Quote:
Originally Posted by pamon
So I woke up Saturday to see a bunch of our wordpress sites taken over by a turkish hijacking page. Who knows how they got it, but all pages hosted at m3server. We put in a support page on Saturday, it's now Monday with several sites still down, and all they say is we manage the servers not the sites. I use hawkhost on several other adult sites and have had no problems, and running new with m3server. I know wordpress has its issues and security issues, but not a happy camper with m3server. might be time to move them and tighten up wordpress sites a little more closer now.
|
I don't really see why you are upset at m3server. Wordpress itself is not insecure as long as you keep it up to date, but often the plugins/extensions people use because they treat wordpress like some magical swiss army knife. It's a blog script, it's not an online store, a tube, a cam script and everything all in one.
It's not your server that got hacked, it's your wordpress installation. You are hiring m3server as managed hosting. They are there to manage your server, not to maintain your websites as you wrote. They are not programmers, and they don't do penetration testing of web applications. They are server admins.
What were you expecting them to do? The most they can do is restore from backup, but at this point it's not even people hacking wordpress sites - it's just bots. Without patching the hole, it would just get hacked again in a couple of days at most.
The exact same thing would have happened hosting anywhere else. If it hasn't happened at hawkhost, it's either because you aren't using the same plugins or versions of plugins on those sites and don't have the security hole, or you are just lucky and bots haven't stumbled apon your sites there yet.
What you REALLY need to do is make sure your wordpresses and plugins are up to date, and if it's still getting hacked after that hire a programmer or pentester to find the hole and patch it.