1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Anyone at Blueh0st hacked by b0gel AGAIN!

Discussion in 'The Shit List' started by ghettogong, Jul 19, 2010.

  1. ghettogong

    ghettogong Regular Member

    Joined:
    Oct 7, 2009
    Messages:
    299
    Likes Received:
    28
    Just found all my index files are replaced by this fuckin hacker named b0gel!!!!

    It seems this only happens with blueh0st customers

    People with blueh0st put your protection on now

    People that are iffected already please share how to solve this shit.

    Firstly how did they get in, through which component?

    Some security measures you can do is to:
    - change permission to 444 on index, configuration,htacces files
    - change ftp pass and username
    - change cpanel pass and username
     
  2. Crixus

    Crixus Regular Member

    Joined:
    Jul 10, 2010
    Messages:
    409
    Likes Received:
    119
    Occupation:
    Jack of all trades, master of a couple.
    Location:
    the ludus
    Any old versions of wordpress, drupal, joomla or other cms on your acct?
     
  3. ghettogong

    ghettogong Regular Member

    Joined:
    Oct 7, 2009
    Messages:
    299
    Likes Received:
    28
    fuck a backdoor? What to ask blueh0st to protect my stuff?

    the attack came through a joomla 1.5.8 install, but now upgraded to 1.5.20
    Posted via Mobile Device
     
  4. ghettogong

    ghettogong Regular Member

    Joined:
    Oct 7, 2009
    Messages:
    299
    Likes Received:
    28
    Huhhhhh...? Yesterday i checked this thread and their were 2 replys from "Nick"....and now they are gone?
    Posted via Mobile Device
     
  5. Crixus

    Crixus Regular Member

    Joined:
    Jul 10, 2010
    Messages:
    409
    Likes Received:
    119
    Occupation:
    Jack of all trades, master of a couple.
    Location:
    the ludus
    >What to ask blueh0st to protect my stuff?

    It's up to you to keep the scripts you run up to date and secure.
     
  6. naomighrasta

    naomighrasta Newbie

    Joined:
    Apr 28, 2010
    Messages:
    19
    Likes Received:
    1
    bogel..sounds like a short looking guy. I wonder where he comes from
     
  7. StinkyPeat

    StinkyPeat Registered Member

    Joined:
    May 19, 2010
    Messages:
    95
    Likes Received:
    45
    id say germany
     
  8. aftershock2020

    aftershock2020 Senior Member

    Joined:
    Oct 19, 2007
    Messages:
    981
    Likes Received:
    477
    Yeah, not keeping the apps up to date and making clients upgrade with risk of their current offer of it going down as a routine maint. practice, it can be risky.

    I own a hosting service for my clients and very rarely ever have an issue. All 100% of my support reports are sessions of clients not knowing how to use something in control panel or having some 3rd party app not install correctly.

    Reason for the success is that I got hacked once, when I started the company 12 years ago and I built a multi-server network, with fresh dedicated ips rotated out and added into the mix. It is a pain in the butt, however, it has made it so that even if a hack were to get an app on one of my machines, it is something like 50k:1 odds against them to ever land on that same point again.

    It runs on the same style of ip switching concept of an isp service, where each time you ping a given site, you don't get the same ip address nor access server point.

    As a really outstanding side-effect though...my client's sites maintain 99% connectivity, with that 1% for their own human interaction of taking the pages down, screwing up the file path, etc.

    If you can afford it, go dedicated at the very least and you will prevent those things from happening as often by taking out the multiple/shared user aspect of it.
     
    • Thanks Thanks x 1
    Last edited: Jul 23, 2010
  9. mrocks03

    mrocks03 Newbie

    Joined:
    Feb 6, 2010
    Messages:
    12
    Likes Received:
    0
    i'm using bluehost too. how do you know if you're hacked?? i don't see any weird things in my sites although i saw some funny comments that are autoapproved. when i installed akismet they stopped.

    what are the signs that your site is hacked?
     
  10. ghostpix777

    ghostpix777 Registered Member

    Joined:
    May 3, 2010
    Messages:
    68
    Likes Received:
    26
    Did you do the joomla install using BLuehosts Fantastico, if so they have had many a problem with it and simple scripts install. If it were me I would move to a real host instead of them. Bluehost is no place to host a site that you actually plan on making money with. As one of their people told me "were great if you want to host pictures of your grandkids, just not much more"
     
    • Thanks Thanks x 1
  11. Crixus

    Crixus Regular Member

    Joined:
    Jul 10, 2010
    Messages:
    409
    Likes Received:
    119
    Occupation:
    Jack of all trades, master of a couple.
    Location:
    the ludus
    If you had taken the time to actually read the thread, you'd see the OP already stated the attack came through an older Joomla install vulnerability on his account.

    I've used various different shared hosting providers for 12 years, concurrently. In this 12 years, I've had individual accounts hacked 4 different times. Each time, I had a site on my account with an old CMS install that I hadn't bothered to update.

    I don't know about bottom tier shared hosting, but with the ones I've been using, I've only been compromised due to my own lack of prevention/maintenance.
     
  12. ghettogong

    ghettogong Regular Member

    Joined:
    Oct 7, 2009
    Messages:
    299
    Likes Received:
    28
    Thanks so much man!

    So i have done done the php.ini and updated all my WP and joomla blogs. I still have to ask blueh0st for the mod_security...dont know if they will enable this, however have a question:

    Now that i implemented all the security measures the hackers cannot strike again if the files are already in my FTP, cause mod_security will prevent the XSS atacks right?
     
  13. ghettogong

    ghettogong Regular Member

    Joined:
    Oct 7, 2009
    Messages:
    299
    Likes Received:
    28
    Nothing to do with comments. When you are hacked by this attack, your index files will be replaced by some javascript and you may loose all files of 1 specific site were they came through at first
     
  14. ghettogong

    ghettogong Regular Member

    Joined:
    Oct 7, 2009
    Messages:
    299
    Likes Received:
    28
    fuckin hell, actually had no probs with attacks ever with blueh0st