escorpio

Anybody else having a problem with this russian motherfucker?

__________________
Unvaxxed, still alive.

Martin3

yeah, was a recent thread in another forum with the same site

__________________
264-543-302

dissipate

Most adult servers lack even basic security measures. It's like shooting fish in a barrel.

SinSational

http://www.gfy.com/fucking-around-and-business-discussion/660506-getting-hacked-2.html

http://www.gofuckyourself.com/showthread.php?t=661811

__________________

ICQ# 273099174 - monthly specials - 2 Month Free Credit on All Plans - 100% Referrals - chris@ for details
Virtual from $14.95/month, Dedicated from $149.95/month
Dual-Core Xeon > 1000GB @ $149.95 | 1500GB @ $169.95 | 10Mbps @ $269.95

Georgio

Yeah I know what u mean....

__________________
Looking for excellent live and/or video content for your memberzone, without upsell?
email:[email protected], icq:406677433, phone:+420-731448309, Or visit xxxtreams.com



24/7 live girls, starting at 99,- / Month EVERYONE GETS A FREE BONUS PRODUCT!!!

escorpio

I've found that out the hard way this past week.

__________________
Unvaxxed, still alive.

Verbal

Do you use Webair?

boldy

One of my servers got it too ..

__________________
MacDaddy Coder.

escorpio

Yes, webair virtual.

__________________
Unvaxxed, still alive.

escorpio

thank you

__________________
Unvaxxed, still alive.

killerkay

damn sucks man

__________________

killerkay

double post er

__________________

Verbal

I've been going back and forth with them and they want me to update ALL of the scripts for my sites ... a list about a mile long.

I'm seriously considering switching hosts. There must be something they can or do. The damn thing keeps coming back everyday. First it was uniqcount

Klen

Try dwhs,they update their servers same moment when exploit or some holle goes out.

escorpio

Same story here. I'm switching now and it's going to be a big fucking pain in the ass.

__________________
Unvaxxed, still alive.

Devilporn

Does someone know if it has anything to do with Wordpress?

__________________

Gillespie

How are they getting in? Please post your /var/log/messages

__________________
Blue Design Studios
My choice for web design.
Click this to see why.

Get a REAL host. Try JaguarPC.

294-659-259

boldy

For me they just walked in using a ssh account. No failures or anything, 1 guess and they were in. I passed this account to 1 person only. I'll investigate more before i start drama

__________________
MacDaddy Coder.

emthree

Drama time. I ALSO HAVE BEEN "HACKED" by megacount.net
It's on a webair virtual account. I ONLY RECENTLY installed wordpress onto this domain, less than a week ago.

__________________

emthree

Someone get webair in here.

__________________

madawgz

hire someone to ddos him...2c

not me ;)

__________________
TAEMDLRMSKRJIXMRLSMRJ.

Devilporn

Contact them directly, you'll have better results

__________________

emthree

Question to the people who got hacked: Do you guys have ABP installed?

__________________

Dveron

Sounds like Webair need to update their shit

__________________
Adult Comics Club - Updated Bi-Daily. 60% Recurring Payouts. Exclusive Comic Content.

emthree

Not really. I've seen the chat log with RobV.
This is something effecting a lot of their customers. They need to address it publicly.

__________________

JOHNNY_BUTTHOLES

it's all over my sites. two wordpress blogs i noticed first. but then i noticed it on regular sites with no scripts.

i'm on realitychecknetworks NOT webair.

__________________

Devilporn

You still have nothing to lose contacting them directly to take care of your own case...that's what we did today to get our own tgps fixed.

__________________

emthree

This is pretty crazy. Does this mean the person has full access to our ftp files?
My sites are setup to use phpinclude to attatch the footer(s) onto my pages. This person found both my footer .html files and inserted the code into both. WTF?

I was going to upgrade to a webair dedicated for these sites too. I guess I have to look elsewhere now.

__________________

emthree

__________________

Superterrorizer

You are going to switch hosts because you didn't keep your scripts up to date and your out dated insecure scripts are being exploited? Unless that service is part of your contract or SLA it's YOUR responsibility to keep your scripts up to date, not your hosts.

While many potential security threats both known and unknown can be blocked, many cannot. If your server gets hacked via an exploit in the OS or an application (apache, php, mysql, etc) then it's your hosts fault (Unless you are unmanaged/colo). If one of your sites gets hacked/defaced due to you not keeping your scripts up to date, it's your fault.


Switching hosts isn't going to magically update all your scripts and fix your security problems.

JOHNNY_BUTTHOLES

this thing hit two of my wordpress sites that are running the very latest version. the other sites are not running any scripts. it attached itself to a regular footer that spanned by site.

__________________

emthree

I agree with you. However I believe the problem is webair itself.
I only added wordpress onto this site less than a week ago. It is using the latest version of WP and it was installed in a SUBFolder. My SUBFolders with wp were not compromised, it was my site's index.

__________________

emthree

Question: are you guys running google analytics?
It inserted itself right below my analytics code.

__________________

JOHNNY_BUTTHOLES

nope. this thing is installing itself on regular PHP files.

__________________

HunkyLuke

switching hosts does NOT have to be painful as long as your new host is knowledgeable and is willing to help you out. Generally speaking, we set aside 1 full day to help clients by doing content moves, re-jigging scripts/htaccess files/etc with new path info, setting up and importing databases, recreating mail accounts, etc...

good luck with your new choice, whoever they may be!

cheers,
Luke

bigalownz

i got the same problem on one of my other sites

its with revsharehosting and i got nothing on the site at all

just a blank page

__________________
$100 free credit for all hosting needs

marketsmart

webair should be protecting you, unless its software you use on your site thats not owned by webair

emthree

BUMP - Did anyone contact wordpress?

__________________

emthree

Did/do you have wordpress installed on that site?

__________________

JOHNNY_BUTTHOLES

you have to go though every one of your files and look for the iframe code. delete it and change the permissions to read only. i had to do this with every one of my sites today

__________________

DateDoc

not just a wordpress issue: http://www.gfy.com/fucking-around-and-business-discussion/662468-martina-warren-trojan-site.html

__________________

RobV

Webair and I are still bouncing emails. They haven't notified me of anything changed or any issues they see with my site.

The most recent email I recieved from them just said:
########## Begin Message ##########

Are you sure ALL version of wordpress were updated BEFORE this last occured. Even if 1 site was running an older copy, other sites could have easily been modified since they're on the same account. Please advise.

Thanks,

And for the ........blah time I just had to answer, YES.

Ill keep anyone who is interested updated.

__________________
ICQ: 619221

emthree

I spoke to them earlier. Since i've ONLY been running the newest version of WP on that virtual account, they say it must be an unpatched hole. We need to take it up with WP.

__________________

Gillespie

Are you absolutely sure that they're getting in through WP? I've looked at their forums and didn't see a single hacked thread in the first two pages.

__________________
Blue Design Studios
My choice for web design.
Click this to see why.

Get a REAL host. Try JaguarPC.

294-659-259

JOHNNY_BUTTHOLES

have you gone through all of your template files to see if the iframe code is on there?

__________________

emthree

That's the same thing I said to the tech. I checked the forums and google before I contacted them. He insists that it's a WP Hole. He says it shows nothing on my logs. I dont know who to believe.

__________________

Gillespie

Do you have access to your /var/log/messages file?

__________________
Blue Design Studios
My choice for web design.
Click this to see why.

Get a REAL host. Try JaguarPC.

294-659-259

emthree

Yes, it was inserted into both of my footer files.
bottom1.html and bottom2.html

__________________

RevSand

This does not seem to be a webair OR wordpress issue since I also have been hit and do not use either...

__________________

chaze

There is several ways a account can be hacked, If it's web air then other accounts would be hacked and the server would be taken offline. Once a server is hacked from root it's toast.

They couldn't risk running it if it was the server.

Most likly some php somewhere on your site, maybe even with your pasword.

I would love to tell you otherwise and to switch over to us but php is a hackers playground and has to be carefully watched.

On the other hand there is additional security to detour hackers like removing telnet and trace route whois details. Makeing apache look like it's not running from a basic ping and ect.. brute force protection might help too..