DNN Forums

Ask questions about your website to get help learning DNN and help resolve issues.

Leading DNN Hosting Site Down

Sort:
You are not authorized to post a reply.
Page 2 of 6 << < 12345 > >>





Veteran Member





    To be honest I think this could happen to any provider / hosting environment and although it takes quite long, their only viable option was to block all external access I think..
    If you have backups, you could move away from Managed, but they are not the first hoster that has this issue.
    If you want to offer your clients more security, you could backup your sites to another hosters network and make sur you can switch to that server when something like this happens. But it also means you need to make sure you have your domain registration / DNS somewhere else. In theory you could do the same for email, but that's also a bit of work, having backup servers for both site and email.

    But in my experience, most clients don't want to pay extra for such an insurance, but they do complain / leave if their website is down..

     

     

     






    New Around Here





      John,

      Managed.com has an excellent reputation for support and I can attest to that having been with them for years. Moreover, they are now backed by a billion dollar company known as Deluxe (the check printing guys). Rest assured they are probably working as hard as they can on the problem and hopefully have brought in outside experts to help solve the problem. Based on the fact it's been down several days now, they most likely did not pay a ransom and/or they partially prevented a ransom situation and are having to cleanup the damage left behind from its remnants. That's my guess or opinion.

      Ransomware attacks are raging around the world right now, with no end in sight. Anyone and everyone can fall victim to it. In fact, one of my clients is now the largest security awareness training outfit in the world due largely to phishing or social engineering tactics used by hackers. Humans are the weakest link in cybersecurity chain and it's most likely one of their engineers clicked on a link that embedded the code necessary to bring down their system or one of their clients with a dedicated non-virtualized server came under attack, which in turn attacked their network. Again, only a guess or my opinion.

      Anyway, we can only hope Managed.com has learned from this and can take preventive action from allowing it to occur again in the future. 






      New Around Here





        I too am completely down and they won't tell us anything substantial.  Many many sites down and tools inaccessible for clients.  I've used Managed (powerdnn) for years and chose them for their dependability.  While you paid more you got more.  That is not the case right now.  I understand them needing some time in the first 24 to 36 hours to get a grasp on things, but the fact they have gone completely silent at this point is really concerning and beyond disappointing.   

        I'm blown away with the lack of communication for loyal customers (8+ years for me).  Needless to say clients are flipping out and we have nothing to go off of.  This should be fun day.  Not good. 






        New Around Here





          In the same boat here for multiple client sites that I need to get back up somehwere at least until this is resolved. Any reccomendations on alternative hosts?






          New Around Here





            Timo and Will - I agree with both comments. I believe them too.
            I have referred dozens of contacts to Managed.com because I value their service.

            Mike Richards put it perfectly, "I'm blown away with the lack of communication for loyal customers."
            Moving forward I need to keep as many clients as I can.
            To do that, I need information (even their best guess).
            For some clients, I have to have a site up in 24 or 48 hours, or their gone.
            Other clients can wait longer. No one can wait months.
            If it is going to be many days or weeks - let me know so I can plan accordingly.
            When A2 Hosting got hit - I believe it was two months to recover.
            Please Managed.com, let us know some kind of estimate!





            Veteran Member





              Stay calm, if that is possible. This may not be the end of the world, but some of us will be hurt badly by this.

              In the meantime, think about what you can do to protect yourself in the future. Chances are, you'll be hit again, or your hosting provider will be hit.

              At the moment, the best protection would be regular off-site backups. Rolling daily backups. They will at least provide you with a way to move forward.

              Educate yourself about disaster recovery and business continuity. Depending on the impact of this kind of outage and the resources at your disposal, there really are options available. Some are cheap, some are affordable, and some are quite expensive. Figure out what you need to do to protect yourself. Then do it. And test it!

              I'm not sure that it's time to shoot or blame the victim. And Managed.com is a victim. A very large and visible victim.

              And, to be sure, they have not done the communications part well, either. But ... put yourself in their shoes and picture yourself trying to do better.

              For those who are fortunate and have off-site backups of their sites, there are alternative hosting providers. If you contact them, expect them to be be harried, too. They are getting lots of inquiries.
              Joe Craig
              DNN MVP
              Patapsco Research Group





              Veteran Member





                As I am a victim too, I feel your pain. I can not take that pain away but I can give you input that might help you with your customers:
                1. This scenario will hit any provider. No exceptions. Although it takes long, managed.com is one of the biggest hosting providers around (source zdnet) and if there are people with great skills. You have a better change with them than anywhere else.
                2. As my IT forensics explained: this is quite an advanced attack. If you manage to infect sites on 3 continents (USA, Europe and Australia that we know of), you know what you're doing. And as the bad guys/girls have been planning this, they are ahead of us. We need to assess the magnitude, neutralize the software, find the vulnerability, fix teh vulnerability, revive all systems. That is by no means a 1-day job.
                3.The fact that your website is down, does not mean you have been infected/hacked. It means you are a victim of a lockdown. The accurate assessment can start when all is free to access.
                4. The lockdown is terrible but the right call. I have been working in the past for CEO's/MD's that were in denial. Saying "we're working on it", hoping the engineers would solve the problem faster than the malware spread. That in fact made the problem bigger than necessary. The call made by managed.com puts security first. It shows leadership to make this call. Any other decision would haven been incorrect.
                5. The lack of communication is indeed terrible. My guess is that this is an order from the law enforcement, they are working with. In a hostage situation your first priority is to get the hostage back, alive. In this case it means trying to neutralize the ransomware happens parallel to the negotiations. Any information (that would absolutely be published on this forum/facebook/twitter) harms the negotiation.
                6. My lesson is to create an extra layer of backups. I already had daily/weekly backups for quick restore. There already was disaster recovery in case you can not trust your code anymore. And I test these scenarios yearly. But what I was not aware of, was the fact that even the disaster backups are not available. Even if they are offsite, some management tool within the managed.com infrastructure is needed to download them. So, I will start a subscription at Azure to store my backups. The costs are less than 28 USD per month for storage (if I used the calculator corrctly)

                My first reaction was: 'I hired you to prevent this'. Or 'I hired you to fix this asap'. But in reality, it is a very hard wake up call that I should have created backups elsewhere. This will happen again. At any hoster. If you have 1000 customers, running 10 sites on average, you only need 1 portal to bring the house down.
                Managed.com has seperation of servers, seperation of application pools, firewalls...everything right. And still, they are in this current position.

                I hope you find something in here that helps you keeping your clients.
                Tjep's digital agencyRegards,
                Tycho de Waard

                Tjep's digital agency
                We just love DNN
                https://www.tjeps.com





                New Around Here





                  Thank you Tycho and Joe - I will use those comments in communicating with my clients.
                  And I never thought about #5 - perhaps that is what is going on.
                  And I absolutely will use external backups from now on.
                  Also - I think I'll split hosting between managed.com and DNN4Less. Not putting all eggs in one basket as it were.
                  Lesson Learned.
                  Thanks again.





                  Veteran Member





                    FYI, in case you are setting up temporary websites as a fallback until this is all over, a small SEO tip:
                    https://dnncommunity.org/...he-root-of-your-site






                    Veteran Member





                      I think that a site of mine at managed is UP!!*********************
                      Joe Craig
                      DNN MVP
                      Patapsco Research Group
                      You are not authorized to post a reply.
                      Page 2 of 6 << < 12345 > >>

                      These Forums are dedicated to the discussion of DNN Platform.

                      For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

                      1. If you have (suspected) security issues, please DO NOT post them in the forums but instead follow the official DNN security policy
                      2. No Advertising. This includes the promotion of commercial and non-commercial products or services which are not directly related to DNN.
                      3. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
                      4. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
                      5. No Flaming or Trolling.
                      6. No Profanity, Racism, or Prejudice.
                      7. Site Moderators have the final word on approving / removing a thread or post or comment.
                      8. English language posting only, please.

                      Would you like to help us?

                      Awesome! Simply post in the forums using the link below and we'll get you started.

                      Get Involved