washuu

Hi again, I played around today with collected hacking scripts from my defaced site. In one of them I found references to site with database of hacked sites, where hackers can compare their "perfomance" with others. This database allows sorting/filtering by hacked IP, so I filtered it by heliohost IP... and guess what...? 59 hacked sites from one heliohost server during last two years, and five sites in the last two days. See for yourself: http://www.zone-h.org/archive/ip=216.218.192.170 The same stats apply to Johnny and rest of HH servers. Also, this database shows that every minute some sites in the world are hacked right now. It's scary...

Hi, I'm quite new at Heliohost, I created my account a few weeks ago. I created my first website, based on latest wordpress 3.4.2, without any additional plugins. I added just a few test themes, added some notes, and I didn't published the website's address nowhere yet. Yesterday (22nd of Nov, at 19:26 to be precise), my main index.php was deleted and replaced by index.html, containing some turkish video on YT, and words "Rea_pErz Was Here". Also the hacker added wordpress theme "This Is Rea_pErz's Shell", written in PHP (of course, I downloaded the files and deleted from the account immediately after). Now, I'm starting to reinstall wordpress and database, change passwords, check all my computers against trojans and viruses, etc. I found, that there was such case on heliohost before - see http://www.helionet.org/index/topic/12493-wordpress-blog-hacked-by-rea-perz/ I have several thoughts on that: - I know that website stats are disabled, but can I access some apache logs? Perhaps I could find out, how someone managed to hack my website? - My password was of medium strength, but it wasn't dictionary word. I guess, that hacker managed to enter the site by some SQL Injection rather, than by password guessing. - how can I protect myself against such attacks, apart from not using plugins in wp, having strong passwords and making backups? - I wonder, how the attacker got address of my website - it was parked domain, made from SeveralConcatenatedPolishWords.pl - there is very small chance someone just guessed the name. - I tried to use user_logs ftp account, to see if I can access some logs, but server dropped the connection with message "home directory not found". I also see, that /var on stevie is 99% full. - I know I have unpaid account, but can I make support request out of this? Such cases can influent more people than me - the hacks could be because of my misconfiguration, but also because of some features of heliohost. I'm not blaming anyone, just I am thinking what do do next.