In early July, a user on the Pale Moon forums discovered that an old build of Pale Moon that was hosted on projects archive server contained a Trojan virus.
The project lead of Pale Moon; M.C. Straver (MoonChild) would do an investigation into how the Trojan got on to the archive server. The investigation would find that all versions of Pale Moon that were hosted on the archive server were infected.
MoonChild Blames BuyVM for the Server Getting Hacked
In the post-mortem thread, MoonChild claimed that because he had locked down many of access points of the VPS to his own IP address and that the remote security of the Windows Install “was solid”. He would go on to use these claims to pass off blame for the VPS being hacked on to the web host (BuyVM/Frantech).
In response to a thread on LowEndTalk about the hack, The owner of Frantech solutions pointed out that he had tickets where MoonChild admitted that he had not logged into the Windows server for ages.
If you know anything about unmanaged VPS hosting then you understand that there is generally no extra security features added to the operating system on top of what is normally included in a normal install. Basically, you are expected to secure your own VPS, including maintaining and updating the operating system and any software you have installed.
By using Windows, Pale Moon have opened themselves up to a far higher chance of being hacked compared to using a Linux distribution. As a sysadmin, MoonChild should have known that people generally use a Windows-based server because the web application actually needs it, which a file server does not.
Another point that works against MoonChild in context of him not logging into the VPS regularly is that most programs on Windows don’t automatically update which means that even if you have the operating system set up to apply updates as soon as they become available, those programs will remain out of date unless you log in and update them manually.