Hitmaker Posted July 28, 2018 Posted July 28, 2018 username: okashiraserver: tommymain domain: okashira.heliohost.org Think my account was compromised (password unexpectedly was changed recently). Can't think of anything else that would trigger this, only used it for personal dev projects.
Luigi123 Posted July 29, 2018 Posted July 29, 2018 I will check your account later when I get to my PC.
wolstech Posted July 29, 2018 Posted July 29, 2018 This account has a compromised CMS installation that has been affected by the recent AnonymousFox hack and cannot be unsuspended. An invitation will be sent to you shortly so you can create a new account. Please restore your data using a backup. The data from your old account cannot be recovered or returned to you due to the possibility of the account having been used for Phishing. As a reminder, when selecting a CMS, we highly recommend that users not use WordPress. WP and it's extensions are notorious for having security issues such as the one you (and everyone else on Tommy) experienced, and it has the worst security track record of any CMS out there. Using a different program will help prevent this from happening again.
Hitmaker Posted July 30, 2018 Author Posted July 30, 2018 Thats unfortunate. Thank you. I was hoping id see word about this on Wordpress's side, but instead a laissez-faire attitude about this. I cant seriously consider using them for anything in the future.
wolstech Posted July 30, 2018 Posted July 30, 2018 Yeah, WP just doesn't care anymore. Their product is garbage security-wise, but they can't be bothered to do anything about it because they know people will use it anyway. When this issue first hit last week, there were people reporting it and they were being met with active denial by WP...
Hitmaker Posted July 31, 2018 Author Posted July 31, 2018 Indeed, i did see some bug reports on their tracker being closed for baffling reasons, and no resolution being given or even promised, i suppose I have to go back to coding my own CMS As an aside, i just set up the new account and it seems I cant add the domains used with the compromised account as they "already exist in the Apache configuration.", is there anything I have to do to resolve that? Thanks again for the attention.
wolstech Posted July 31, 2018 Posted July 31, 2018 They need to be removed from the old account. I'll do this when I get to a pc next, or another admin can do so if they see this.
Recommended Posts