back to article Holy cow! Fasthosts outage blamed on DDoS hack attack AND Windows 2003 vuln

Fasthosts' five-hour collapse today has been blamed on a Distributed Denial of Service attack and a security flaw spotted on its Windows 2003 shared web server kit. The company explained the torrid morning it had suffered in an emailed statement to The Register. Earlier today, after we reported that Fasthosts had gone titsup …

  1. Stuart 22

    What happened to cheap and cheerful?

    The surprise to me is discovering Fasthosts are running Win2003 shared hosting. Whatever the merits of the Microsoft offering I had not associated it with the low cost low footprint requirement for hosting budget websites. Can 2003 really beat LAMP/LNMP for cost and loading of simple websites?

    Plus the issue and extra cost of having to employ two skill sets of support. Or have they dispensed with that luxury?

    1. melt

      Re: What happened to cheap and cheerful?

      Quite a few small business owners ask for Windows hosting - it used to be because of Frontpage. I guess Fasthosts are just responding to that gap in the market. They have Linux shared hosting too.

    2. Necronomnomnomicon

      Re: What happened to cheap and cheerful?

      What melt said. Aside from Frontpage, there'll be plenty of weird and wonderful legacy stuff. You tell the customer they need to make sure their shit works past 2003, they never reply. you move it to a modern server, it breaks, they complain that you broke their site, you move it back. Running a dodgy server open to every virus under the sun doesn't eat into your time the same way dealing with idiots who think their decade-old software should run without support forever.

      Although why fasthosts haven't VMed their server and so could just restore it from a snapshot I do not know.

    3. Spindreams

      Re: What happened to cheap and cheerful?

      As someone who runs a host that sells both Linux and Windows hosting neither is much more expensive when you take into account MS Volume Licensing which amounts to about £10/m for Windows web server licence, and then for Linux there are industry standard panels like cPanel which costs about £20/m (Yes there are also free ones I know), Windows has the excellent WebsitePanel which is free. And don't forget there are quite a few .NET websites out there that can only run on Windows servers. So the cost difference is not a lot. We even sell Windows hosting at the same price point as Linux (same spec pretty much).

      1. Hans 1

        Re: What happened to cheap and cheerful?

        @ Spindreams

        You are aware that you are taking the piss out of your customers, right ? Do you see many defections to the RedHat cloud ? Lamp comes free, with ssh access.

        1. Anonymous Coward
          Anonymous Coward

          Re: What happened to cheap and cheerful?

          "Lamp comes free"

          Only if your time and your security have no value.

    4. d3vy

      Re: What happened to cheap and cheerful?

      You'll find that for hosting asp/.net pages is really does out perform a LAMP stack :)

      As for the double skill sets... PHP MySQL etc all run happily on windows.

      And your final comment "Or have they dispensed with that luxury" from my past dealings with them its not so much a case of having dispensed with it, they never really had it in the first place.

      1. d3vy

        Re: What happened to cheap and cheerful?

        See that's who I love the comments section on here, 3 downvotes for stating a couple of facts,

        1 LAMP stack won't host asp or asp.net pages (excluding maybe using mono)

        2 the AMP part of the stack will run on windows

        3 fast hosts support is pretty poor.

        1. depicus

          Re: What happened to cheap and cheerful?

          Well d3vy you were down voted because of something other than the three - let's wonder what it might have been.

          1. Anonymous Coward
            Anonymous Coward

            Re: What happened to cheap and cheerful?

            "Well d3vy you were down voted because of something other than the three - let's wonder what it might have been."

            Presumably pointing out that a Microsoft product outperforms an Open Source one doesn't go down well here. Not exactly news in this case though. Just like .Net tends to outperform Java too.

            1. d3vy

              Re: What happened to cheap and cheerful?

              "Presumably pointing out that a Microsoft product outperforms an Open Source one doesn't go down well here. Not exactly news in this case though. Just like .Net tends to outperform Java too."

              I find that mentioning anything to do with Microsoft tends to raise a similar reaction, lets not evaluate products on their merit, lets just go with whatever we THINK is best.

              What I find funny about the whole thing is that I am a developer and have direct experience of this, I work on PHP and .Net apps and rather than maintaining 2 sets of operating systems we host the whole lot on windows (Though to be fair we are on 2008/2012) - for the reasons that I outlined earlier.

              1. DanDanDan

                Re: What happened to cheap and cheerful?

                "I find that mentioning anything to do with Microsoft tends to raise a similar reaction, lets not evaluate products on their merit, lets just go with whatever we THINK is best."

                I don't hate Microsoft for their current product lineup. I hate them for their entire history of corporate nastiness. My memory is not as short as a couple of years.

                1. d3vy

                  Re: What happened to cheap and cheerful?

                  "I don't hate Microsoft for their current product lineup. I hate them for their entire history of corporate nastiness. My memory is not as short as a couple of years."

                  Fair enough, I don't not agree with you.

                  If one of your criteria for product selection is that the company is and has always been ethical in all of its business dealings then you are right, personally that's not at the top of my list, its on there, just not at the top :)

                  I also want to point out that my statement wasn't specifically about MS, it could be applied to apple/android XBox/PS4, Nintendo/Sega.. Tesco/Asda, coke/pepsi

                  All companies are money making machines and I am fairly sure that if they thought they could get away with it most would do some fairly bad things to boost their profits.. not just MS.. Not just tech companies ANY company (Nestle being a very good example)

            2. Hans 1

              Re: What happened to cheap and cheerful?

              >Just like .Net tends to outperform Java too.

              Maybe, LOL, on what grounds ? I do not know where it outperforms and that might explain why MS is open sourcing it, right ?

              .Net is dead, Jim.

              >Presumably pointing out that a Microsoft product outperforms an Open Source one doesn't go down well here.

              I know you guyz hate facts from independent sources ... let me introduce netcraft.com ... now, guess what, Linux and FreeBSD have been outperforming Windows Server, day in, day out, consistently for almost 20 years now. Thought I would let you know.

              Besides, who is the numpty who would want to write a web page in .net ? Seriously ? I mean, JSP/JEE, AMP and the like run on all platforms ... now, why would you decide to write a web site that only runs on a platform that has been consistently under-performing for almost 20 years when you could use technology that runs on most web platforms, including Windows ? Brain dead, thought so. We moved off ASP/.Net 5 years ago for a good reason. We had a product on ASP/.Net because we bought the company.

              1. d3vy

                Re: What happened to cheap and cheerful?

                I very much disagree with you're assertion that .net is dead... Maybe it depends where you live/work but where I am in the north west there are way more .net jobs available.

                There are things that .net is better at there are things that can be achieved more easily in Java, different tasks call for different tools.

                Seriously, we are all working in IT, do we really need to have the constant fights over whos preferred technology is better? We are not children.

          2. d3vy

            Re: What happened to cheap and cheerful?

            "Well d3vy you were down voted because of something other than the three - let's wonder what it might have been."

            Is it because some commentartds are jealous of my rugged good looks? :)

        2. Anonymous Coward
          Anonymous Coward

          Re: What happened to cheap and cheerful?

          "See that's who I love the comments section on here, 3 downvotes for stating a couple of facts,

          1 LAMP stack won't host asp or asp.net pages (excluding maybe using mono)"

          Ooh, d3vy have another one on me.

          Why would you even want to try to run asp[.net] on LAMP? You'll be telling us you can't put diesel in a petrol engine next.

          You make three points and only one appears to relate to the article. whilst the remainder appear a little partisan. Do you mind if I call shill?

          Love you

          Jon

          1. Anonymous Coward
            Anonymous Coward

            Re: What happened to cheap and cheerful?

            C'mon d3vy - that DV barely scratched me. Give us your best shot.

          2. d3vy

            Re: What happened to cheap and cheerful?

            gerdesj

            Not wanting to piss on your chips, but I didn't down vote you :)

            "Why would you even want to try to run asp[.net] on LAMP? You'll be telling us you can't put diesel in a petrol engine next."

            You wouldnt, that wat the point, I was replying to the original poster who asked the question : "Can 2003 really beat LAMP/LNMP for cost and loading of simple websites?"

            My answer was: Yes, when it comes to hosting asp or .net sites windows/IIS is needed.

            At no point did I say anything disparaging about Linux or any part of the LAMP stack, I simply pointed out that yes there is a need for windows servers in a budget hosting environment.

            The second thing that the OP said was "Plus the issue and extra cost of having to employ two skill sets of support. Or have they dispensed with that luxury"

            To which I pointed out that if you really wanted to you could run ALL of it on windows and not use linux at all removing the need for the specialised knowledge.

            If you want to go back and read the OP and then my response you'll see what I mean.

        3. imaginarynumber

          Re: What happened to cheap and cheerful?

          "3 fast hosts support is pretty poor."

          3. fasthosts' support is fucking awful.

          Fixed it for you.

          Truly the worst hosting company that I have ever had the misfortune of dealing with.

          (IMO) the only thing fast about them is the zeal with which they ride roughshod over UK consumer rights.

          1. Displacement Activity

            Re: What happened to cheap and cheerful?

            Fasthosts in general: they went through a really bad time maybe 3 years ago. I signed up 2 years ago, without doing my homework. I've been running bare-metal Linux/Apache/stuff at Fasthosts ever since, with no problems that I can immediately remember. Their prices were (still are, I think) cheap, presumably because of their history. I wouldn't have a problem recommending them.

            And on LAMP security/time and money: bollox. If you don't know how to keep a Linux box secure, then you're in the wrong business, and going for Windows 2003/anything isn't going to help you. The only problem I've had in 2 years was Shellshock, which I fixed in half an hour.

    5. Anonymous Coward
      Anonymous Coward

      Re: What happened to cheap and cheerful?

      "Can 2003 really beat LAMP/LNMP for cost and loading of simple websites?"

      It's certainly a lot easier to setup, run and maintain with far fewer security patches to evaluate. It doesn't scale very well on Server 2003 though. However the current version with Server 2012 R2 seems to have addressed every angle on that and outperforms Apache in my testing on the same hardware.

  2. Paul IT
    FAIL

    Routine and Extensive Security

    "As a result of our routine and extensive security monitoring, Fasthosts today identified a vulnerability specific to part of its Windows 2003 shared web server platform."

    What do they mean by routine - once every couple of years or so - I suspect the vulnerability had been previously advertised by MS and patches made available.

  3. Anonymous Coward
    Anonymous Coward

    Fast Hosts because all the customers say QUICK LET'S GET OUT OF HERE!

  4. Josco

    It's my fault, sorry

    I moved a customer to LCN a few weeks back and they crashed and lost all Email connections and some websites.

    I moved a domain to FastHosts this weekend (for their Catch-All mail facility) and they have broken too.

    Sorry, I promise to leave well alone.

  5. Flatlander

    20.00 and still waiting

    Websites still down and this is looking to be expensive. Been with FH for about fourteen years and thought about moving but no guarantees out there.

  6. FF22

    Lazy admins

    "Fasthosts' five-hour collapse today has been blamed on a Distributed Denial of Service attack and a security flaw spotted on its Windows 2003 shared web server kit"

    So, in other words: they didn't patch their servers for who knows how long, and now that they got hacked, they are trying to put the blame on the OS, instead of assuming responsibility for their fault.

    If I'd be a customer of theirs, I'd leave ASAP. Who knows how much sensitive hosted data has been already stolen from them (which they didn't notice) also previously, because they didn't patch their servers on schedule.

    1. SolidSquid

      Re: Lazy admins

      From what the Microsoft life cycle data sheet for 2003 says, I don't think there even *are* any OS patches for it any more, and haven't been since 2009.

      Also back in 2007 they had a large chunk of their users passwords stolen because someone found a way into the server they stored them in plain text, which according to them was common practice for web hosting companies "for customer service"

      1. Anonymous Coward
        Anonymous Coward

        Re: Lazy admins

        "From what the Microsoft life cycle data sheet for 2003 says, I don't think there even *are* any OS patches for it any more, and haven't been since 2009."

        Presumably they actually mean Server 2003 R2. There was an critical Schannel vulnerability patched this month that they probably decided they had to be bothered to do something about and patched their environment up to date....

  7. IT Hack

    Bollocks

    Already been said here but

    DDOS is not DDOS when your DNS server goes tits up. Singular. Because they have no resilience built into LiveDNS.

    2003 flaw. My god...someone turned on the WSUS server.

    DDOS. Don't make me laugh.

  8. roblightbody

    Surprised that they didn't let me know my website was down

    I'm one of those affected. I'm surprised they didn't email their customers to let them know they were having problems - I haven't had a single email from them.

    I'm one of those stuck with a legacy website that I'm very glad Fasthosts continue to support, while I get it re-written. Its a not for profit site done in my spare time so its easier said than done.

  9. Hans 1

    >"and we remain committed to providing the highest possible standards of service"

    W2k3 ? Then you are not ... fact - see netcraft. Since forever, year in and year out, FreeBSD and Linux lead in reliability - undeniable fact, actually.

    Window cleaners, please finish cleaning the windows and work surfaces before down-voting, thanks.

  10. DJV Silver badge
    FAIL

    "and we remain committed to providing the highest possible standards of service"

    Ha ha, as if! They never have - this is SNAFU for FastHosts! Abandoned those useless tossers years ago (though a couple of my clients still use them).

  11. how hard can it be

    have FH lost my card details

    ok maybe I'm paranoid but the day after FH get attacked my business debit card is compromised the details of which FH hold for recurring billing

    Maybe FH customers should check their bank accounts

  12. Anonymous Coward
    Anonymous Coward

    Fasthosts 3 Days Down and still no sign of anything !

    Fasthosts shared servers are still down 3 days later! It is now Wednesday 19 November 2014 and still many of my clients sites are STILL DOWN. 3 days of business lost. I cannot even get access to retrieve my files or databases and host them elsewhere. Fasthosts are holding my files and won't give them back! and I'm paying for the privilege !

  13. PattyCummings4

    Good Article. DNS will most likely work all the time. I glimpsed into a provider called IronSocket, I tried it for several months and it worked well. I thought of posting this here. But yeah, DNS proxy would work all the time and it's getting good every year.

  14. PattyCummings4

    I learned a lot from your article and the comments too. And I thought that using a VPN would protect you online and that it's the best way to protect you online. You get to have your freedom online, feel secured, and of course you feel private. It's like being invisible to hackers. I get my VPN from IronSocket, and I pay like $4 a month. It's worth it. Really worth it. They provide DNS proxy, SOCKS5, HTTP, Unblock-us, etc.. Check them out and you would know. Anyways, I loved your article and that I came to think of the DNS which I usually use for streaming. It usually works because of it's enryption. You can also use VPN but it's without encryption and therefore, there's no difference.

    The main thing here is protection to hackers... And the best way is use VPN... (Virtual Private Network)

    Looking forward to your next article. Cheers.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon