|
not just a wordpress issue: http://www.gfy.com/fucking-around-and-business-discussion/662468-martina-warren-trojan-site.html
|
Quote:
The most recent email I recieved from them just said: ########## Begin Message ########## Are you sure ALL version of wordpress were updated BEFORE this last occured. Even if 1 site was running an older copy, other sites could have easily been modified since they're on the same account. Please advise. Thanks, And for the ........blah time I just had to answer, YES. Ill keep anyone who is interested updated. |
I spoke to them earlier. Since i've ONLY been running the newest version of WP on that virtual account, they say it must be an unpatched hole. We need to take it up with WP.
|
Are you absolutely sure that they're getting in through WP? I've looked at their forums and didn't see a single hacked thread in the first two pages.
|
Quote:
|
Quote:
|
Do you have access to your /var/log/messages file?
|
Quote:
bottom1.html and bottom2.html |
This does not seem to be a webair OR wordpress issue since I also have been hit and do not use either...
|
There is several ways a account can be hacked, If it's web air then other accounts would be hacked and the server would be taken offline. Once a server is hacked from root it's toast.
They couldn't risk running it if it was the server. Most likly some php somewhere on your site, maybe even with your pasword. I would love to tell you otherwise and to switch over to us but php is a hackers playground and has to be carefully watched. On the other hand there is additional security to detour hackers like removing telnet and trace route whois details. Makeing apache look like it's not running from a basic ping and ect.. brute force protection might help too.. |
Quote:
|
Quote:
I bet the guy behind it all, is reading this and laughing at us. |
Quote:
How about you? What happened when you removed it? |
Have you host run a rootcheck kit on your account, there may be backdoors still. Also have them to a search for that name in all your files from the command line.
|
Quote:
i'm not on webair either. |
Quote:
nothing at all no scipts etc just plan text i deleted the page and put a new one up and a few days later it was back i notice it only went on to index.html |
:Oh crap
|
Quote:
This guy/gal has it just about right. I work for a hosting provider and I've had to deal with this the past few days. Anyhow - here is a TIP: STRONG PASSWORDS it looks like your "hacker" is harvesting passwords (most likely insecure and very weak ones at that) and so far - the offending IP appears as (i've seen the same IP on 2 servers so far): 12.219.246.180 Ask your hosting provider (if you don't know how) to block all access from that IP and change ALL passwords on your system. |
looks like Naughty america has had the problem too
there my friends hot mom members area has it too now looks like its a big problem for all |
Some say its a hole in PhP itself, other say its in cpanel. in any case its = root access
|
I have like a 25 char pass for my root account. All letter, numbers and punctuation marks, mixed caps, etc...
I hope I'm safe. :P |
Quote:
|
Yeah, I know. I just updated everything as soon as I started seeing these threads in other boards a week and a half ago, so I hope I'm clear.
|
|
Woot! I was clear anyway =)
|
Seems I got hacked today..
Would like if someone could shed some light on this on how they got in.. icq 66883099 |
Quote:
http://www.securiteam.com/unixfocus/6R0030UH5W.html http://www.securiteam.com/unixfocus/6M00315H5S.html Im my case (webair hosted) it was through cpanel |
Jupiter is looking into it now.
Not sure how he got in.. Looks like he just walked right in by logging in with a password. |
I noticed this on one of the sites I had a hardlink trade with this morning. Bad news.
|
Quote:
that is what happends when your password is: From The Nectar Of The Bone Flows All That Clicks |
Quote:
|
Quote:
Let us know what Jupiter says though. |
just a qestion
do you use awstats ??? |
bump for a fucking solution. got hit again just now
|
theyve been hitting everyone lately
|
ne1? ne1?
|
Most of you probably didn't even clean your sites so they don't even need another access.
|
erased the virus and changed my password ... haven't had a problem since
|
any proofs
|
Quote:
|
| All times are GMT -7. The time now is 06:22 PM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc