The FTC's OnGuardOnline.gov website, previously hosted by Media Temple
(WEB HOST INDUSTRY REVIEW) — Cloud and web hosting provider Media Temple has ordered a public relations firm client to move its servers to another hosting company after its Federal Trade Commission’s websites were hacked last week for the second time in less than a month, according to a report by Ars Technia.
Fleishman-Hilliard had been awarded a $1.5 million communications support contract to set up websites for the FTC’s Bureau of Consumer Protection, which were hosted on Media Temple’s servers.
A Media Temple executive told Ars that even after the January 24th hacking of the OnGuardOnline.gov site, a government website that, ironically enough, provided security and privacy tips for consumers, Fleishman-Hilliard did not update the software operating on its other websites.
The attack used an exploit that took advantage of a security flaw found in the applications running on the websites, said the Media Temple chief marketing officer Kim Brubeck, who added the hosting provider had recommended “Fleishman-Hilliard to remove any [remaining] .gov sites” from its servers.
A Fleishman-Hilliard spokesperson said the company could not comment on the hacks because of a strict non-disclosure agreement it had signed with the FTC.
Following the February 17th attack, Brubeck emailed Fleishman-Hilliard the following day alerting the agency to move any remaining content of the government websites to other hosting companies within a 48-hour timeframe.
According to Brubeck, Media Temple was unaware that Fleishman-Hilliard was going to use its servers to host government accounts and, had it known, it would have advised them against it since the company is not a “FISMA-certified hosting service”.
FISMA is a major certification that requires a hosting company to implement and operate a full set of security configurations and controls.
Brubeck also explained that under the terms of its hosting contract, Fleishman-Hilliard was responsible for its own administration and security duties, which included updating operating system updates, and installing and backing up software.
About Justin Lee
Justin Lee has been a staff analyst with theWHIR since 2004. He writes about a range of web hosting and IT-related issues facing the industry on the WHIR website, as well the print version of the WHIR magazine. Follow him on Twitter @Justin_theWHIR.
No related posts.
{ 2 comments… read them below or add one }
This is really ironical that the website, which is made to protect others has been attacked by the hackers.
Long live Anonymous!