Web Development Thread, Wordpress - I got hacked! in Coding and Web Development; Originally Posted by mbdrake
That still does not excuse posting private correspondence to a public forum - poor customer service ...
15th May 2009, 01:35 PM #31
I disagree. Would you have looked at this issue in the detail you have done if it had not been for the airing of this dirty laundry? I think not.
Originally Posted by mbdrake
15th May 2009, 01:43 PM #32
- Rep Power
We'll have to agree to disagree. Whether or the emails were published or not, the thread would have been spotted at some point. Google is very handy for keeping an eye on what's being said. The point is that it's not good etiquette to post private correspondence regardless.
Originally Posted by localzuk
What's more important is that the company or individual being complained about has the right to reply. There is no need to publish such correspondence in order to be able to do that.
15th May 2009, 01:52 PM #33
- Rep Power
We do have a complaints and/MD contact point for when people feel as though they're not getting the service they feel they're getting (rightly or wrongly). I know it feels good taking out frustrations in public like this (and goodness knows I've done it myself), but it doesn't really do anybody any good in the long run.
Originally Posted by CAM
I see you've already spoken to Kate, and am pleased that things have been resolved.
Absolutely - that's one of the best features of Wordpress is that it can also update itself (along with relevant plug-ins). As I said, I wasn't responsible for the suspension or technical dealings with this particular incident (although yes, I mis-read/interpreted your original post) but from what you say here, the plug-in may well be the culprit. I've seen a fair few image gallery systems compromised through it's upload functionality. That seems the likely reason.
Originally Posted by CAM
15th May 2009, 01:58 PM #34
I'm glad to see that there is a good level of discussion going on now between the OP and the hosts but I'm just wondering how hosts can expect their client to resolve an issue if they are given very little chance to resolve an issue due to majority of access to the site is removed. The hosts involved aren't the only people to do this and I have been in a similar situation (and when I did a bit of a search on various forums other than here there are a goodly number of examples).
What would people expect to be a reasonable level of access to try and resolve these sorts of issues ... remembering that many people use the *cheap* packages that mean that there will be limited support or help from the hosts (remember the old adage ... you get what you pay for!).
15th May 2009, 02:00 PM #35
Martyn, I can assure you I was reluctant to reveal Memset's name but I had to in order to assist with the matter. I did not take the decision lightly, neither did I find it pleasant to do as you claim.
This is a far from satisfying experience for anyone involved. Dealing with customer complaints never is.
15th May 2009, 06:27 PM #36
Presumably you'll have something like Virtuozzo installed and just rebuild if it's a vps or just delete the account and hosting and recreate? Nobody sets out to be hacked but in this case he's been unfortunate, although... advice to resolve the issue is better than threatening or offering an alternative solution that requires him to buy something different, it very much seems like avoiding the problem. Unfortunately... people wont care about your costs they care about support and feeling like people care about them as a customer, i'm afraid i don't sympathise with Memset whatsoever or agree with your reasoning. If i went in to work Monday and decided that recovering a pupils work wasn't worth my time as Network Manager and that they should seek a data recovery specialist - I would be in jeopardy of my job, of course priorities come into it and time constraints but at the end of the day... it's my end user as he is Memsets, not just a PayPal account who's paid x amount of money. My opinions... i've used many webhosts, most of them don't give a monkeys about customers, the low prices they offer is a definite trade off with quality of customer services, cheap hosts with either the non existant support or outsourced support which cannot do the job, BodHost is a great example of that!
Originally Posted by mbdrake
Last edited by dwhyte85; 15th May 2009 at 06:30 PM.
15th May 2009, 06:36 PM #37
Right, now that I have the files it's time to give the arguments a time out and get down to the real dirty business of the forums. The techy bits.
Inspecting my logs, I noticed a number of attempts to access the reset password screen. Bandwidth transferred had also jumped from 24MB to 40MB. The attack has been pinpointed to May as April shows no evidence of the offending phishing site.
Now the interesting bit. Someone, somewhere has granted 777 permissions on the Upload folder. Inside is an encrypted file consisting of garbled letters and number called .log.php which you guys may want to have a quick scan for on hosting accounts (if it is a file to be worried about).
Now, to further pinpoint the attack date, I have checked the Last Modified field on Properties in Windows FTP. They read 11 Dec 2007 which is wrong since the account has been emptied completely many times since then and WP was installed late 2008. However, a PHP script called samris.php that holds the malicious attack code appears to point to an EMail email@example.com and the attacker's alias appears to be The sTronGer.
Some files, the one above in particular, says 29 March on Last Modified. I am asuming it preserves the Last Modified date on file copy? Looking at the phishing mini-site's root folder though, it says 9 Nov 2009 was the date of the folder creation. Checking .log.php it states 1 May 2009 as date Last Modified.
Is that the right sort of lines to help me pinpoint more evidence in the log?
Took about 10mins of looking too!
Last edited by CAM; 15th May 2009 at 06:39 PM.
By GrumbleDook in forum Virtual Learning Platforms
Last Post: 3rd May 2009, 09:23 PM
By TechSupp in forum Internet Related/Filtering/Firewall
Last Post: 20th February 2009, 09:27 PM
By sgknowler in forum Web Development
Last Post: 30th April 2008, 12:51 PM
By mark in forum Web Development
Last Post: 1st May 2007, 05:09 PM
By beeswax in forum Web Development
Last Post: 25th February 2007, 03:59 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)