Blog Hacked

Ask your host for a LOT of explanations.
Push them hard for details.

Who IS this unhelpful host?

it is midphase, and I’ve used them for 3 years, and never had a bit of trouble until now. I honestly don’t know enough to know if this is the host’s fault. Is it?

Here is what they said when asked if a restore could be done:

“Yes, we have backup of your account from our backup file. It was created on 3rd
of Jun., but you need to pay $30/one time fee. We don’t provide our backups for
free.”

The hacking – maybe not.
If they have removed the site – yes unless they can at least render it safe. They should be telling you precisely why they did it, precisely why they think it’s your fault (I bet they say it’s a wordpress problem) and what needs to be done to get it all working.

Thanks- I wrote them back and will see what they say.

I have several other things on my site which are much more important than my blogs, and I need to know how to make sure this doesn’t happen again.

i do not agree with having to pay to get your site back .. since it was not your fault ..

but, in the short, $30 is worth it provided they can offer a solution as to how this will not happen again …

Move hosts.

I am admittedly clueless about security- can you make a guess at what went wrong for me? I pretty much assumed it was my fault.

Thanks.

$30 for a backup installed for a long term client? Something ain’t right there.

Only your host can tell you what went wrong. They should have logs that will show how your site was hacked. If they have any idea at all about what they are talking about, they should be able to prove that the hacking was due to a vulnerability in something you have installed[1]. If they can’t substantiate that claim, they are asking you to pay them to restore data that has been lost for reasons that should have been under their control.

You may need to pay up to get your data back, but given their attitude, you should move to a more helpful host as soon as you can.

What version of WP were you running, btw?

[1] Possibly, but not necessarily WordPress

Here is what they said in reply:

Probably you blog has some hole. The intruder used that hole to hack your blog.
That is why we always advise to update all scritps from time to time and update
all life critical server side software. If you want to know why your blog was
hacked exactly, then I advise you to check your access_logs.

I will go check my logs.

I was running version 2.0.2, I believe.

I should add that WordPress is a host offered product. The install is all done through their interface. So I did not alter anything to use WordPress.

Usually hackers sign their exploits. They do it for “fun” and are proud of that. They are not targetting yourself.
If not, your site may have been hacked by spammers, they do it for money and don’t care about “fame”. So, your host decided to erase everything to stop the problem.
In any case, your host has to explain itself in details. What cause this, what program is flawed, is it WordPress, one of its plug-in, another script. They have to be specific so developpers may repair the security hole quickly (or maybe it is already done, but you did not upgrade your software since).
In conclusion, do not accept vague conclusions. Pointing WordPress fault and say nothing else is too easy. Your host have the knowledge to say exactly what went wrong, when, and what to do.

Oh, I may have misspoken. The host did not remove the files, but they appear to be missing, if that makes sense. I assumed the hackers removed them. I can’t get into my admin functions in wordpress. My other blog still works fine.

The hackers did sign the page.

I wrote my host back and asked for further explanation. I appreciate all the help.

Their response:

Alexis, unsuseful software only doesn’t have holes. That is why Fantastico
updates their “kernel” scripts and then allows to update the
installed scripts. In any case the intruder used some hole of your website,
becasue your website only was hacked. No one else has the similar problem.
Anyway, you asked me to explain why you website was hacked, I did supposition,
additionally I advised you to check your log files if you want to know how your
website was hacked.

…???