Fledgeling

The index.php page to my blog (hosted on heliohost) has been replaced and the site now opens defaced with text stating; It looks fairly innocuous, but I'd have to be an idiot to assume that they're only doing what they imply they are. Obviously there is no way I'm going to go emailing this...person..., but does anyone happen to recognise this attacker as falling into a particular attack type? In other words, how paranoid should I be about this kind of infestation? I did take the security advice for setting up the wordpress installation in the first place - strong passwords and user names, latest version of WP, minimal active plugins etc, but evidently wasn't quite careful enough. *sigh* I'll be scanning my computer, just in case, and (since I've got recent backups) probably doing a clean install of wordpress with new user-names, passwords and table prefixes, as I can't face searching through all the WP files for hacker-droppings (I can still get into my Heliohost account to delete/amend files directly, so I'm not stymied there). What does concern me, is that as it was a private site, I'd tried to keep it out of the search listings - in fact, searching for the full site address on Google still doesn't bring it up in the first three pages, so I thought I should probably post the issue in the forums, in case it's someone poking through the heliohost subdomains to see who's vulnerable. Apologies it this is the wrong area for this post - it's not really a customer support issue, nor exactly feedback, more a heads-up (and a small whine, as this really wasn't what I wanted to be doing on the last day of my Bank Holiday weekend :-(

Sorry if this is a stupid question. I share an internet connection (though not a computer) with someone else. If they wanted to join Heliohost themselves, would this look as if I was trying to break the single-account-per-user rule? This isn't urgent, as the person concerned is still at the "look around and compare the various hosting providers stage", but I thought I'd better know before touting Heliohost to them as an option (which as a happy Heliohost user I'd otherwise do). It's not a problem - if this would break that rule, I'll just help them find somewhere else. Thanks.