Web Development Thread, Wordpress - I got hacked! in Coding and Web Development; I came home last night to find my personal site had been shut down again. First time was nonpayment, fair ...
12th May 2009, 02:27 PM #1
Wordpress - I got hacked!
I came home last night to find my personal site had been shut down again. First time was nonpayment, fair enough. Now less then a week later after renewing, they shut it down again, this time citing a phishing scam as the cause.
I tried to explain "No, I didn't post a phishing site on my account" but all I get is I have to change to a more expensive dedicated virtual server package with no support or help in keeping it running. They claim their upstream provider will shut the shared webhosting server off "if they have any more security issues"
So here I am, strong FTP password, updated Wordpress installation and keeping a careful eye on permissions. Done everything to keep it secure...and everything from webmail to FTP access is shut down. To top it off, they received a letter from PayPal trying to brand me as the criminal.
What do I do? I've only just resubbed, I'm just trying to get webhosting experience and this hits the fan!
Last edited by CAM; 12th May 2009 at 02:30 PM.
12th May 2009, 02:34 PM #2
Do you have the latest WP? You have checked your own machine for Keyloggers and trojans? Bit unfair of your provider, they would have it pretty locked down, if someone did compromise your site they should be able to do very little with the access they have.
I once had a site of mine hacked, i added my own code to e107 and i didn't sanitise the inputs so they were able to do some damage on my VPS, if it's just a WP install i can't see how they'd be able to get in, AFAIK no 0day exists for WP on the latest version.
12th May 2009, 02:35 PM #3
Move hosts, they sound insecure hosts. I use Mythic-Beasts, they don't do a web control panel, but it's easy enough to setup I'll lend a hand if need. Failing that I'm sure CS New Media on here is a good bet, or GoDaddy, or FastHost (I'm sure someone will moan for saying that).
web hosting company?
FYI: FTP is insecure.
12th May 2009, 02:46 PM #4
I tried GoDaddy but I wasn't fond of them. And before then was ETGlobalSolution that was, well, never seen a whole company just vanish!
I'll take a look at those guys Matt, thanks.
Back on topic, I heard of a possible exploit in Wordpress where old bugs came back to cause trouble. All I know is I had the latest version. I have no idea how they got in but the webhost company refuses to do an investigation saying it isn't their job to do so. I can't investigate myself either. They just said they'd copy a recent backup to a "new miniserver order" but that could be hacked as well!
The site itself worked no trouble, the hackers were just sneaky and hid a malicious phishing page deep in the Worpress folder structure si I didn't even know they compromised it. No page vandalism or anything.
12th May 2009, 02:49 PM #5
Unless you've downloaded an old plug-in? Or on the control panel they have an outdated fantastico or scriptaculous (whatever they call it).
Originally Posted by CAM
12th May 2009, 03:07 PM #6
Thanks. I'll have words with their MD as a last ditch effort (she used to be a in a gaming group with me hence why I really don't want to drag this through the mud). If nothing is resolved, I'll aim to get a refund.
There was one addon but it was disabled. Image Gallery or something. Since the uploads folder was the target and the uploads/js-cache folder held the malicious page, that might be an answer.
12th May 2009, 08:27 PM #7
Is there anything in the website logs to show how the domain got compromised? You should have access to these either via FTP or your hosting control panel.
12th May 2009, 10:55 PM #8
As I said, they locked it down compeltely.
Hosting control panel, worthless.
Nada, zip, nil. Just an external EMail address I have I can use to contact support (and cant access on my break at work) and a page saying "Account Suspended." I didn't even get an EMail, I had to stumble on it by accident when I tried accessing my EMail and had to initiate the chat with support who have told me "Move to a dedicated hosting solution with no tech support offered." Technically less secure then what they gave me since I have minimal server experience.
12th May 2009, 11:44 PM #9
Can you post use your website address or PM me it?
We should be able to find out the hosting company, sounds to me like they are someone with a resellers package or a VPS with Cpanel installed. Really if someone (public) was able to access /uploads/, they could change the permissions or even remove it, it's not difficult.
13th May 2009, 12:07 AM #10
agree : )
Originally Posted by matt40k
lets have a look who is behind this and see what we can do
13th May 2009, 12:10 AM #11
The company in question is Memset
I was on their 2 year Webhost 1000 Account. They have been a bit expensive but support seemed good up until now.
However, browsing their Support Matrix the cost of fixing something that goes wrong if I do move is high! Far too much to warrant keeping the blog if something happens.
They were good until the site was compromised and 2 days after intiating contact with support (who haven't even told me when the account was suspended) I feel they are just trying to sell me a new server instead of fixing the damage after locking it down far too much. "Blah blah the server cant take all the extra traffic from spam and we are being threatened with closure" etc etc etc.
The site is www.ssib.co.uk but chances are, LEAs are now blocking it due to anti-phishing services blacklisting my domain.
I've also been with them since 2007 no hassle apart from denying me shell access and having to ask them to delete some folders after permission trouble.
13th May 2009, 12:23 AM #12
Prices seem too cheap.
Windows 2003 license standard £10, web is £8. How can they charge £5? Not even gold partners get it that cheap!
Has an postal address listed
Has a resellers account with tucows.com for domain reg. Appears to be a Ltd company is Surroy.
Colo\rent whatever from dedipower.com, which is (mainly) managed stuff.
Public website seems to only offer VPS really, can't find web hosting (easily)
Personally, cut you loses and move hosts, only thing worth maybe getting is domain name moved to new provider.
On the home page they say KFC is hosted with them, pretty sure rackspace (i suppose kfc too) will be naffed off.
More thoughs in the morning
Read web hosting as py not pm.
Last edited by matt40k; 13th May 2009 at 12:28 AM.
Reason: In need of sleep
13th May 2009, 01:15 AM #13
Dam you matt your too quick for me lol
The company look like a total waste of space to me i would just move away if you can.
Do you have a backup of your site so you can restore it on another sever? if not maybe give them an email and ask if you can just take a backup of the site.
I'll send you a PM might be able to help you out though.
13th May 2009, 01:58 AM #14
I can sort you out with some free *tempory* hosting if you like (a donation through paypal would be nice), PM me with what your site requires in bandwidth/space/databases/email and I'll let you know.
13th May 2009, 09:54 AM #15
Muliple virtual installations on one physical server ??
Originally Posted by matt40k
IIRC one 2003R2 license can be installed four times on one server.
By GrumbleDook in forum Virtual Learning Platforms
Last Post: 3rd May 2009, 10:23 PM
By TechSupp in forum Internet Related/Filtering/Firewall
Last Post: 20th February 2009, 10:27 PM
By sgknowler in forum Web Development
Last Post: 30th April 2008, 01:51 PM
By mark in forum Web Development
Last Post: 1st May 2007, 06:09 PM
By beeswax in forum Web Development
Last Post: 25th February 2007, 04:59 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)