Hundreds of blogs hacked (Update)

[TripleXPrint]

I'm not sure if you recall my thread about a bunch of my WP blogs being hacked a while back. Some people gave some great advice and I can't recall who it was, but they said it was probably something residing in my computer. Whomever said that was correct. I was saving my user/pass as plain text from Filezilla and that's what they were getting their hands on. My websites were never hacked, they just got my FTP info and fucked me up.

If you use any FTP apps, DON'T save your passwords. As much of a pain as it is, manually input it every time. The couple seconds you save by having them in your site manager will only fuck you when you're fixing hundreds of websites.

Thanks for the great info, folks. Most of you guys rock.

[Antonio]

Quote:

Originally Posted by TripleXPrint

I'm not sure if you recall my thread about a bunch of my WP blogs being hacked a while back. Some people gave some great advice and I can't recall who it was, but they said it was probably something residing in my computer. Whomever said that was correct. I was saving my user/pass as plain text from Filezilla and that's what they were getting their hands on. My websites were never hacked, they just got my FTP info and fucked me up.

If you use any FTP apps, DON'T save your passwords. As much of a pain as it is, manually input it every time. The couple seconds you save by having them in your site manager will only fuck you when you're fixing hundreds of websites.

Thanks for the great info, folks. Most of you guys rock.

yeah, that was a problem like ....... three years ago? when was the last time you updated Filezilla, in 1865?

[SIK]

I understand you completely, had one of mine servers with a bunch of wordpresses hacked completely, same method too - stolen passwords from cuteftp.

And yeah, its a MAJOR pain in the ass to fix it all.

Don't know if the hack you had was similar - a malign code fragments added on shitload of files throughout whole wordpress?

I had a programmer friend write me a script that scans and removes the code, he saved me DAYS AND DAYS of cleaning the shit out...

[Optout]

moral of the story: you're retarded.

[Klen]

SFTP for the win.

[Spudstr]

firewalls.. help with this.. on the serverside..

[Jey p]

I had the same issue. SOlved it by installing another ANtivirus.
I know..I should get a MAC :P

[CYF]

Quote:

Originally Posted by KlenTelaris

SFTP for the win.

^^this

[papill0n]

Quote:

Originally Posted by Antonio

yeah, that was a problem like ....... three years ago? when was the last time you updated Filezilla, in 1865?

filezilla is still being exploited

[V_RocKs]

Don't use your browser for anything other than browsing.

[Lint]

Quote:

Originally Posted by KlenTelaris

SFTP for the win.

How does SFTP solve anything if the passwords are stored in plain text?

[TripleXPrint]

Quote:

Originally Posted by Optout

moral of the story: you're retarded.

Here I am on a webmaster forum sharing helpful advice to fellow webmasters and some douche bag decides to call me retarded. Only on GFY. This surfer probably thinks FTP stands for Filipino Tranny Penises.

Sorry for trying to help other webmasters.

[Klen]

Quote:

Originally Posted by Lint

How does SFTP solve anything if the passwords are stored in plain text?

I am not sure is it related to protocol,more likely it's about program,and i use WINSCP.
Here is pass which i just copy pasted from INI file for FTP (support both FTP and SFTP),try to login with it
A35C404C067034C8DEA1F4C57FFEF8733C9959B63E333E3E35 322F3E333E3E35322F72332E3B3A382F6A69682B6A6868E9CE

[pornmasta]

Quote:

Originally Posted by TripleXPrint

If you use any FTP apps, DON'T save your passwords. As much of a pain as it is, manually input it every time. The couple seconds you save by having them in your site manager will only fuck you when you're fixing hundreds of websites.

Thanks for the great info, folks. Most of you guys rock.

Stupid shit
http://en.wikipedia.org/wiki/Keystroke_logging

[TripleXPrint]

Quote:

Originally Posted by pornmasta

Stupid shit
http://en.wikipedia.org/wiki/Keystroke_logging

Ok...let me get this straight. The keyloggers didn't touch my bank accounts, my credit card accounts, my investment portfolios, my business accounts, my domain registrar accounts, my email accounts, my PayPal (and other online payment processors), my Ad words accounts, or any of my social network accounts. Just my FTP info so they could inject malicious content that phishes for ALL THE ACCOUNT INFO I LISTED ABOVE from other people? Please explain how that makes any fucking sense at all!?!? If they had full access to all my personal and professional accounts, why would they have to inject phishing scripts into my websites to gather the same information they had readily available using a keylogger?

I could be missing something, please enlighten me because your logic is as flawed as Courtney Love's face.

[pornmasta]

if i can hack your computer, i can install a keyloger on your computer.
If there is a bug that create a security breach, that's not because you saved your password that makes that this is the problem.

[pornmasta]

anyway do what you want.
If you can type manually hundred passwords, it's up to you...

[TripleXPrint]

Quote:

Originally Posted by pornmasta

if i can hack your computer, i can install a keyloger on your computer.
If there is a bug that create a security breach, that's not because you saved your password that makes that this is the problem.

Actually this is a very known problem with Filezilla. The whole saying, "you get what you pay for" rings true since Filezilla is free. And it's pretty easy to sniff out a keylogger but not a trojan whose sole job is to find a single text file and transmit the contents.

[pornmasta]

Quote:

Originally Posted by TripleXPrint

And it's pretty easy to sniff out a keylogger but not a trojan whose sole job is to find a single text file and transmit the contents.

Do you really know how to code sql ?

[TripleXPrint]

Quote:

Originally Posted by pornmasta

Do you really know how to code sql ?

What does coding in SQL have to do with this conversation? First of all, you don't "code" in SQL and I'm not running WAMP, MAMP, LAMP, or XAMP on my main system I have my FTP software installed. I have a dedicated box for that. Show me one local virus/trojan/logger that infects Windows 7 coded in SQL and I'll show you a retarded kid who's a member of Mensa.

[pornmasta]

Quote:

Originally Posted by TripleXPrint

What does coding in SQL have to do with this conversation? First of all, you don't "code" in SQL and I'm not running WAMP, MAMP, LAMP, or XAMP on my main system I have my FTP software installed. I have a dedicated box for that. Show me one local virus/trojan/logger that infects Windows 7 coded in SQL and I'll show you a retarded kid who's a member of Mensa.

troll alone

[Spunky]

I no understand this mumbo jumbo.give me software to protect

[GAMEFINEST]

Quote:

Originally Posted by TripleXPrint

I'm not sure if you recall my thread about a bunch of my WP blogs being hacked a while back. Some people gave some great advice and I can't recall who it was, but they said it was probably something residing in my computer. Whomever said that was correct. I was saving my user/pass as plain text from Filezilla and that's what they were getting their hands on. My websites were never hacked, they just got my FTP info and fucked me up.

If you use any FTP apps, DON'T save your passwords. As much of a pain as it is, manually input it every time. The couple seconds you save by having them in your site manager will only fuck you when you're fixing hundreds of websites.

Thanks for the great info, folks. Most of you guys rock.

This shit just happend to me

[inabon]

Guess nowadays anyone with 0 computer skills is a webmaster... Time for carreer name change

[BlackCrayon]

easy way to stop wp hacks: change permissions every time you want to edit...

[Internet User]

Quote:

Originally Posted by TripleXPrint

Here I am on a webmaster forum sharing helpful advice to fellow webmasters and some douche bag decides to call me retarded. Only on GFY. This surfer probably thinks FTP stands for Filipino Tranny Penises.

Sorry for trying to help other webmasters.

what helpful advice? you got your PC keylogged and files stolen.

keep your computer secured, cumface, and you won't have these problems.

[Internet User]

Quote:

Originally Posted by inabon

Guess nowadays anyone with 0 computer skills is a webmaster... Time for carreer name change

no shit, lol

hope the OP gets raptured

[marlboroack]

I had one of my Skype accounts hacked by some pissed off Chat Traffic Affiliate not to long ago, i couldn't retrieve the password for the account either. I signed up 2 Skype accounts with the E-mail address and it only sends me the information for the account i don't need. Fuck hackers, though i secretly wish i had powers like that sometimes. Thanks for sharing.

[TripleXPrint]

Quote:

Originally Posted by inabon

Guess nowadays anyone with 0 computer skills is a webmaster... Time for carreer name change

I've been developing websites since 1995 using Frontpage and putting the little Netscape Navigator Wheel on my sites. You're a fucking idiot. Talking shit about people you don't even know, Mr. Internet Tough guy.

And Internet User...suck a dick lady boy.

[HomerSimpson]

I made some posts about not storing passwords in your FTP clients or using secure ones (Total Commander > 7 with master password) or using Portable FileZilla (not installed on default location)...

[Lint]

Quote:

Originally Posted by KlenTelaris

I am not sure is it related to protocol,more likely it's about program,and i use WINSCP.
Here is pass which i just copy pasted from INI file for FTP (support both FTP and SFTP),try to login with it
A35C404C067034C8DEA1F4C57FFEF8733C9959B63E333E3E35 322F3E333E3E35322F72332E3B3A382F6A69682B6A6868E9CE

"dsffdssdf"

[DangerX !!!]

Omg noobs.

[CurrentlySober]

i just use the easy to remember phrase 'ilikepoo' for ALL my passwords!

Impossible to guess !

[inabon]

Quote:

Originally Posted by TripleXPrint

I've been developing websites since 1995 using Frontpage and putting the little Netscape Navigator Wheel on my sites. You're a fucking idiot. Talking shit about people you don't even know, Mr. Internet Tough guy.

And Internet User...suck a dick lady boy.

hey the one hacked was you not me but cool man if you want it to be a dick size contest fine. you win your dick is bigger



but your online security skills still suck