Web Hosting Forum | Lunarpages

Author Topic: Do we need to beware https://mizar.lunarpages.com?  (Read 6360 times)

Offline LPM

  • Newbie
  • *
  • Posts: 3
Do we need to beware https://mizar.lunarpages.com?
« on: April 11, 2014, 01:43:25 PM »
Do we need to beware https://mizar.lunarpages.com server?

Its a server that hosts many websites and where you need to go and log into your cPanel, webmail, website, etc.

Qualys SSL Labs gives an "F" for Luarpages administration of security on this server.

https://www.ssllabs.com/ssltest/analyze.html?d=mizar.lunarpages.com

Whereas other sites, like the one for Chase bank is graded an "A"?

https://www.ssllabs.com/ssltest/analyze.html?d=chase.com&s=159.53.42.11

I apologize in advance if your site is hosted here, but you're better off knowing there's a problem than be the victim of something later.


Offline MrPhil

  • Senior Moderator
  • Berserker Poster
  • *****
  • Posts: 6225
Re: Do we need to beware https://mizar.lunarpages.com?
« Reply #1 on: April 11, 2014, 02:34:06 PM »
The report gives an F because "This server supports SSL 2, which is obsolete and insecure." I guess that probably is going to apply to a lot of LP servers, not just Mizar. Maybe you should rattle the cage of the admins and ask if there are plans to upgrade SSL?  By the way, the report says there's no Heartbleed vulnerability, which is good news (if true).
Visit My Site

E-mail Me
  
-= From the ashes shall rise a sooty tern =-

Offline LPM

  • Newbie
  • *
  • Posts: 3
Re: Do we need to beware https://mizar.lunarpages.com?
« Reply #2 on: May 03, 2014, 02:30:31 PM »
The report gives an F because "This server supports SSL 2, which is obsolete and insecure." I guess that probably is going to apply to a lot of LP servers, not just Mizar. Maybe you should rattle the cage of the admins and ask if there are plans to upgrade SSL?  By the way, the report says there's no Heartbleed vulnerability, which is good news (if true).

I've tried email tech support. All I got was a highly defensive email saying nothing is wrong. I tweeted to LunarPages on Twitter, and they said weeks ago they'd immediately update the servers. No such luck.

Basically, anyone who has shared hosting, their cPanel and everything behind the cPanel is vulnerable to hacking.

This could be a legal problem for LunarPages. They've been contacted and warned about this, if the hundreds (thousands?) of shared hosting websites are compromised, all the emails, etc behind that are compromised these businesses have a legal course of action vs LunarPages because LP did not take reasonable efforts to correct the situation after being alerted.

Offline mikewashtm

  • Intergalactic Cowboy
  • *****
  • Posts: 52
Re: Do we need to beware https://mizar.lunarpages.com?
« Reply #3 on: May 11, 2014, 10:03:20 AM »
You can just ignore those. As long as it has lunarpages.com for the domain, you are basically safe.

Offline LPM

  • Newbie
  • *
  • Posts: 3
Re: Do we need to beware https://mizar.lunarpages.com?
« Reply #4 on: May 18, 2014, 05:04:01 PM »
You can just ignore those. As long as it has lunarpages.com for the domain, you are basically safe.

Love to hear the explanation on this. Please elaborate.

 

Share |