New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Kudo Hosting - not much support
Minor moan about Kudo.
Recently my cpanel was compromised, and everything deleted. The compromise didnt happen locally, and my password was reasonably strong (4 random words). So I dont know how they got in.
Kudo have done nothing more than to confirm it was not them and nothing in terms of investigation, even a cursory look at the logs on by behalf.
I pay peanuts for the slice, so I understand that they cant hand hold this noob through the basics, however i hoped they would be a bit more interested in a security breach..
Comments
If it's unmanaged hosting, this is all you get. Check your log files for strange stuff.
4 random words is a weak password. A good password is complete gibberish. (ex dgsd$%SF@the!f)3r5WGSDF#@T-_end_0_3%rqwtfgasr_is_ter%$uhjsdaf_nigh )
And, no, it was an unmanaged service (assuming that since you pay "peanuts"). The fault is on you and they are not responsible for your security breach.
4 random words - secure-passwords-are-best
Did you use 2FA in cPanel Dashboard? Did you disable root user? Did you set up SSH key? Have you checked your logs? Was it a website that was compromised which led to server compromise?
As @deank says random passwords are complete gibberish and can’t be pronounced as anything.
I use a mix of Asian languages translated into English spelling based on pronunciation (along with numbers and symbols if course). Easy on the mind and should be quite secure since the language is likely gibberish to many attackers.
Let me put this in a way that everyone who was not brought up thinking the world and everyone in it owes them something reads your post:
So you accidentally shit yourself in their front room and just stared at them expecting them to at least give you a hand cleaning it up and finding out what caused your trouser accident and then you publicly complain about it when they don't despite the fact they have the decency to move you to a clean room and charge you nothing extra for their time?
I know that's harsh, I don't mean to offend you personally.
There is no but.
Nice shit analogy, Randers
It's not harsh, but it's inaccurate, childish and intended offend. Thanks for adding to the thread.
4 random words is not a weak password..
More here, if you are interested.
https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/458857/Password_guidance_-_simplifying_your_approach.pdf
In terms of the compromise, it's not yet possible to say what happened. It might be me, it might be them. My point was, they are not interested in finding out.
Sure they are not interested, because you bought an unmanaged service with them
OK then, how is this, I will just say this like the other 8 people and ignore everything else in the OP:
4 random works is not a good password.
feels like progress.
In unmanaged server If they got a lot of client in 1 server and only you got hacked then provider will ignore you... If their server really got compromised/hacked it will impact to a lot of client on that server not just you unless you are very special that people will hack 1 server only to hack your sites and ignore other sites and client on same server.
4 words is a weak password if it is based on dictionary. Also are you sure you never used that same words on different website ? Are you sure your website doesn't have any security hole (outdated script, plugins, theme etc)?
They seemed great for the first month but I regret using their service. I have 2 VPS and they are constantly down. I am trying to recoup unused time and move away from their services. Will see if they will help out.