Results 1 to 12 of 12
  1. #1
    Junior Member
    Join Date
    Dec 2004
    Posts
    5

    Hostgator and their poor security

    Hi, everybody!
    I was working as a DB Admin & Webmaster on a site that is hosted by hostgator. I found a big security hole on their (hostgator's) server and I could view and copy everything from their's server. I sent a letter to support and told them that if they give me a free hosting account I will tell them where that security hole is.
    Instead of saying "ok" or "no, we can't give you such a reward" they suspended my boss's account and accused me by blackmail. As a result of account suspendation my boss dismissed me from the job. Now I am without of a job because their security is poor.
    I tried to write about that on another forum but they sims to have a deal and everithing I writed about hostgator on that server was removed from the forum. And now I understand why there is writen only good things about hostgator.
    So what can you suggest to me? What could do now? I also want to buy a host. What is the best host for a resonable price?

    Thanks!

  2. #2
    Junior Member
    Join Date
    Apr 2004
    Posts
    20
    Hi,

    It looks like blackmail, you asking for a reward to tell them the secuirty hole If they said no, they in risk to do bad thing to their server, I understand that you are good person, but as hosting business owner I can not take any risk.

    and for that the suspension of account is normal re-action, and for me I'd terminate the account not just suspend it.

    I'm sorry for you but you sent wrong message and hostgator did their job.

  3. #3
    Junior Member
    Join Date
    Dec 2004
    Posts
    5
    Quote Originally Posted by 2mhost.com
    Hi,

    It looks like blackmail, you asking for a reward to tell them the secuirty hole If they said no, they in risk to do bad thing to their server, I understand that you are good person, but as hosting business owner I can not take any risk.

    and for that the suspension of account is normal re-action, and for me I'd terminate the account not just suspend it.

    I'm sorry for you but you sent wrong message and hostgator did their job.
    So as you say - I am obligated to tell them where the hole is?
    They could better give me a free account and they could fix the hole.
    And I think you missunderstand the meaning of blackmail. If I see that there is a broken window on your house and I tell you that I saw that broken window but do not tell wich window and I say that I can tell you where the broken window is but I want $1 dollar fo this, is this blackmail????

  4. #4
    Registered User
    Join Date
    Dec 2004
    Posts
    1

    hostgator doesn't deal with terrorists

    "I could sell that info on internet and put some money in my
    pocket but I thought it would not be nice for you. So I thought
    that it would be better if we will cooperate. I can tell you where
    the hole is for a reward." This is what he sent us.

    The only security issue on the server was him. He was actively trying to
    hack the box uploading php shell scripts etc. We had open base directory
    disabled for his site, and rather than it being used for good it was used to
    gain further access on the server. (The very reason we have it on)

    If he was able to view any important information I'm sure the box would have
    been hacked by now. The truth is there was no security exploit he gave up on trying to hack the box and got a little useless information / tried blackmailing us into giving him what he wanted.

  5. #5
    Junior Member
    Join Date
    Dec 2004
    Posts
    5
    Quote Originally Posted by hostgator
    "I could sell that info on internet and put some money in my
    pocket but I thought it would not be nice for you. So I thought
    that it would be better if we will cooperate. I can tell you where
    the hole is for a reward." This is what he sent us.

    The only security issue on the server was him. He was actively trying to
    hack the box uploading php shell scripts etc. We had open base directory
    disabled for his site, and rather than it being used for good it was used to
    gain further access on the server. (The very reason we have it on)

    If he was able to view any important information I'm sure the box would have
    been hacked by now. The truth is there was no security exploit he gave up on trying to hack the box and got a little useless information / tried blackmailing us into giving him what he wanted.
    Hah... ok... I will publish all the information I gothered from you on the internet and you will see how useless is that information. By the way: and user's files and content of databases, and the content of your databases with all your users, user types, bills and...... and so on.... I will see how happy will be your clients then and how many clients will you have after that.
    If your mind is too short to understand that I was trying to cooperate with you then you will see what means a real blackmail. But not... that will not be blackmail too. I will just publish it. I DO NOT NEED ANYTHING FROM YOU!.

    Have a nice business, hostgator.

  6. #6
    1PlanHost
    Guest
    It sure looks like blackmail to me. Or better yet, extortion. Either way what you are threatening is highly illegal. I am no lawyer but I would be very surprised if Host Gator lawyers don't jump all over this extortion tactic of yours. Host Gator is a fine company and is known for running a quality business. Your attempts to extort money or credit from them is wrong, plain and simple and I applaud them for the manner in which they are handling this.

  7. #7
    Registered User
    Join Date
    Nov 2003
    Posts
    11
    Hey! 2 thumbs up for Hostgator The way they handled the situation was professional, and I also vote for the Blackmail thing. Yeab, AaZman, your mail to hostGator is genuine Blackmail....
    Jilly and Puppy are forever!

  8. #8
    Junior Member
    Join Date
    Dec 2004
    Posts
    5
    What is wrong with you all??? You do not know what is blackmail but you all talking about it....
    Imagine that you buy a safe and I find a hole in that safe (just find it, I'm not making this hole). And I tell you that I found a hole in your safe and somebody could take everything from it, and I can tell you where the hole is for $1 (I do not tell you to give me $1 or otherwise I will take everything from safe). So if you want me to tell you where the hole is you give me $1 otherwhise you serch for your hole for yourself and I do not touch you. IS THIS BLACKMAIL? It's more a service for service but not blackmail, don't you think so?
    And I asked not for money, just for a free account, this would not cost them anything. If I had a hosting company and somebody would find a security hole on my server I would give a free account. But not hostgator. They think that they know, but they still do not realy know where the hole is..
    Last edited by AaZmaN; 12-14-2004 at 03:53 AM.

  9. #9
    Quote Originally Posted by AaZmaN
    What is wrong with you all??? You do not know what is blackmail but you all talking about it....
    Imagine that you buy a safe and I find a hole in that safe (just find it, I'm not making this hole). And I tell you that I found a hole in your safe and somebody could take everything from it, and I can tell you where the hole is for $1 (I do not tell you to give me $1 or otherwise I will take everything from safe). So if you want me to tell you where the hole is you give me $1 otherwhise you serch for your hole for yourself and I do not touch you. IS THIS BLACKMAIL? It's more a service for service but not blackmail, don't you think so?
    And I asked not for money, just for a free account, this would not cost them anything. If I had a hosting company and somebody would find a security hole on my server I would give a free account. But not hostgator. They think that they know, but they still do not realy know where the hole is..
    If who can find the hole, get the safe free.
    Snow ball's rolling, other hacker will keep looking for a hole in other safe for the reward. Hope you understand this
    Travel guide the ultimate world travel guide

  10. #10
    1PlanHost
    Guest
    According to dictionary.com

    blackmail

    1. Extortion of money or something else of value from a person by the threat of exposing a criminal act or discreditable information.
    Something of value extorted in this manner.
    2. Tribute formerly paid to freebooters along the Scottish border for protection from pillage.

    Either definition sounds appropriate in this situation.

  11. #11
    Junior Member
    Join Date
    Dec 2004
    Posts
    5
    Humm.... I think I have just learned a fery useful lesson....
    If I find a open to everybody security hole on a host I will not tell to hosting stuff anything. I will just sell that info to somebody on the internet. And I should do exactly the same with hostgator.
    Yeah... I will do so in the future.

    There is a say in my country. I don't know the english version but it is something like "If you try to help somebody - be careful, you may be hurt".

  12. #12
    Registered User
    Join Date
    Apr 2011
    Posts
    3
    well i think otherwise ... Help should not be mixed with job/contract. Helping someone and asking for a reward dosnt make you great so if you can help someone then just do it and dont expect any reward. In your case, there are chances that if Hostgator or any other company realize your capabilities and technical brilliance then they might hire you for their support.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

  Find Web Hosting      
  Shared Web Hosting UNIX & Linux Web Hosting Windows Web Hosting Adult Web Hosting
  ASP ASP.NET Web Hosting Reseller Web Hosting VPS Web Hosting Managed Web Hosting
  Cloud Web Hosting Dedicated Server E-commerce Web Hosting Cheap Web Hosting


Premium Partners:



Visit forums.thewebhostbiz.com: to discuss the web hosting business, buy and sell websites and domain names, and discuss current web hosting tools and software.