[caption id=”attachment_5980” align=”alignleft” width=”257”]Practice what you preach, 123-reg Practice what you preach, 123-reg[/caption]

123-reg, a hosting provider in the UK has run an untested script on production servers and wiped out a load of customers’ VPS.

Thankfully, after past experiences with 123-reg I moved my business away from them in favour of Gandi for domains and Hetzner for hosting (a nice dedi server). I am glad I did, since they seem to be in the position where code can be run with the privileges to destroy customer data. This is a big security risk. Secondly, this code obviously was not tested. It should always be the case that code gets tested, and some form of QA checks on the script to make sure that variables are also checked for a value where it needs one. For example:

rm -fr $foo/$bar

If $foo is not set, or contains only a space, as well as $bar, then your server is going to become very empty, very fast.