dream11

so in your case the login details where in a third party server, but does that means in your case the login url was still xxx.com/wp-login.php ? maybe access to the login URL is a must for the bug to take efect, even if the way the manage to join is bypasses ese real login data

any of the people hacked had the default /wp-admin or login.php changed so they can't be accessed ? or you all like me had the default URL setting to login access wondering if this bug also affects on wordpress installs that had this feature ofuscated for better security

i see, well, i can't use another CMS right now because the plugin i use to connect to another company is not available for a lot of platforms, well it is, but the rest are payment platforms, shopify, bigcomerce, bigcartel, ecwid...blablabla, anyway thnks for response

i have been trying wordpress on tommy but usually i feel like the server is pretty slow on response, usually even more when something has to be modified in the database, sometimes its talkes like minutes to response, until it finally writes the cahnges, the page doesn't load specially faster neither, i wiped all the content and made a fresh install with a lightweight theme, i use very very simplistic website, but still load considerably slow, since other sites i loaded with plain html usually loads quite well, might be a database related problem? maybe there is some bottleneck or so, but its for sure the connection to the db fails eventually like 30 to 60 seconds,

google and youtuber tutorials are your best friend

i downloaded the ofuscated shell file and avira started to scream, its not possible to install some antivirus in the server so php file shells can't be hosted ? that might help ?

i just found cpanel also accepts 2FA, i know that would not had helped a lot if someone success to install a php shell over a wordpress bug, but enabling it, would had helped to avoid a cpanel password change? or even access to other website in the same host? like they did, since i found the leafmailer also inside a second website i have in my account, and its not made with wordpress, just wondering if the way they used to change the cpanel password might had been done in such way a 2FA would had made no difference,

but, does that explain the fact they were able to change cpanel passwords? if they can compromise any clean wp up to date, then looks like makes no sense restoring any backup or just make a site again on wp until someone identify the actual bug,

i fail to understand how a compromissed wp account can be "extended" to other wp accounts, might be related to a softaculous issue? i did use it to install wp, and i remember over softaculous its possible to access to wp-admin in a single click, dont know if there might be any correlation, same server... and lot of updated wp accounts... they all must have something in common

has the culprit been identified already? we know its not a plugin we all were up to date on wp we all got the cpanel pass compromised too i dont want start over from zero if i can't identify the culprit, a server issue? two 0 day that allowed first to access to wp then scalate to the cpanel?

mines are those, but not all are enabled anyway, just installed and as far as i see, we dont share a single one right now

my cpanel pass was not the same used on wordpress admin,

how can they change the Cpanel password with a wordpress bug? is that possible?

what you mean with nuke? delete all content from public_html? i end up changin the nameservers to avoid access from the URL but it might take some time to update... need to know what was the bug, i mean, maybe a plugin we all have in common? started to deactivate most plugins i have, how to know the compromised plugin if its that the problem? might be a wordpress zero day? i am so puzzled

he is even playing with my wp! he changed the slogan, OMG...

i am out the server again, that sucks, i have my wordpress up to date, must be a plugin? argh

*** account was hacked thanks

done, sadly, i dont have backups as far as i remember

thanks, to you looks like a wordpress hack or a server hack? the fact they changed the cpanel scared me a bit, since they have access to do anything

and what are the changes made at php.ini and index.php ? i can delete the other files, but dont know what changed were made on the ini and php, the other two new fles, one is a password protected php mailer, and the other one is crypted shell access, this has been clearly made for phishing,

same problem there, tried to open the cpanel, no luck, i know the pass was correct so i didn't reset it, few minutes later, i can't even try to login, and none of my websties loads, problem was the server blocking my ip for try too much, now i reseted the cpanel password, and i can't login to WP, they also reseted the wordpress login, to username was changed to "AnonymousFox" what a shame, you have a shop and they can reset the paypal account to get the payments, and download all your clients data, so what if you reset it back? they can still make it happen again if the bug is not patched

how do i change the primary domain at toomy? it appears as a heliohost subdomain, and i want to point my .com should i add my domain as an "addon domain" in the cpanel? thats the way must be done? or i can just modify the primary domain ? i dont find any option thanks

thnks all for your support and wonderful hosting

okey no problem, please send the invitation to this mail <removed> thanks

i already received an invite to the paypal account i used, i need the invite to be sent to another mail, the one i posted, should i post it again then?