+ Post New Thread
Page 1 of 3 123 LastLast
Results 1 to 15 of 37
Web Development Thread, Wordpress - I got hacked! in Coding and Web Development; I came home last night to find my personal site had been shut down again. First time was nonpayment, fair ...
  1. #1
    CAM
    CAM is offline

    CAM's Avatar
    Join Date
    Mar 2008
    Location
    Burgh Heath, Surrey
    Posts
    4,090
    Thank Post
    821
    Thanked 353 Times in 277 Posts
    Blog Entries
    60
    Rep Power
    280

    Wordpress - I got hacked!

    I came home last night to find my personal site had been shut down again. First time was nonpayment, fair enough. Now less then a week later after renewing, they shut it down again, this time citing a phishing scam as the cause.

    I tried to explain "No, I didn't post a phishing site on my account" but all I get is I have to change to a more expensive dedicated virtual server package with no support or help in keeping it running. They claim their upstream provider will shut the shared webhosting server off "if they have any more security issues"

    So here I am, strong FTP password, updated Wordpress installation and keeping a careful eye on permissions. Done everything to keep it secure...and everything from webmail to FTP access is shut down. To top it off, they received a letter from PayPal trying to brand me as the criminal.

    What do I do? I've only just resubbed, I'm just trying to get webhosting experience and this hits the fan!
    Last edited by CAM; 12th May 2009 at 01:30 PM.

  2. #2
    dwhyte85's Avatar
    Join Date
    Mar 2009
    Location
    Berkshire
    Posts
    1,218
    Thank Post
    156
    Thanked 146 Times in 131 Posts
    Rep Power
    102
    Do you have the latest WP? You have checked your own machine for Keyloggers and trojans? Bit unfair of your provider, they would have it pretty locked down, if someone did compromise your site they should be able to do very little with the access they have.

    I once had a site of mine hacked, i added my own code to e107 and i didn't sanitise the inputs so they were able to do some damage on my VPS, if it's just a WP install i can't see how they'd be able to get in, AFAIK no 0day exists for WP on the latest version.

  3. Thanks to dwhyte85 from:

    CAM (12th May 2009)

  4. #3

    matt40k's Avatar
    Join Date
    Jun 2008
    Location
    Ipswich
    Posts
    4,391
    Thank Post
    368
    Thanked 637 Times in 519 Posts
    Rep Power
    158
    Move hosts, they sound insecure hosts. I use Mythic-Beasts, they don't do a web control panel, but it's easy enough to setup I'll lend a hand if need. Failing that I'm sure CS New Media on here is a good bet, or GoDaddy, or FastHost (I'm sure someone will moan for saying that).

    See:
    web hosting company?

    FYI: FTP is insecure.

  5. Thanks to matt40k from:

    CAM (12th May 2009)

  6. #4
    CAM
    CAM is offline

    CAM's Avatar
    Join Date
    Mar 2008
    Location
    Burgh Heath, Surrey
    Posts
    4,090
    Thank Post
    821
    Thanked 353 Times in 277 Posts
    Blog Entries
    60
    Rep Power
    280
    I tried GoDaddy but I wasn't fond of them. And before then was ETGlobalSolution that was, well, never seen a whole company just vanish!

    I'll take a look at those guys Matt, thanks.

    Back on topic, I heard of a possible exploit in Wordpress where old bugs came back to cause trouble. All I know is I had the latest version. I have no idea how they got in but the webhost company refuses to do an investigation saying it isn't their job to do so. I can't investigate myself either. They just said they'd copy a recent backup to a "new miniserver order" but that could be hacked as well!

    The site itself worked no trouble, the hackers were just sneaky and hid a malicious phishing page deep in the Worpress folder structure si I didn't even know they compromised it. No page vandalism or anything.

  7. #5
    dwhyte85's Avatar
    Join Date
    Mar 2009
    Location
    Berkshire
    Posts
    1,218
    Thank Post
    156
    Thanked 146 Times in 131 Posts
    Rep Power
    102
    Quote Originally Posted by CAM View Post
    I tried GoDaddy but I wasn't fond of them. And before then was ETGlobalSolution that was, well, never seen a whole company just vanish!

    I'll take a look at those guys Matt, thanks.

    Back on topic, I heard of a possible exploit in Wordpress where old bugs came back to cause trouble. All I know is I had the latest version. I have no idea how they got in but the webhost company refuses to do an investigation saying it isn't their job to do so. I can't investigate myself either. They just said they'd copy a recent backup to a "new miniserver order" but that could be hacked as well!

    The site itself worked no trouble, the hackers were just sneaky and hid a malicious phishing page deep in the Worpress folder structure si I didn't even know they compromised it. No page vandalism or anything.
    Unless you've downloaded an old plug-in? Or on the control panel they have an outdated fantastico or scriptaculous (whatever they call it).

  8. #6
    CAM
    CAM is offline

    CAM's Avatar
    Join Date
    Mar 2008
    Location
    Burgh Heath, Surrey
    Posts
    4,090
    Thank Post
    821
    Thanked 353 Times in 277 Posts
    Blog Entries
    60
    Rep Power
    280
    Thanks. I'll have words with their MD as a last ditch effort (she used to be a in a gaming group with me hence why I really don't want to drag this through the mud). If nothing is resolved, I'll aim to get a refund.

    There was one addon but it was disabled. Image Gallery or something. Since the uploads folder was the target and the uploads/js-cache folder held the malicious page, that might be an answer.

  9. #7
    CSNM-Carl's Avatar
    Join Date
    Jan 2008
    Location
    Teesside
    Posts
    344
    Thank Post
    145
    Thanked 62 Times in 50 Posts
    Rep Power
    45
    Is there anything in the website logs to show how the domain got compromised? You should have access to these either via FTP or your hosting control panel.

  10. #8
    CAM
    CAM is offline

    CAM's Avatar
    Join Date
    Mar 2008
    Location
    Burgh Heath, Surrey
    Posts
    4,090
    Thank Post
    821
    Thanked 353 Times in 277 Posts
    Blog Entries
    60
    Rep Power
    280
    As I said, they locked it down compeltely.

    No HTTP(S).
    No EMail.
    No FTP.
    No CPanel.
    Hosting control panel, worthless.

    Nada, zip, nil. Just an external EMail address I have I can use to contact support (and cant access on my break at work) and a page saying "Account Suspended." I didn't even get an EMail, I had to stumble on it by accident when I tried accessing my EMail and had to initiate the chat with support who have told me "Move to a dedicated hosting solution with no tech support offered." Technically less secure then what they gave me since I have minimal server experience.

  11. #9

    matt40k's Avatar
    Join Date
    Jun 2008
    Location
    Ipswich
    Posts
    4,391
    Thank Post
    368
    Thanked 637 Times in 519 Posts
    Rep Power
    158
    Can you post use your website address or PM me it?

    We should be able to find out the hosting company, sounds to me like they are someone with a resellers package or a VPS with Cpanel installed. Really if someone (public) was able to access /uploads/, they could change the permissions or even remove it, it's not difficult.

  12. #10

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,047
    Thank Post
    160
    Thanked 913 Times in 716 Posts
    Blog Entries
    3
    Rep Power
    271
    Quote Originally Posted by matt40k View Post
    Can you post use your website address or PM me it?

    We should be able to find out the hosting company, sounds to me like they are someone with a resellers package or a VPS with Cpanel installed. Really if someone (public) was able to access /uploads/, they could change the permissions or even remove it, it's not difficult.
    agree : )

    lets have a look who is behind this and see what we can do

  13. #11
    CAM
    CAM is offline

    CAM's Avatar
    Join Date
    Mar 2008
    Location
    Burgh Heath, Surrey
    Posts
    4,090
    Thank Post
    821
    Thanked 353 Times in 277 Posts
    Blog Entries
    60
    Rep Power
    280
    The company in question is Memset

    I was on their 2 year Webhost 1000 Account. They have been a bit expensive but support seemed good up until now.

    However, browsing their Support Matrix the cost of fixing something that goes wrong if I do move is high! Far too much to warrant keeping the blog if something happens.

    They were good until the site was compromised and 2 days after intiating contact with support (who haven't even told me when the account was suspended) I feel they are just trying to sell me a new server instead of fixing the damage after locking it down far too much. "Blah blah the server cant take all the extra traffic from spam and we are being threatened with closure" etc etc etc.

    The site is www.ssib.co.uk but chances are, LEAs are now blocking it due to anti-phishing services blacklisting my domain.

    I've also been with them since 2007 no hassle apart from denying me shell access and having to ask them to delete some folders after permission trouble.

  14. #12

    matt40k's Avatar
    Join Date
    Jun 2008
    Location
    Ipswich
    Posts
    4,391
    Thank Post
    368
    Thanked 637 Times in 519 Posts
    Rep Power
    158
    memset.com

    Prices seem too cheap.

    Windows 2003 license standard 10, web is 8. How can they charge 5? Not even gold partners get it that cheap!

    Has an postal address listed

    Has a resellers account with tucows.com for domain reg. Appears to be a Ltd company is Surroy.

    Colo\rent whatever from dedipower.com, which is (mainly) managed stuff.


    Public website seems to only offer VPS really, can't find web hosting (easily)

    Personally, cut you loses and move hosts, only thing worth maybe getting is domain name moved to new provider.

    On the home page they say KFC is hosted with them, pretty sure rackspace (i suppose kfc too) will be naffed off.


    More thoughs in the morning

    EDIT:
    Read web hosting as py not pm.
    Last edited by matt40k; 12th May 2009 at 11:28 PM. Reason: In need of sleep

  15. #13

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,047
    Thank Post
    160
    Thanked 913 Times in 716 Posts
    Blog Entries
    3
    Rep Power
    271
    Dam you matt your too quick for me lol

    The company look like a total waste of space to me i would just move away if you can.

    Do you have a backup of your site so you can restore it on another sever? if not maybe give them an email and ask if you can just take a backup of the site.

    I'll send you a PM might be able to help you out though.

    James.

  16. Thanks to EduTech from:

    CAM (13th May 2009)

  17. #14
    mossj's Avatar
    Join Date
    Dec 2008
    Location
    Leicester
    Posts
    1,466
    Thank Post
    157
    Thanked 189 Times in 174 Posts
    Rep Power
    52
    I can sort you out with some free *tempory* hosting if you like (a donation through paypal would be nice), PM me with what your site requires in bandwidth/space/databases/email and I'll let you know.

  18. #15


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by matt40k View Post
    Prices seem too cheap.

    Windows 2003 license standard 10, web is 8. How can they charge 5? Not even gold partners get it that cheap!
    Muliple virtual installations on one physical server ??
    IIRC one 2003R2 license can be installed four times on one server.

SHARE:
+ Post New Thread
Page 1 of 3 123 LastLast

Similar Threads

  1. Wordpress MU
    By GrumbleDook in forum Virtual Learning Platforms
    Replies: 2
    Last Post: 3rd May 2009, 09:23 PM
  2. Wordpress Blogging
    By TechSupp in forum Internet Related/Filtering/Firewall
    Replies: 1
    Last Post: 20th February 2009, 09:27 PM
  3. Wordpress Problems
    By sgknowler in forum Web Development
    Replies: 6
    Last Post: 30th April 2008, 12:51 PM
  4. Wordpress MU
    By mark in forum Web Development
    Replies: 0
    Last Post: 1st May 2007, 05:09 PM
  5. wordpress template
    By beeswax in forum Web Development
    Replies: 2
    Last Post: 25th February 2007, 03:59 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •