+ Post New Thread
Page 3 of 3 FirstFirst 123
Results 31 to 37 of 37
Web Development Thread, Wordpress - I got hacked! in Coding and Web Development; Originally Posted by mbdrake That still does not excuse posting private correspondence to a public forum - poor customer service ...
  1. #31

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,638
    Thank Post
    514
    Thanked 2,443 Times in 1,891 Posts
    Blog Entries
    24
    Rep Power
    831
    Quote Originally Posted by mbdrake View Post
    That still does not excuse posting private correspondence to a public forum - poor customer service or not.
    I disagree. Would you have looked at this issue in the detail you have done if it had not been for the airing of this dirty laundry? I think not.

  2. #32

    Join Date
    May 2009
    Location
    Guildford, Surrey, UK
    Posts
    6
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Quote Originally Posted by localzuk View Post
    I disagree. Would you have looked at this issue in the detail you have done if it had not been for the airing of this dirty laundry? I think not.
    We'll have to agree to disagree. Whether or the emails were published or not, the thread would have been spotted at some point. Google is very handy for keeping an eye on what's being said. The point is that it's not good etiquette to post private correspondence regardless.

    What's more important is that the company or individual being complained about has the right to reply. There is no need to publish such correspondence in order to be able to do that.

    Regards,

    Martyn

  3. #33

    Join Date
    May 2009
    Location
    Guildford, Surrey, UK
    Posts
    6
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Quote Originally Posted by CAM View Post
    Right, as per your request I have removed theanonymised transcripts from my posts. I'm sorry for doing it and may have made a mistake, butI saw no wrong in posting them and felt it would provide better clarity to the situation as I have never been in this situation before and didn't want to come accross as one sided. Yes, there are a few "angry customer" moments but what do you expect when you are left feeling like your dangling from the end of a rope with EBay's legal sharks circling below you?
    We do have a complaints and/MD contact point for when people feel as though they're not getting the service they feel they're getting (rightly or wrongly). I know it feels good taking out frustrations in public like this (and goodness knows I've done it myself), but it doesn't really do anybody any good in the long run.

    I see you've already spoken to Kate, and am pleased that things have been resolved.

    Quote Originally Posted by CAM View Post
    In response to your claims of an old version of Wordpress, if you read the thread you will see I posted that as far as I knew, it was the most up-to-date version. The control panel bugs the hell out of me if I don't update, so I do. We all know that keeping web software up to date is as critical as keeping Windows up to date. It may have been Image Gallery which I assumed would be no threat if disabled in the control panel. But I did ask for this information plus more and it wasn't given, hence why I opted to leave.
    Absolutely - that's one of the best features of Wordpress is that it can also update itself (along with relevant plug-ins). As I said, I wasn't responsible for the suspension or technical dealings with this particular incident (although yes, I mis-read/interpreted your original post) but from what you say here, the plug-in may well be the culprit. I've seen a fair few image gallery systems compromised through it's upload functionality. That seems the likely reason.

    Regards,

    Martyn

  4. #34

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,930
    Thank Post
    1,337
    Thanked 1,781 Times in 1,105 Posts
    Blog Entries
    19
    Rep Power
    594
    I'm glad to see that there is a good level of discussion going on now between the OP and the hosts but I'm just wondering how hosts can expect their client to resolve an issue if they are given very little chance to resolve an issue due to majority of access to the site is removed. The hosts involved aren't the only people to do this and I have been in a similar situation (and when I did a bit of a search on various forums other than here there are a goodly number of examples).

    What would people expect to be a reasonable level of access to try and resolve these sorts of issues ... remembering that many people use the *cheap* packages that mean that there will be limited support or help from the hosts (remember the old adage ... you get what you pay for!).

  5. #35
    CAM
    CAM is offline

    CAM's Avatar
    Join Date
    Mar 2008
    Location
    Burgh Heath, Surrey
    Posts
    4,075
    Thank Post
    812
    Thanked 353 Times in 277 Posts
    Blog Entries
    60
    Rep Power
    280
    Martyn, I can assure you I was reluctant to reveal Memset's name but I had to in order to assist with the matter. I did not take the decision lightly, neither did I find it pleasant to do as you claim.

    This is a far from satisfying experience for anyone involved. Dealing with customer complaints never is.

  6. #36
    dwhyte85's Avatar
    Join Date
    Mar 2009
    Location
    Berkshire
    Posts
    1,216
    Thank Post
    156
    Thanked 146 Times in 131 Posts
    Rep Power
    102

    Thumbs down

    Quote Originally Posted by mbdrake View Post
    Nobody sets out to be hacked (well, unless you're looking to become a honeypot), but even so, clearing up after vulnerability is both time consuming and costly in terms of support (there is also the issue of replying to those reported the phishing site, the upstream provider, etc. to tell them that we have dealt with the issue and re-assure them that this will not happen again from the same customer). When you weigh that against the cost charged for the actual hosting and the clean up operation, it an becomes expensive process. The balance of giving lots of support to shared hosting customers and VPS/dedicated customers is a difficult one. Sometimes it doesn't work out - like it has here.
    Presumably you'll have something like Virtuozzo installed and just rebuild if it's a vps or just delete the account and hosting and recreate? Nobody sets out to be hacked but in this case he's been unfortunate, although... advice to resolve the issue is better than threatening or offering an alternative solution that requires him to buy something different, it very much seems like avoiding the problem. Unfortunately... people wont care about your costs they care about support and feeling like people care about them as a customer, i'm afraid i don't sympathise with Memset whatsoever or agree with your reasoning. If i went in to work Monday and decided that recovering a pupils work wasn't worth my time as Network Manager and that they should seek a data recovery specialist - I would be in jeopardy of my job, of course priorities come into it and time constraints but at the end of the day... it's my end user as he is Memsets, not just a PayPal account who's paid x amount of money. My opinions... i've used many webhosts, most of them don't give a monkeys about customers, the low prices they offer is a definite trade off with quality of customer services, cheap hosts with either the non existant support or outsourced support which cannot do the job, BodHost is a great example of that!
    Last edited by dwhyte85; 15th May 2009 at 06:30 PM.

  7. #37
    CAM
    CAM is offline

    CAM's Avatar
    Join Date
    Mar 2008
    Location
    Burgh Heath, Surrey
    Posts
    4,075
    Thank Post
    812
    Thanked 353 Times in 277 Posts
    Blog Entries
    60
    Rep Power
    280
    Right, now that I have the files it's time to give the arguments a time out and get down to the real dirty business of the forums. The techy bits.

    Inspecting my logs, I noticed a number of attempts to access the reset password screen. Bandwidth transferred had also jumped from 24MB to 40MB. The attack has been pinpointed to May as April shows no evidence of the offending phishing site.

    Now the interesting bit. Someone, somewhere has granted 777 permissions on the Upload folder. Inside is an encrypted file consisting of garbled letters and number called .log.php which you guys may want to have a quick scan for on hosting accounts (if it is a file to be worried about).

    Now, to further pinpoint the attack date, I have checked the Last Modified field on Properties in Windows FTP. They read 11 Dec 2007 which is wrong since the account has been emptied completely many times since then and WP was installed late 2008. However, a PHP script called samris.php that holds the malicious attack code appears to point to an EMail gossipbees@gmail.com and the attacker's alias appears to be The sTronGer.

    Some files, the one above in particular, says 29 March on Last Modified. I am asuming it preserves the Last Modified date on file copy? Looking at the phishing mini-site's root folder though, it says 9 Nov 2009 was the date of the folder creation. Checking .log.php it states 1 May 2009 as date Last Modified.

    Is that the right sort of lines to help me pinpoint more evidence in the log?

    Took about 10mins of looking too!
    Last edited by CAM; 15th May 2009 at 06:39 PM.

SHARE:
+ Post New Thread
Page 3 of 3 FirstFirst 123

Similar Threads

  1. Wordpress MU
    By GrumbleDook in forum Virtual Learning Platforms
    Replies: 2
    Last Post: 3rd May 2009, 09:23 PM
  2. Wordpress Blogging
    By TechSupp in forum Internet Related/Filtering/Firewall
    Replies: 1
    Last Post: 20th February 2009, 09:27 PM
  3. Wordpress Problems
    By sgknowler in forum Web Development
    Replies: 6
    Last Post: 30th April 2008, 12:51 PM
  4. Wordpress MU
    By mark in forum Web Development
    Replies: 0
    Last Post: 1st May 2007, 05:09 PM
  5. wordpress template
    By beeswax in forum Web Development
    Replies: 2
    Last Post: 25th February 2007, 03:59 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •