Hosting with Hetzner? Here's what you need to know about the data centre breach

ALT Digital News Update

Hetzner is a great host, make no mistake about that. Unfortunately in this day and age, no one is immune to a breach. 

According to ITWeb, "Hetzner says it provides about 40 000 customers with Web hosting, self-managed servers, managed servers, co-location and custom hosting solutions." 

Read the full Hetzner notice here. 

So what does this mean for you as a subscriber?

The evil internet imps gained access to:

  • Customer details (name, address, ID number (where applicable), telephone numbers and email addresses)
  • Domain names
  • FTP passwords
  • Bank account details (cheque/savings). No credit card details are stored.

What can you do about it?

First, DON'T PANIC! You can circumvent issues by following a few simple steps:

  1. Run a security scan on your device (I recommend Kasersky Total Security)
  2. Log into the secure konsole. 
    1. At the top right hand corner, select "Account Admin" 
    2. On the left hand sidebar, select "Management Password" 
    3. Enter your old password 
    4. Specify new password (secure, min. 11 characters, alphanumeric, upper and lower case. Include symbols)
    5. Confirm new password 
    6. Save
  3. At the top right, select "Hosting Services" 
    1. Select the domain or service you are looking for
    2. Go down to "Mail" from the left hand sidebar 
    3. Select "Manage Accounts" on left hand sidebar 
    4. Click "edit" next to your email alias
    5. Under "password" add a new secure password 
    6. Confirm new password
    7. Save 
  4. On the left hand sidebar, click "Managed Services"
    1. Select "FTP Users" 
    2. Select "edit" 
    3. Change your password (or use the password generator) 
    4. Save 
  5.  Still under "Managed Services"
    1. Select "Manage MySQL"
    2. Chose your database by clicking on it (most will only have one) 
    3. Change the passwords 
      1. Normal password 
      2. R/W password (read write)
      3. R/O password (read only)
    4. Once done, you need to edit your wp-config file.
      1. Left hand sidebar, select "File Manager" 
      2. Scroll down to the file named "WP-Config.php"
      3. Click on it once only
      4. On the right hand side, select "edit" 
      5. Scroll down to "/** MySQL database password */"
      6. VERY CAREFULLY, between the single inverted commas, enter the new password you created in step 4. This is vital, but be extremely precise. 
  6. Finally, log into your website and change all admin passwords. Remember that you need secure passwords. It's not optional, it's mandatory. 

*Side note: If you are running your site on Wordpress, I strongly recommend downloading Word Fence and initating an urgent and immediate scan on your Wordpress environment. 

Good luck and stay secure! 


Popular Posts