Jump to content

Recommended Posts

  • Replies 54
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

Posted

Causing high server load. 370% more cpu than #2, and 118% more memory than #2.

 

You're suspended for SEVERE high server load, likely caused by Wordpress. We highly recommend not using Wordpress because it's very poorly coded and notorious for causing high load. Your Wordpress install basically caused tommy to go down. There are so many better CMSes out there anyway...just about anything else is better than Wordpress.

 

I'll let Krydos decide how he wants to handle this. He can also confirm that it was WP that caused it.

Posted (edited)

I didnt change anything, i use same theme and plugins for a long time and everything was ok. Im aware of that wordpress is weak that is why i do not experiment and add new plugins or theme (always use the same that for years that showed that are safe)... But anyway... I want to ask you what u think about the thing i already told u. Last night i was unable to login in my heliohost cpanel. After changing my password finally i entered my cpanel. Why was that? And this suspension comes right after that. Im really confused. 

 

Also after u made to log in, i did a virus scan and everything was ok. 

Edited by sofija
Posted

A whole bunch of accounts with WordPress on them got hacked yesterday. They're getting in through WP, then comprise cpanel from there (if I had to guess, people use the same password for cpanel as for the compromised Wordpress install, so they just guess) and change the password.

 

These guys have the same issue with hacked WP and their cpanel password not working following the hack: https://www.helionet.org/index/topic/33536-invalid-login/

 

So far, there are no reports of non-WP accounts being compromised, so it seems to be the typical WordPress security issues to blame here.

Posted

yes i had the same problem, i never change my pass or user and yesterday when i tried to log in i had that same error. Invalid user. I changed my password with my email and i log in with my email and the new password, cause i was unable to log in with my user name and my new pass. Do u have a chance to see what is the new user name. My old is "metal" if is changed will be something else.

Posted (edited)

You can look in the user table of WordPress's database for the username and email address. You should be able to change the username and email address to yours, then reset the password for WP.

 

If I had to guess though, I suspect you'll find the username is going to be "AnonymousFox" since that's what 2 others have reported it being...

 

EDIT: It's AnonymousFox...same as the other hacked accounts. Found in the wp8v_users table...

Edited by wolstech
Same hacker :-\
Posted

You can't due to the suspension right now. I'm going to leave it that way since there's a massive outbreak of this AnonymousFox issue,

 

WordPress seems to have a major security problem at the moment.

Posted (edited)

Nice...decided to check mine...my old WP for a Minecraft server on Tommy is compromised too. :(

 

And my CP password was changed like everyone else.

 

He uploaded a backdoor too. A file called 4830068200.php in the wp-admin folder...also an htaccess file and a php.ini file (which does nothing on our servers). There was another random number file in wp-content as well as another htaccess and php.ini. The index.php has code to inject the backdoor added right at the top too. And of course I found a leafmailer.php...

Edited by wolstech
Posted

But how did they do that. I have only added few post this days, nothing else. Day without my website is a hell.

 

P.S. Are u suspended too?  :P

Posted

Didn't get suspended, but my minecraft site did go down and was full of malware...I reset my password, deleted the malware, and tossed a deny from all in .htaccess for now since I have to go to work...http://acmine.tk/ (403 error is intentional until I have time to fix it properly by restoring a backup).

Posted

Rebuild your site. I’d suggest finding another program but if you use wordpress again make sure everything is up-to-date when you install it.

Posted

All deleted from my cpanel, wp removed. Can u somehow check if there something left from that hacker, is there option to reset the cpanel?

Guest
This topic is now closed to further replies.

×
×
  • Create New...