HACKED! by megacount.net
 

Anybody else having a problem with this russian motherfucker? :mad:

yeah, was a recent thread in another forum with the same site

Most adult servers lack even basic security measures. It's like shooting fish in a barrel.

http://www.gfy.com/fucking-around-and-business-discussion/660506-getting-hacked-2.html

http://www.gofuckyourself.com/showthread.php?t=661811

Yeah I know what u mean....:winkwink:

I've found that out the hard way this past week. :(

Do you use Webair?

One of my servers got it too .. :(

Yes, webair virtual.

thank you

damn sucks man :(

double post er

I've been going back and forth with them and they want me to update ALL of the scripts for my sites ... a list about a mile long.

I'm seriously considering switching hosts. There must be something they can or do. The damn thing keeps coming back everyday. First it was uniqcount

Try dwhs,they update their servers same moment when exploit or some holle goes out.

Same story here. I'm switching now and it's going to be a big fucking pain in the ass. :mad:

Does someone know if it has anything to do with Wordpress?

How are they getting in? Please post your /var/log/messages

For me they just walked in using a ssh account. No failures or anything, 1 guess and they were in. I passed this account to 1 person only. I'll investigate more before i start drama

Drama time. I ALSO HAVE BEEN "HACKED" by megacount.net
It's on a webair virtual account. I ONLY RECENTLY installed wordpress onto this domain, less than a week ago.

Someone get webair in here.

hire someone to ddos him...2c

not me ;)

Contact them directly, you'll have better results

Question to the people who got hacked: Do you guys have ABP installed?

Sounds like Webair need to update their shit

Not really. I've seen the chat log with RobV.
This is something effecting a lot of their customers. They need to address it publicly.

it's all over my sites. two wordpress blogs i noticed first. but then i noticed it on regular sites with no scripts.

i'm on realitychecknetworks NOT webair.

You still have nothing to lose contacting them directly to take care of your own case...that's what we did today to get our own tgps fixed.

This is pretty crazy. Does this mean the person has full access to our ftp files?
My sites are setup to use phpinclude to attatch the footer(s) onto my pages. This person found both my footer .html files and inserted the code into both. WTF?

I was going to upgrade to a webair dedicated for these sites too. I guess I have to look elsewhere now.

You are going to switch hosts because you didn't keep your scripts up to date and your out dated insecure scripts are being exploited? Unless that service is part of your contract or SLA it's YOUR responsibility to keep your scripts up to date, not your hosts.

While many potential security threats both known and unknown can be blocked, many cannot. If your server gets hacked via an exploit in the OS or an application (apache, php, mysql, etc) then it's your hosts fault (Unless you are unmanaged/colo). If one of your sites gets hacked/defaced due to you not keeping your scripts up to date, it's your fault.


Switching hosts isn't going to magically update all your scripts and fix your security problems.

this thing hit two of my wordpress sites that are running the very latest version. the other sites are not running any scripts. it attached itself to a regular footer that spanned by site.

I agree with you. However I believe the problem is webair itself.
I only added wordpress onto this site less than a week ago. It is using the latest version of WP and it was installed in a SUBFolder. My SUBFolders with wp were not compromised, it was my site's index.

Question: are you guys running google analytics?
It inserted itself right below my analytics code.

nope. this thing is installing itself on regular PHP files.

switching hosts does NOT have to be painful as long as your new host is knowledgeable and is willing to help you out. Generally speaking, we set aside 1 full day to help clients by doing content moves, re-jigging scripts/htaccess files/etc with new path info, setting up and importing databases, recreating mail accounts, etc...

good luck with your new choice, whoever they may be!

cheers,
Luke

i got the same problem on one of my other sites

its with revsharehosting and i got nothing on the site at all

just a blank page

webair should be protecting you, unless its software you use on your site thats not owned by webair

BUMP - Did anyone contact wordpress?

Did/do you have wordpress installed on that site?

you have to go though every one of your files and look for the iframe code. delete it and change the permissions to read only. i had to do this with every one of my sites today :(