NikeJoshua

nj_gtool nj_progress nj_signatures

Account: nj The databases (all 3) are inaccessible from both php and phpMyAdmin, though still listed in cPanel MySQL Databases. Strangly they are listed with a size of 0 there, while they are most definitely not empty. From secondhand reports, the issues may have started on or even before 27/10/15 (i've been away myself, so can't confirm this part.)

@Bad Wolf: There haven't been any more attacks on my account in the past 5 days. Also, i don't think they actually stole any data or anything as the only things that were affected were the replacement of index.php files.

I haven't noticed any repeat attempts to hack back in after the first 2 times, but just in case they do, here's a possible workaround: Rename your index.php files to default.php In the folder public_html, edit the .htaccess file as follows: DirectoryIndex default.php Anyways, djbob, have you had a chance to check my files yet to see if the vulnerability is on our end or somewhere in the server itself?

djbob, The chmod theory is wrong as well: All files are set: -rw-r--r-- (644) Directories: drwxr-xr-x (755) Also, it seems they have some sort of script running that periodically keeps reuploading their versions of index.php after i replace it with mine. In any event, my site is REALLY basic, it is just 2 small php files (one 9k, the other 19k). Perhaps it could help if you would check those for vulnerabilities? For this i'll give you whatever permission you may need to access my files in any way you see fit. If you prefer i email you the php source files or something, let me know. I think this would be the quickest way to either point out the security flaw, or show that the cause would be server related (It would definitely be easier than going over all the server files...)

djbob, I very sincerely doubt that we were all running the same buggy software, as all that my site contained were own designed php pages. A note of interest is that right before the hack, the entire Heliohost server (including heliohost.org and helionet.org) were down with a Internal server error, and a Cannot connect to server error, which along with the fact that several seeming unrelated accounts were hacked, and that some of the links were non public ones (one of mine isn't shared publicly, pooras was still in maintenance), does lead me to believe the attack was on the server on a whole. For me the sites don't contain any sensitive data, so i really don't mind if this never gets resolved, i can just reupload the correct page each time they change it and be done with it, however, this may not be the case for others, and could seriously hurt the reputation of Heliohost...

No one else knows my password. I doubt that was the issue in any event as no other data was compromised. SQL database was still intact, php files named other than index.php were still intact, no settings were changed, ... There are data entry fields that get processed in php, but as Havoz, all used post variables are encased with htmlspecialchars($var,ENT_QUOTES) or mysql_real_escape_string($var) where applicable...

Ftp access is back up, i replaced the index.php files in the subdirs to the correct ones, but left the one in public_html as is for reference purposes

Seems they replaced all instances of index.php with their own. Can't connect to the FTP server to replace them either. http://nikejoshua.heliohost.org/

It's hard to deny that HelioHost has had it's share of problems in the recent past, but unlike other services, i always feel confident the problems will get resolved here. The reason for that is very simple, the staff here are usually very good at communicating. The only problem atm is that if the server goes down, the boards go down as well, and with that their means of communication. So it pleases me immensely to hear that multiple solutions are currently on the table to help with that. As for the future, i also feel comfortable knowing that the uptime percentage should rise again, as it sounds that many of the latest problems had to do with the recent system upgrade. So once all those child sicknesses have been cured, reliability should be back like it used to be. Anyways, just thought i'd show that some people are still gratefull for the service provided here

You mean actually deleted? Not suspended? Not recoverable? If that's the case i find that rather poor behaviour to be honest, especially since the site was accessible just fine the day before, and there was no prior notice given... I know this is a free service, so i could understand the downtime issues (heck, i even helped getting the Ming library supported again), but a notice should be the least we could expect. Before even considering creating that account again, is there any way to get around that 30day log in thing? Basically my site is a database app, and all input is done from the site itself, so once setup, there's usually no need for me to access the cPanel.

Since i can still access the main site and boards fine, is there a problem with my account? http://nikejoshua.heliohost.org/ If i try to log in to my site, i get the following error: Could not locate remote server Also, the Cpanel no longer recognises my username and password: Login Attempt Failed!

Yep, works like a charm now, thanks a bundle Sorry i couldn't find a clear cut solution, but i hope it at least helped some. And btw, they did mention that the coding error was for Ming version 0.4.2, and that that section could be skipped for 0.4.3

This i think is still based on a pre 5.3 php version, but might be worth a try cause it does not rely on rebuilding php itself, so maybe this may work for 5.3 as well? http://blog.puresoul.org/?p=26 I didn't have any luck finding precompiled builds though...

Indeed, the first source compiles libming, which is the ming backend. This library should be placed in /usr/lib/. Also copy the header ming.h into /usr/include/ The second source should be the interface, but i didn't check through the entire sourcefiles, so a makefile may indeed be missing. I'll keep looking for a solution