Last Sunday, 7th June, VA Serv, the company that provides some of our servers, had their VPS systems hacked to pieces. Reportedly, this affected as many as 150,000 websites. We’re lucky that our backup and redundancy systems enabled us to recover our affected sites within a short space of time. In fact most of our clients didn’t even realise anything was wrong - just the way we like it.

However, it did give me pause for thought, on a few counts.

It turns out that VA Serv had been using the same VPS (Virtual Private Server) technology to host their billing and sales systems as they were leasing to their clients. That’s fine as far as it goes, but of course when a vulnerability was found in the VPS management software, VA’s “back office” systems also became vulnerable. This was clearly a case where “eating your own dog food” was the wrong thing to do.

It also raises wider concerns about web based admin systems, and cloud computing in general - these are powerful and compelling concepts which help bring down the cost and effort required to build and maintain complex IT systems - but at what cost?

Ultimately, this is a chilling reminder that any data stored on the internet is only safe if you trust the people hosting it for you. And it’s very difficult to decide what to base that trust on - incidents like the attack on VA Serv happen fairly rarely these days.

Finally, some further reading. And perhaps most shocking of all (if you believe it’s genuine) - this was posted on webhostingtalk (and then quickly taken down). It purports to be from one of the hackers.