Incident Report

lucy-hogg .

On Sunday night, we detected a breach on our client management system originating from Russia and China. We quickly nullified the threat by black holing the IP’s and disabling SSH/remote server admin across the entire network. After the network had been secured we went about identifying where the breach activity had been – only a small number of clients were affected before we took action, and these clients were informed straight away. Due to the fact our network monitoring allows us to trace where the attack had been, we are confident that those who were contacted straight away were the only ones compromised/accessed. If you were not contacted by the team on Sunday, your server was not one of those affected and you can be confident that your data was not compromised.

As a precautionary ‘belt and braces’ measure, the Nimbus team left SSH/remote server admin disabled yesterday (Monday) whilst we manually reset all server passwords that were stored in our system. Throughout this time, all websites and applications on the servers continued to function normally. The password reset was completed late Monday night, and SSH/remote server admin was re-enabled at 10am today (Tuesday). We have made changes and improvements to our security measures and are confident that the network is now fully secure.

We would like to take this opportunity to apologise for any inconvenience caused by yesterdays SSH/remote server admin lockdown. Please also note that there may be a slight delay in response to support tickets whilst the team clear yesterdays backlog.

Your server login details can be found by logging in to youraccount.nimbushosting.co.uk. If you have forgotten your details, you can reset your login to the client area under ‘Account’ (top right) and ‘Forgot Password?’.

×