Jump to content

Recommended Posts

Posted

<p>Sorry in mobile view I did not see the posting rules</p>

<p> </p>

<p>Account name: johnnyt</p>

<p>Server: tommy</p>

<p>domains:</p>

<p>adalbert-feltz.at</p>

<p>johannesteichert.info </p>

Posted

This account has a compromised CMS installation that has been affected by the recent AnonymousFox hack and cannot be unsuspended.

 

An invitation will be sent to you shortly so you can create a new account. Please restore your data using a backup. The data from your old account cannot be recovered or returned to you due to the possibility of the account having been used for Phishing.

 

As a reminder, when selecting a CMS, we highly recommend that users not use WordPress. WP and it's extensions are notorious for having security issues such as the one you (and everyone else on Tommy) experienced, and it has the worst security track record of any CMS out there. Using a different program will help prevent this from happening again.

  • Like 1
Posted

The compromised installation was the install using database johnnyt_wp738, which appears to be for adalbert-feltz.at.

 

Malware is present in numerous other places outside this install though. The installation listed above is just the one that had the AnonymousFox user added to it.

Posted

Depends which files you need. I can't provide access due to possible phishing (which is what the hacker was ultimately planning to use the compromised accounts for...) and I can't provide any PHP files because they're infected, but if there's images/databases/etc. you need, I may be able to fetch those for you and drop them in the home folder of your new account.

Posted

wow this would be great,

if possible the uploaded media files from public_html/adalbert-feltz.at/wp-content/uploads,

a database export of the johnnyt_wp738 database (to extract the posts and additional css)

new account name is johnnylt

 

you can also sent per email it to me if you dont want to make an infected database accessible on the host.

 

thanks 

Posted

The files have been placed in your home folder. Please note that the contents of one of the subfolders was infected and has been discarded. In addition, the users table of thejohnnyt_wp738 database was truncated before export due to malicious user accounts being present.

Posted

thank you so much this helped tremendously!!! will remember this event when I create another website, probably choose a static site generator like lektor or jekyll.

Guest
This topic is now closed to further replies.
×
×
  • Create New...