Search the Community

Hi, I'm quite new at Heliohost, I created my account a few weeks ago. I created my first website, based on latest wordpress 3.4.2, without any additional plugins. I added just a few test themes, added some notes, and I didn't published the website's address nowhere yet. Yesterday (22nd of Nov, at 19:26 to be precise), my main index.php was deleted and replaced by index.html, containing some turkish video on YT, and words "Rea_pErz Was Here". Also the hacker added wordpress theme "This Is Rea_pErz's Shell", written in PHP (of course, I downloaded the files and deleted from the account immediately after). Now, I'm starting to reinstall wordpress and database, change passwords, check all my computers against trojans and viruses, etc. I found, that there was such case on heliohost before - see http://www.helionet.org/index/topic/12493-wordpress-blog-hacked-by-rea-perz/ I have several thoughts on that: - I know that website stats are disabled, but can I access some apache logs? Perhaps I could find out, how someone managed to hack my website? - My password was of medium strength, but it wasn't dictionary word. I guess, that hacker managed to enter the site by some SQL Injection rather, than by password guessing. - how can I protect myself against such attacks, apart from not using plugins in wp, having strong passwords and making backups? - I wonder, how the attacker got address of my website - it was parked domain, made from SeveralConcatenatedPolishWords.pl - there is very small chance someone just guessed the name. - I tried to use user_logs ftp account, to see if I can access some logs, but server dropped the connection with message "home directory not found". I also see, that /var on stevie is 99% full. - I know I have unpaid account, but can I make support request out of this? Such cases can influent more people than me - the hacks could be because of my misconfiguration, but also because of some features of heliohost. I'm not blaming anyone, just I am thinking what do do next.

Hello, I'm back with a new problem. It seems that some lame-ass hackers wanted to mess up my site, injecting a some code for all the pages on my website. Take a look: http://revista-floyd.tk/ Thankfully, I got my Wordpress account back (with a changed username, I think they got into the database) and all my posts are where they should be. However, the home page (and every other page) display the message "Hacked by Valiant. Greetz: war0k" So I searched their names on the Internet. I couldn't find much about Valiant, but it seems that war0k's got some reputation. Looking at the sites he hacked, I think he's Indonesian. Also, it seems that he is part of a hacking group, named Ponorogo. I even got his email: emailwark@gmail.com . I wonder, why would someone want to hack our innocent website? I mean, we are Romanians, talking about rock music, sharing our own opinions about new albums/songs/stuff. Why would someone find something wrong with that? (many websites he puts down are talking about Indonesian politics/stuff like that, like this one: http://indonesiandefacer.org/ ). I took a look at my index.php file and it seems that he replaced it all with this: <! --- Generated by HN Deface Page Maker [ http://hacker-newbie.org ] --- > <html> <head> <link rel= "SHORTCUT ICON"href="http://i.mynicespace.com/1/152.gif"> <title> Hacked by Valiant </title> </head> <body bgcolor=#000000> <body oncontextmenu='return false;'> <br><center><img src=http://www.banklawyersblog.com/.a/6a00d8341c652b53ef017615ff8a0b970c-800wi></center> <br><center><font color=#F00000 face="Arial" size="5">Hacked by Valiant</font> <br><center><font color=#F00000 face="Arial" size="3">Hey Admin Patch Your Site !</font> <br><br> <br><center><font color="White" face="Arial" size="2"> Greetz : War0k </body> I feel kinda stupid for letting someone hack me using a generator... Would replacing the index.php with the original WP one work? If not, what other options do I have? Am I screwed? One last thing: I am not scared. Not at all. I am as calm as I can be. I know there's gonna be a way out of this. Never mind, it was way easier to recover than I thought, they simply replaced the original index.php with theirs, but please keep this thread open so we can discuss further on this subject. Why did they want to put my site down?

IN ENGLISH: I'm tired ... My site is hacked constantly. First for "Black Boy", which changed my index. Now for someone I redirected the site to http://www.ma-foreex.us/pub/ I'm really tired, I find no way to fix this situation. After two hacks I changed the password of my host. I can think of alternatives, this is frustrating and tiring. Why me? I need urgent help! EN ESPAÑOL: Estoy cansado... Mi sitio es hackeado constantemente. Primer por "Black Boy", que cambiaba mi index. Ahora por alguien que me redirige el sitio a http://www.ma-foreex.us/pub/ Estoy cansado de verdad, no encuentro manera de arreglar esta situación. Tras dos hackeos cambié la contraseña de mi host. No se me ocurren alternativas, esto es frustrante y cansador. ¿Porqué a mi? Necesito ayuda urgente!! User: cb Web: www.carnavalboquense.com.ar