SimbirSoft backdoored our server so we got hacked

Our company suffered a severe setback recently. Most of our customers started to email us with "I've been waiting for ages for your payment/shipping confirmation emails" and "Why aren't you answering my emails?". It started as a tricke but eventually became dozens of customers a day. It turned out that both gmail and hotmail had blacklisted our domain because our server was mass-spamming the planet for days. We appeared on major SPAM blacklists as well. When a company with 100 customers/day can't communicate with its customers for nearly a month, that's bad - very bad. On top of that came the reputational damage from being hacked and sending out millions of SPAM emails. We contacted Liquidweb, where we have a fully managed server. Liquidweb told us they identified the file that compromised our server:

LiquidWeb-warning

LiquidWeb-warning2

Liquidweb informed us that the file was put on our server by IP address 109.195.194.200. That IP address belongs to Simbirsoft:

IP-Simbirsoft

We knew Simbirsoft all too well. We had hired them to do work for $8000 on our online store. We had chosen them because they employed the principal developers of our eCommerce platform Avactis. We agreed that Avactis' main developer would do the work and we were introduced to him. However, Simbirsoft delegated the work to an incompetent junior female programmer instead and crucial work (implementation of PayPal Express Checkout) that should take mere days dragged out for weeks without any other results but embarrasing bugs and crashes. So we got scammed by Simbirsoft. Our damage was a long delay in implementing much needed payment processing capability. Only threatening Simbirsoft with public exposure of their scam made them agree to refund us.

This is the file they put on our server:

_shell

Ilya Kashtankin of Simbirsoft (Илья Каштанкин, директор, СимбирСофт) first denied they ever put the file on our server. Liquidweb says they're lying. Then Ilya finally admitted it. The moral of this story: Simbirsoft are scammers. They let you pay for top-class developers but let their most junior coders do the work. Those junior coders are incompetent. Simbirsoft, on the day they refunded us for their incompetence, carelessly placed a backdoor on our server to make it easier for them to work on our site, but this recklessness eventually got us hacked and blacklisted with Google and Microsoft. We lost everything on the hacked account - the entire website that was on it because the backups were infected with a virus as well because we did not discover the hack for quite a long time. The lost account was very important to us - it was our only advertizing channel for our main site and contained many articles that we worked on for years. The entire database seems to be infected with code hiding in it, and the site's code is infected as well. SimbirSoft never apologized for being so negligent not to remove the file when they stopped working on our server - or for putting it there in the first place. They also never apologized for letting us pay for a senior developer with experience with Avactis development, but instead letting an intern or junior developer try to do the work. Instead of apologizing, Simbirsoft used "social engineering" on Liquidweb, falsely claiming we accused SimbirSoft directly of deliberately hacking us so they could send SPAM. By making us seem like ignorant and paranoid, they persuaded Liquidweb to hand over confidential server files from our server to SimbirSoft. Simbirsoft sent our copyrighted material to Liquidweb in order to aid them in their "social engineering" to obtain our confidential information. Update of May 13, 2015: SimbirSoft is not prepared to compensate us for the long delay in getting our site upgraded, the many weeks of us being blacklisted for SPAM and the destruction of one of our websites with many elaborate articles on it - forever. Their Sergey Yurkin of SimbirSoft however did "apologize". In order to intimidate Liquidweb to supply them with our private data, SimbirSoft claimed to have 200 employees to Liquidweb. In reality it's more like 40, of which most seem to be sales people and managers and developers who are completely new to programming. We warn in the strongest terms against this incompetent, deceptive, unreliable, arrogant, devious company.



Commenting on this article is not possible anymore.
Our store has instructions for our products.