12:06 AM
  3. Servage
    By cah in forum Discuss a hosting company
    Replies: 6
    Last Post: 17th January 2006, 07:07 PM
  4. Servage
    By cah in forum Internet Service Providers
    Replies: 1
    Last Post: 17th January 2006, 03:24 PM
  5. Awful jokes and puns ...
    By othelloRob in forum General Chit Chat & Discussion
    Replies: 0
    Last Post: 28th December 2002, 12:57 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Content Relevant URLs by vBSEO 3.5.0 RC2