1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[HELP] Hostmonster sucks!

Discussion in 'BlackHat Lounge' started by BlackSeng, Sep 27, 2013.

  1. BlackSeng

    BlackSeng Jr. VIP Jr. VIP

    Joined:
    Mar 5, 2009
    Messages:
    1,963
    Likes Received:
    3,519
    Occupation:
       
    Location:
    SG50
    Yeah guys, I just found out my webhost is hacked.

    I'm suspecting of some free wordpress template I used. Somehow it affected my whole webhost.

    For example, let's say I access my website: www.abc.com
    It gets redirected to www.abc.com/TTLFX/

    Let's say I try going again to www.abc.com, it redirects to www.abc.com/RofLZ/

    But all shows as "404 error".

    Worst is... I don't know how long this has been... and this might have affected a lot of my revenue and CB sales!

    I used hostmonster's live chat support to seek help. Fucking hell, they told me my waiting time is "30 minutes".
    So I waited. When a representative finally got connected to me, he immediately replied, "Sorry, can't help you. This is beyond tech support."

    I was like WTF? So I asked if there's anything I can do asap. He simply replied, "Well, get Sitelock. Just pay for it and it should help."

    Wow, great help.

    I checked all the htaccess files and nothing suspicious was found. Any ideas?
     
    • Thanks Thanks x 1
    Last edited: Sep 27, 2013
  2. avi619

    avi619 Jr. VIP Jr. VIP

    Joined:
    Apr 1, 2012
    Messages:
    1,368
    Likes Received:
    1,883
    Location:
    Somewhere out there
    • Thanks Thanks x 3
  3. BlackSeng

    BlackSeng Jr. VIP Jr. VIP

    Joined:
    Mar 5, 2009
    Messages:
    1,963
    Likes Received:
    3,519
    Occupation:
       
    Location:
    SG50
    Thanks bro, but here's the strange thing...

    I have many other add-on websites that is just HTML-based.
    But they are all being affected too.

    All being redirected to non-existent subdirectories.

    The fucking support kept denying seeing any errors. I have asked my friends and even used my VPS to check... it IS the webhost problem.

    Fucking hostmonster kept asking me to try out SiteLock service to clean up malwares, .etc.
    Fucking horrible support.
     
  4. BlackSeng

    BlackSeng Jr. VIP Jr. VIP

    Joined:
    Mar 5, 2009
    Messages:
    1,963
    Likes Received:
    3,519
    Occupation:
       
    Location:
    SG50
    OH GREAT!

    I'm asking another hostmonster tech support guy... during the middle of his "investigations", this is what he reply me:
    "I apologize but we have a strict breaks/attendance schedule. I will transfer you to another technician now. They will have our entire chat so you won't need to re-explain everything. Take care!"
     
  5. jazzc

    jazzc Moderator Staff Member Moderator Jr. VIP

    Joined:
    Jan 27, 2009
    Messages:
    2,468
    Likes Received:
    10,143
    If you got WP in the same account as the static files and got hacked via WP, the attacker has access to everything in that account.
     
    • Thanks Thanks x 1
  6. Winternacht

    Winternacht Junior Member

    Joined:
    Jan 7, 2011
    Messages:
    113
    Likes Received:
    46
    it could be that someone injected code via curl to redirect traffic. deacvtivate all plugins and check every page (WP and static) to see if there is something that doesn't belong there.
     
    • Thanks Thanks x 1
  7. Rokebono

    Rokebono Senior Member

    Joined:
    Jan 28, 2013
    Messages:
    1,120
    Likes Received:
    1,672
    Location:
    Have a chat with healzer to see what he can help you with.
     
    • Thanks Thanks x 1
  8. avi619

    avi619 Jr. VIP Jr. VIP

    Joined:
    Apr 1, 2012
    Messages:
    1,368
    Likes Received:
    1,883
    Location:
    Somewhere out there
    If you feel the webhost is effected, you can do a simple check.
    If you are using shared ip, reverse lookup the ip on http://ipfingerprints.com/reverseip.php
    This will give you list of sites hosted on that ip. Every site must be effected if the problem is with webhost.
     
  9. BlackSeng

    BlackSeng Jr. VIP Jr. VIP

    Joined:
    Mar 5, 2009
    Messages:
    1,963
    Likes Received:
    3,519
    Occupation:
       
    Location:
    SG50
    Damn~

    Oh well, worse comes to worst, I will just re-host the add-on domains in hostmonster to my hostgator account.

    And thanks Roke, I've contacted healzer. I've also contacted hostmonster's site doctor or something that helps clean malwares. Will see how it goes.

    At least I found this out... I wanna fix it and see how much my profit/sales will boom afterwards :p

    Always look on the bright side of life.
     
    • Thanks Thanks x 1
  10. mointernet

    mointernet Regular Member

    Joined:
    Apr 21, 2008
    Messages:
    315
    Likes Received:
    151
    you need Sucuri.... period.
     
    • Thanks Thanks x 1
  11. Felitan

    Felitan Newbie

    Joined:
    Sep 27, 2013
    Messages:
    20
    Likes Received:
    3
    Yes it suck and i move to liquidweb and hostgator and it's 100% uptime for the past i years.
     
    • Thanks Thanks x 1
  12. BlackSeng

    BlackSeng Jr. VIP Jr. VIP

    Joined:
    Mar 5, 2009
    Messages:
    1,963
    Likes Received:
    3,519
    Occupation:
       
    Location:
    SG50
    Thanks guys!

    I think I will just migrate from one webhost to another. Of course, just the static html files. For wordpress, I will only backup the post and use the default or paid themes now.

    Hostmonster sucks anyway. So migrating to hostgator is cheaper.

    Sucuri charges like $120 for 50 websites of mine for 1 month; BUT they only accept yearly payments (which amounts to $1,200+).
    Healzer got back to me. He said he's charging like 200 euros just for a malware/suspicious full scan on my webhost; repair/cleaning-wise, he's charing like 90 euros per hour. Kinda expensive.

    So lesson learnt: just avoid any free themes too. I never used any null themes on that webhost. Or perhaps because it's a shared hosting, I was infected by some other people sharing the same webhost.

    And here's the OUCH part: I believe this has been happening for more than 6-8 months!!! Imagine the amount of lost profits!!! On the bright side, let's make back the money!
     
  13. mointernet

    mointernet Regular Member

    Joined:
    Apr 21, 2008
    Messages:
    315
    Likes Received:
    151
    why are you still using shitty shared hostings... you are just moving from a shithole to another shithole, it doesn't solve your problem long term. With the money you are earning, you should be moving on to a fully managed VPS, cloud hosting or a dedicated server.

    If Sucuri or Healzer cost is too expensive for you, you might wanna try those 3rd party server management companies and ask if they can help you harden/secure your sites and scan for malware.
     
    • Thanks Thanks x 1