Bluetrait

Okay I thought I should update everyone on the security problem that happened yesterday.

BACKGROUND: My main Windows shared hosted server was hacked into yesterday and a user gained full admin access over the system. All ftp accounts were shutdown because of this.

UPDATE: A cgi file was uploaded to the server via access to an ftp account. This file contained a script that created a user account on the computer with full admin access. The reason that this script was able to create this account was that apache was running as "SYSTEM" which as full admin rights over the computer.

The user who gained access was then able to login to the computer via Remote Desktop.

Thankfully the hacker had no "real" ill intent, logged off and let me know of the problem.

Although as a precaution all ftp accounts were locked and the system was checked for other possible files that could cause damage.

Apache is no logger running as "SYSTEM" but all ftp accounts are still locked. If you require access to your files via ftp you must email me for your account to be unlocked.

Because of this security issue I have decided to rethink the way this shared hosting works. An update on this will be available within the next two weeks.

I am sorry for the slower than normal update but I have been very with uni + work and only got a chance to look at the server today.

NOTE: No files have been damaged and the system is once again secure.