steve-d

Is anyone else encountering hacks on 2.9.2?

Yes. Your not alone. I noticed all kinds of bizarre server behavior going on during the April mass attacks. It was like the hackers had total and complete control of the Hosts systems. Haven’t been touched in a month now at NS. They got it under control. And, I’m to tired and exhausted to move at this point. I didn’t get into this to be hunched over a computer 24/7 for months on end trying to protect myself from organized armies of overseas hackers trying to “take us out”.

Nasty situation we are in here.

@petercasier

I updated my script to clean up any infected .php file from a site (or subdirectory).

Millions of people are desperate for clean up tools like this at this point. Come up with a nice suite of practical and simple to use cleaning tools and you’ll have no shortage of customers. Me being one of them.

Are we learning yet? I hope so.

anointed,

Here’s some info on the Hilary Kneber – Koobface Gang connections suspected of being behind these attacks.

https://ddanchev.blogspot.com/

“At this point in time our security teams have verified that it is not a server level issue.”

Denial isn’t just a river in Egypt.

Contact site5 customer service asap and explain whats happening.

Alright here we go.

Ghacks Technology News
Current Registrar: GODADDY.COM, INC.

He’s been hacked.

Here the info.

5/9/2010 11:06 AM,High,
An intrusion attempt by www1.firesavez7.com was blocked

Risk Name HTTP Fake Scan Webpage 5
Attacking Computer www1.firesavez7.com (209.212.149.20, 80)
Attacker URL www1.firesavez7.com/107a9dcdafc2f5304469e3e909971c691f503009011.js
Traffic Description TCP, www-http

I went to check out this story an was hit immediately.

Mass Shared Host Website Hack
?Ghacks Technology News – 1 hour ago
These servers host multiple websites by different users. Affected web hosting companies are Go Daddy, Bluehost, Media temple, Dreamhost and Network .

Reverse IP Check
There are 4 domains hosted on this IP address.
Here are a few of them:

1. Warezforyou38-pr.com
2. Firesavez7.com
3. Myguard48-pr.com
4. 1 more…

Ghacks Technology News
Current Registrar: GODADDY.COM, INC.

New tricks by the criminals.

DO NOT GO to this story. You’ll be attacked instantly.

Mass Shared Host Website Hack
?Ghacks Technology News – 1 hour ago
These servers host multiple websites by different users. Affected web hosting companies are Go Daddy, Bluehost, Media temple, Dreamhost and Network ..

5/9/2010 11:06 AM,High,
An intrusion attempt by www1.firesavez7.com was blocked

Risk Name HTTP Fake Scan Webpage 5
Attacking Computer www1.firesavez7.com (209.212.149.20, 80)
Attacker URL www1.firesavez7.com/107a9dcdafc2f5304469e3e909971c691f503009011.js
Traffic Description TCP, www-http

NS put it plainly and honestly today.

This “.nts” file addition is occurring mostly within the structure of customers’ WordPress installations, however the issue is not with WordPress.

I give them credit for going all out to protect customers even if painful at times after they realized it wasn’t just a WordPress issue but something a little more serious that needed to be contained.

Obviously there is still work to do but much progress has accomplished in neutralizing a serious threat. What other choice is there?

I wouldn’t take anything for granted if I was any hosting company in this country you could be next.

Heads Up . . . May 8, 2010 NS

We received alerts of a new type of file inclusion on our customers’ websites, whereby a “.nts” file is added to folders of customers’ hosting accounts. Visitors to affected websites will receive a “website cannot be found” message and may be infected with malware. This “.nts” file addition is occurring mostly within the structure of customers’ WordPress installations, however the issue is not with WordPress. We ask that you please remove all files with the extension “.nts” in order to resolve this issue.

At this point the bottom line is the grid is probably being infected regardless of who your hosted with.

Clean Here. Now that that’s established can someone link me to a tutorial about how to run these cleaning scripts. It’s obvious I’m going to have to learn to do this next. May as well confront it and get busy learning. They don’t teach this stuff in sales and marketing.

Fixed

As soon as I can regain access to my files I’ll post the results.

[email protected] . . . is NS even aware that some end users can’t even log into their account File Manager and are getting a user id and password incorrect prompt?