Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Page 1 of 2 1 2 LastLast
Results 1 to 10 of 13
  1. #1
    WDF Staff m3n0tu18's Avatar
    Join Date
    Jul 2011
    Location
    Devon, UK
    Posts
    1,473
    Member #
    28473
    Liked
    265 times
    Just so you are all aware, a new hacker has come into play around the area. It has pretty much hacked all of my domains, damn JUSTHOST! Why can they never get anything correct. Please be aware of this.
    George Dolidze likes this.
    If you like my comments to your thread please click the LIKE button

    Check out my portfolio: Here!
    View my company Facebook Page
    View my company Website

    <<Plrease ignoer my typo's I have isdexlyia>>

  2.  

  3. #2
    WDF Staff m3n0tu18's Avatar
    Join Date
    Jul 2011
    Location
    Devon, UK
    Posts
    1,473
    Member #
    28473
    Liked
    265 times
    UPDATE: The hacker, replaces your index.html with their religious one, so unless you have a backup it can be a nightmare to restore. An JH Agent sent me this information. Hope it is some use to those looking to securing their websites:

    AGENT: Here is some information on securing the sites from hackers:

    I am sorry to hear about the issues you have been having with the security of your site. While we actively monitor our servers in regards to cPanel and billing security, we do not actively monitor every single site posted by our customers for optimal security coding. As security flaws can be contained in a vast number of PHP, MySQL, or AJAX functions, the job of securing an individual site lies on the shoulders of the web-developer/client themselves, since scanning one account for security flaws is laborious, let alone multiple hundred servers full of accounts.

    Unfortunately we do not know what script was hacked. Because this is all 3rd party code, we can not go through the account & secure it as we do not know what should & should not be on the account. If you desire, we can check to see if an account restore point is available that is previous to the inception of this issue. Please let us know if you would like a list of available restore points. If that is not acceptable, however, you would need to secure your site either yourself, or with the help of an independent web developer, as we do not provide individual site security scanning/removal services.

    There are quite a few things you can do on your end to troubleshoot, fix, and prevent these types of vulnerabilities in the future. Here is a security checklist that you can review which can greatly help secure your account sites:

    1. Change the Admin Email on your account.
    2. Change the Password on your account.
    3. Change the Credit Card on file on your account.
    4. Update and apply any patches, upgrades, or updates that the 3rd party vendor or web developer of your scripts may have available.
    5. Fix any loose file permissions (this may be the most common exploit vulnerability)
    6. Delete all non-system Ftp Accounts that were created, or at the very least, change the passwords to the FTP Accounts.
    7. Remove any Access Hosts by clicking the "Remote Mysql" icon and clicking the Remove Red X by each entry if there are any entries.
    8. Check your scripts for any Header Injection attacks, Sql Injection attacks, Cross-Site Scripting attacks, etc., as well as your php.ini file settings.
    9. Check your home/work computers for any viruses, trojans, or keyloggers.

    Please also review these links for great tips about securing your account:

    http://www.stopbadware.org/home/security
    http://25yearsofprogramming.com/blog/20070705.htm
    http://phpsec.org/projects/guide/1.html#1.1
    http://googlewebmastercentral.blogsp...-now-what.html

    There are sites that you can use to try to watch your websites to make sure that they remain clean:

    http://wewatchyourwebsite.com
    http://safeweb.norton.com/
    http://sucuri.net/?page=scan

    If your scripts are infected, you may want to rollback to the last good snapshot backup of your account. If your backups are also infected, then you may want to consider having us reset your account to start afresh.
    George Dolidze and shovenose like this.
    If you like my comments to your thread please click the LIKE button

    Check out my portfolio: Here!
    View my company Facebook Page
    View my company Website

    <<Plrease ignoer my typo's I have isdexlyia>>

  4. #3
    Unpaid WDF Intern TheGAME1264's Avatar
    Join Date
    Dec 2002
    Location
    Not from USA
    Posts
    14,483
    Member #
    425
    Liked
    2783 times
    If it's what it sounds like, I've actually seen this hack before. Was it a page on a black background where "I" Slammed other religions? If so, it's a WP hack.
    m3n0tu18 likes this.
    If I've helped you out in any way, please pay it forward. My wife and I are walking for Autism Speaks. Please donate, and thanks.

    If someone helped you out, be sure to "Like" their post and/or help them in kind. The "Like" link is on the bottom right of each post, beside the "Share" link.

    My stuff (well, some of it): My bowling alley site | Canadian Postal Code Info (beta)

  5. #4
    Banned
    Join Date
    May 2011
    Location
    Fairfax, CA
    Posts
    2,036
    Member #
    28003
    Liked
    126 times
    Please go to webhostingtalk.com and search for "justhost hacked"

    Anyway, I don't know what sort of things you were running on your account but there are so many WordPress exploits out there, even for the latest version 3.4.2 it's not even funny.
    Of course, do follow the advice of people that say to use as few plugins and themes as possible, to make the security as good as possible.

    Also, if you do have multiple websites on one hosting account, keep in mind that if one script or one installation of WordPress on the account is compromised, then the other installations of WordPress can be hacked too, easily. That's the downside to add on domains in one cPanel account.

    I would recommend either reseller hosting, so you can manage multiple websites each with a seperate cPanel account. So if one is hacked the others are still safe. Of course, a server-wide issue would get all accounts regardless...

    And ALWAYS make sure your WordPress, Joomla, Drupal, are updated! And plugins and themes are updated!
    Also make sure if you use a theme with the timthumb.php that you've made sure it's patched!
    Alanna Baxter likes this.

  6. #5
    WDF Staff m3n0tu18's Avatar
    Join Date
    Jul 2011
    Location
    Devon, UK
    Posts
    1,473
    Member #
    28473
    Liked
    265 times
    Quote Originally Posted by TheGAME1264, post: 242185
    If it's what it sounds like, I've actually seen this hack before. Was it a page on a black background where "I" Slammed other religions? If so, it's a WP hack.
    they managed to do it on my static, non-cms'd miwebdesign.co.uk, and dolidzedesign.com too... So not sure its the same thing there. But yes, he was slamming other religions etc..
    If you like my comments to your thread please click the LIKE button

    Check out my portfolio: Here!
    View my company Facebook Page
    View my company Website

    <<Plrease ignoer my typo's I have isdexlyia>>

  7. #6
    WDF Staff m3n0tu18's Avatar
    Join Date
    Jul 2011
    Location
    Devon, UK
    Posts
    1,473
    Member #
    28473
    Liked
    265 times
    To follow up, please see attached screenshot of what my sites were hacked with.
    Attached Images Attached Images
    If you like my comments to your thread please click the LIKE button

    Check out my portfolio: Here!
    View my company Facebook Page
    View my company Website

    <<Plrease ignoer my typo's I have isdexlyia>>

  8. #7
    Unpaid WDF Intern TheGAME1264's Avatar
    Join Date
    Dec 2002
    Location
    Not from USA
    Posts
    14,483
    Member #
    425
    Liked
    2783 times
    That's different than the one I've seen.ash.png
    m3n0tu18 likes this.
    If I've helped you out in any way, please pay it forward. My wife and I are walking for Autism Speaks. Please donate, and thanks.

    If someone helped you out, be sure to "Like" their post and/or help them in kind. The "Like" link is on the bottom right of each post, beside the "Share" link.

    My stuff (well, some of it): My bowling alley site | Canadian Postal Code Info (beta)

  9. #8
    Senior Member Webzarus's Avatar
    Join Date
    May 2011
    Location
    South Carolina Coast
    Posts
    3,322
    Member #
    27709
    Liked
    770 times
    Actually not a WP hack at all, it uses open permissions and a post command to get access... Places a single PHP file on the server that creates a "index.html" file ( which is usually the highest priority file name on most servers ), so if you've got anything else... Index.php, index.asp .... Just by dumping the index.html file on the root of the site , that's what the site displays.

    Look in your lot files... You'll see several head request for a multitude of file names... Then you normally only see 1 post command... But they are not calling a page on the server... Only servers that someone has left the "write" permission open will accept the post... Basically dumps a file on the server, if successful, they call that file and delete the index.html if it exist, if it doesn't they just create a new one, and let the server priorities take over.

    Script kiddies use this as a prelim, see if anyone notices and or fixes the site... If not, a few days later, they come back and try a full attack to take complete control of the web site.

    If they get control, the site quickly gets dumped into a series of spam and fishing servers and the emails start flying...

    What you have seen so far is just all done by a BOT that is making request on thousands of sites per hour, once they find a host that is susceptible, they start banging away at every site on the same servers, hoping to find more with weak permissions ( allowing a user to leave "write permissions" open for the http protocol ), on the root of the site.

    I actually had a client site hacked by something similar, except the script created an index.html, index.php, index.asp, default.html and default.asp in every folder on the site it could find...

    The site owner had left the "write permissions" open before I had started doing any work for him... Until ingot the server logs from the hosting company showing when he had made the permission changes ( before I took him on as a client ), he was blaming me and threatening to sue me because the site got hacked.

    As ski as I was paid for restoring his site and resetting all his permissions, I told him I could no longer work with him... He was very apologetic, but the damage had already been done, I don't take being accused of "not knowing what I'm doing" very lightly... Had he held his tongue until all the facts were in, perhaps he'd still be a client, but he didn't and he's not.

  10. #9
    Senior Member Webzarus's Avatar
    Join Date
    May 2011
    Location
    South Carolina Coast
    Posts
    3,322
    Member #
    27709
    Liked
    770 times
    And they are using the religious angle to just **** people off, probably came from a script kiddie in Birmingham Alabama.

    But until you see the log files of the server, you just never know.

  11. #10
    WDF Staff m3n0tu18's Avatar
    Join Date
    Jul 2011
    Location
    Devon, UK
    Posts
    1,473
    Member #
    28473
    Liked
    265 times
    How can I locate the log files Web? I asked a JH agent and he said "we dont know how to do that"... I was like what the heck... you guys control the servers!!
    If you like my comments to your thread please click the LIKE button

    Check out my portfolio: Here!
    View my company Facebook Page
    View my company Website

    <<Plrease ignoer my typo's I have isdexlyia>>


Page 1 of 2 1 2 LastLast

Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Search tags for this page

dr sha6h

,
drsha6h
Click on a term to search for related topics.
All times are GMT -6. The time now is 04:35 PM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com