1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Justhost just made my shit list all websites hacked

Discussion in 'The Shit List' started by flexnds, Feb 12, 2011.

  1. flexnds

    flexnds Power Member

    Joined:
    Jan 4, 2010
    Messages:
    643
    Likes Received:
    680
    Occupation:
    Internet Marketing, Web development, Internet Repu
    Location:
    AZ
    Luckily, I just had a bunch of old websites I did not care about on justhost hosting. All of the accounts were hacked. I can't list URLs coz they are my clients old campaigns.

    Wordpress versions
    4 sites with 3.0.1
    1 sites with 2.8.6
    2 sites with 2.9.2

    The hacked message... Just copy and paste that into any html doc and you will see the message.

    HTML:
    <Script Language='Javascript'>
    
    
    <!--
    
    
    document.write(unescape('%3C%21%44%4F%43%54%59%50%45%20%68%74%6D%6C%20%50%55%42%4C%49%43%20%22%2D%2F%2F%57%33%43%2F%2F%44%54%44%20%58%48%54%4D%4C%20%31%2E%30%20%54%72%61%6E%73%69%74%69%6F%6E%61%6C%2F%2F%45%4E%22%20%22%68%74%74%70%3A%2F%2F%77%77%77%2E%77%33%2E%6F%72%67%2F%54%52%2F%78%68%74%6D%6C%31%2F%44%54%44%2F%78%68%74%6D%6C%31%2D%74%72%61%6E%73%69%74%69%6F%6E%61%6C%2E%64%74%64%22%3E%0A%3C%68%74%6D%6C%20%78%6D%6C%6E%73%3D%22%68%74%74%70%3A%2F%2F%77%77%77%2E%77%33%2E%6F%72%67%2F%31%39%39%39%2F%78%68%74%6D%6C%22%3E%0A%0A%3C%68%65%61%64%3E%0A%3C%6D%65%74%61%20%63%6F%6E%74%65%6E%74%3D%22%66%72%22%20%68%74%74%70%2D%65%71%75%69%76%3D%22%43%6F%6E%74%65%6E%74%2D%4C%61%6E%67%75%61%67%65%22%20%2F%3E%0A%3C%6D%65%74%61%20%63%6F%6E%74%65%6E%74%3D%22%74%65%78%74%2F%68%74%6D%6C%3B%20%63%68%61%72%73%65%74%3D%75%74%66%2D%38%22%20%68%74%74%70%2D%65%71%75%69%76%3D%22%43%6F%6E%74%65%6E%74%2D%54%79%70%65%22%20%2F%3E%0A%3C%74%69%74%6C%65%3E%48%61%43%6B%45%64%20%42%59%20%58%5F%41%76%69%61%54%69%71%75%65%5F%58%20%2E%20%53%68%45%6C%4C%2D%54%65%41%6D%20%2E%20%43%39%39%40%4C%69%76%65%2E%44%65%3C%2F%74%69%74%6C%65%3E%0A%3C%73%74%79%6C%65%20%74%79%70%65%3D%22%74%65%78%74%2F%63%73%73%22%3E%0A%2E%73%74%79%6C%65%32%20%7B%0A%09%62%6F%72%64%65%72%2D%73%74%79%6C%65%3A%20%64%61%73%68%65%64%3B%0A%09%62%6F%72%64%65%72%2D%77%69%64%74%68%3A%20%32%70%78%3B%0A%09%70%61%64%64%69%6E%67%3A%20%31%70%78%20%34%70%78%3B%0A%7D%0A%2E%73%74%79%6C%65%33%20%7B%0A%09%74%65%78%74%2D%61%6C%69%67%6E%3A%20%63%65%6E%74%65%72%3B%0A%09%62%6F%72%64%65%72%2D%73%74%79%6C%65%3A%20%64%61%73%68%65%64%3B%0A%09%62%6F%72%64%65%72%2D%77%69%64%74%68%3A%20%32%70%78%3B%0A%09%70%61%64%64%69%6E%67%3A%20%31%70%78%20%34%70%78%3B%0A%7D%0A%2E%73%74%79%6C%65%34%20%7B%0A%09%66%6F%6E%74%2D%73%69%7A%65%3A%20%6C%61%72%67%65%3B%0A%7D%0A%2E%73%74%79%6C%65%35%20%7B%0A%09%66%6F%6E%74%2D%73%69%7A%65%3A%20%78%78%2D%6C%61%72%67%65%3B%0A%09%66%6F%6E%74%2D%66%61%6D%69%6C%79%3A%20%22%42%72%61%64%6C%65%79%20%48%61%6E%64%20%49%54%43%22%3B%0A%7D%0A%2E%73%74%79%6C%65%36%20%7B%0A%09%74%65%78%74%2D%64%65%63%6F%72%61%74%69%6F%6E%3A%20%75%6E%64%65%72%6C%69%6E%65%3B%0A%7D%0A%2E%73%74%79%6C%65%37%20%7B%0A%09%63%6F%6C%6F%72%3A%20%23%46%46%30%30%30%30%3B%0A%09%66%6F%6E%74%2D%66%61%6D%69%6C%79%3A%20%22%43%6F%75%72%69%65%72%20%4E%65%77%22%2C%20%43%6F%75%72%69%65%72%2C%20%6D%6F%6E%6F%73%70%61%63%65%3B%0A%7D%0A%2E%73%74%79%6C%65%38%20%7B%0A%09%66%6F%6E%74%2D%73%69%7A%65%3A%20%6C%61%72%67%65%3B%0A%09%63%6F%6C%6F%72%3A%20%23%30%30%30%30%46%46%3B%0A%09%66%6F%6E%74%2D%66%61%6D%69%6C%79%3A%20%22%43%6F%75%72%69%65%72%20%4E%65%77%22%2C%20%43%6F%75%72%69%65%72%2C%20%6D%6F%6E%6F%73%70%61%63%65%3B%0A%7D%0A%2E%73%74%79%6C%65%39%20%7B%0A%09%63%6F%6C%6F%72%3A%20%23%30%30%30%30%38%30%3B%0A%7D%0A%2E%73%74%79%6C%65%31%31%20%7B%0A%09%66%6F%6E%74%2D%66%61%6D%69%6C%79%3A%20%22%43%6F%75%72%69%65%72%20%4E%65%77%22%2C%20%43%6F%75%72%69%65%72%2C%20%6D%6F%6E%6F%73%70%61%63%65%3B%0A%7D%0A%2E%73%74%79%6C%65%31%33%20%7B%0A%09%63%6F%6C%6F%72%3A%20%23%30%30%30%30%38%30%3B%0A%09%66%6F%6E%74%2D%66%61%6D%69%6C%79%3A%20%22%43%6F%75%72%69%65%72%20%4E%65%77%22%2C%20%43%6F%75%72%69%65%72%2C%20%6D%6F%6E%6F%73%70%61%63%65%3B%0A%7D%0A%2E%73%74%79%6C%65%31%34%20%7B%0A%09%74%65%78%74%2D%64%65%63%6F%72%61%74%69%6F%6E%3A%20%75%6E%64%65%72%6C%69%6E%65%3B%0A%09%66%6F%6E%74%2D%66%61%6D%69%6C%79%3A%20%22%43%6F%75%72%69%65%72%20%4E%65%77%22%2C%20%43%6F%75%72%69%65%72%2C%20%6D%6F%6E%6F%73%70%61%63%65%3B%0A%7D%0A%2E%73%74%79%6C%65%31%35%20%7B%0A%09%66%6F%6E%74%2D%73%69%7A%65%3A%20%78%2D%6C%61%72%67%65%3B%0A%09%66%6F%6E%74%2D%66%61%6D%69%6C%79%3A%20%22%43%6F%75%72%69%65%72%20%4E%65%77%22%2C%20%43%6F%75%72%69%65%72%2C%20%6D%6F%6E%6F%73%70%61%63%65%3B%0A%7D%0A%2E%73%74%79%6C%65%31%36%20%7B%0A%09%66%6F%6E%74%2D%73%69%7A%65%3A%20%78%2D%6C%61%72%67%65%3B%0A%7D%0A%2E%73%74%79%6C%65%31%37%20%7B%0A%09%74%65%78%74%2D%64%65%63%6F%72%61%74%69%6F%6E%3A%20%75%6E%64%65%72%6C%69%6E%65%3B%0A%09%66%6F%6E%74%2D%66%61%6D%69%6C%79%3A%20%22%43%6F%75%72%69%65%72%20%4E%65%77%22%2C%20%43%6F%75%72%69%65%72%2C%20%6D%6F%6E%6F%73%70%61%63%65%3B%0A%09%66%6F%6E%74%2D%73%69%7A%65%3A%20%6C%61%72%67%65%3B%0A%7D%0A%2E%73%74%79%6C%65%31%38%20%7B%0A%09%66%6F%6E%74%2D%73%69%7A%65%3A%20%6C%61%72%67%65%3B%0A%09%66%6F%6E%74%2D%66%61%6D%69%6C%79%3A%20%22%43%6F%75%72%69%65%72%20%4E%65%77%22%2C%20%43%6F%75%72%69%65%72%2C%20%6D%6F%6E%6F%73%70%61%63%65%3B%0A%7D%0A%2E%73%74%79%6C%65%31%39%20%7B%0A%09%62%61%63%6B%67%72%6F%75%6E%64%2D%63%6F%6C%6F%72%3A%20%23%46%46%46%46%30%30%3B%0A%7D%0A%2E%73%74%79%6C%65%32%30%20%7B%0A%09%66%6F%6E%74%2D%73%69%7A%65%3A%20%78%78%2D%6C%61%72%67%65%3B%0A%09%63%6F%6C%6F%72%3A%20%23%30%30%38%30%30%30%3B%0A%09%66%6F%6E%74%2D%66%61%6D%69%6C%79%3A%20%22%41%67%65%6E%63%79%20%46%42%22%3B%0A%7D%0A%2E%73%74%79%6C%65%32%31%20%7B%0A%09%66%6F%6E%74%2D%73%69%7A%65%3A%20%78%78%2D%6C%61%72%67%65%3B%0A%09%63%6F%6C%6F%72%3A%20%23%38%30%30%30%30%30%3B%0A%09%66%6F%6E%74%2D%66%61%6D%69%6C%79%3A%20%22%41%67%65%6E%63%79%20%46%42%22%3B%0A%7D%0A%2E%73%74%79%6C%65%32%32%20%7B%0A%09%66%6F%6E%74%2D%73%69%7A%65%3A%20%78%78%2D%6C%61%72%67%65%3B%0A%09%63%6F%6C%6F%72%3A%20%23%46%46%30%30%46%46%3B%0A%09%66%6F%6E%74%2D%66%61%6D%69%6C%79%3A%20%22%41%67%65%6E%63%79%20%46%42%22%3B%0A%7D%0A%2E%73%74%79%6C%65%32%33%20%7B%0A%09%66%6F%6E%74%2D%73%69%7A%65%3A%20%78%78%2D%6C%61%72%67%65%3B%0A%09%63%6F%6C%6F%72%3A%20%23%30%30%30%30%46%46%3B%0A%09%66%6F%6E%74%2D%66%61%6D%69%6C%79%3A%20%22%41%67%65%6E%63%79%20%46%42%22%3B%0A%7D%0A%3C%2F%73%74%79%6C%65%3E%0A%3C%2F%68%65%61%64%3E%0A%0A%3C%62%6F%64%79%3E%0A%0A%3C%70%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%34%22%20%73%74%79%6C%65%3D%22%68%65%69%67%68%74%3A%20%31%70%78%22%3E%26%6E%62%73%70%3B%3C%2F%70%3E%0A%3C%70%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%33%22%20%73%74%79%6C%65%3D%22%68%65%69%67%68%74%3A%20%34%38%34%70%78%22%3E%3C%62%72%20%2F%3E%0A%3C%62%72%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%32%22%20%2F%3E%0A%3C%73%70%61%6E%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%31%35%22%3E%3C%73%74%72%6F%6E%67%3E%49%6E%26%6E%62%73%70%3B%20%54%68%33%20%4E%61%6D%45%20%30%66%20%41%4C%4C%41%48%3C%2F%73%74%72%6F%6E%67%3E%3C%2F%73%70%61%6E%3E%3C%73%74%72%6F%6E%67%3E%3C%62%72%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%31%35%22%20%2F%3E%0A%3C%2F%73%74%72%6F%6E%67%3E%3C%62%72%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%34%22%20%2F%3E%0A%3C%73%70%61%6E%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%35%22%3E%3C%73%74%72%6F%6E%67%3E%48%26%6E%62%73%70%3B%20%41%26%6E%62%73%70%3B%20%43%26%6E%62%73%70%3B%20%4B%26%6E%62%73%70%3B%20%45%26%6E%62%73%70%3B%20%44%3C%2F%73%74%72%6F%6E%67%3E%3C%2F%73%70%61%6E%3E%3C%62%72%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%34%22%20%2F%3E%0A%3C%62%72%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%34%22%20%2F%3E%0A%3C%73%70%61%6E%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%31%38%22%3E%3C%73%74%72%6F%6E%67%3E%3C%73%70%61%6E%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%31%39%22%3E%48%61%43%6B%49%6E%47%20%44%61%59%20%26%67%74%3B%26%67%74%3B%20%32%31%20%4D%41%49%3C%2F%73%70%61%6E%3E%3C%2F%73%74%72%6F%6E%67%3E%3C%2F%73%70%61%6E%3E%3C%73%74%72%6F%6E%67%3E%3C%62%72%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%31%38%22%20%2F%3E%0A%3C%62%72%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%31%38%22%20%2F%3E%0A%3C%2F%73%74%72%6F%6E%67%3E%3C%73%70%61%6E%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%36%22%3E%3C%2F%73%70%61%6E%3E%3C%73%70%61%6E%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%31%37%22%3E%3C%73%74%72%6F%6E%67%3E%48%61%43%6B%45%64%20%42%59%3C%2F%73%74%72%6F%6E%67%3E%3C%2F%73%70%61%6E%3E%3C%73%70%61%6E%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%34%22%3E%3C%73%70%61%6E%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%31%31%22%3E%3C%73%74%72%6F%6E%67%3E%3A%26%6E%62%73%70%3B%0A%3C%2F%73%74%72%6F%6E%67%3E%3C%2F%73%70%61%6E%3E%3C%73%70%61%6E%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%37%22%3E%3C%73%74%72%6F%6E%67%3E%58%5F%41%76%69%61%54%69%71%75%65%5F%58%3C%2F%73%74%72%6F%6E%67%3E%3C%2F%73%70%61%6E%3E%3C%73%70%61%6E%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%31%31%22%3E%3C%73%74%72%6F%6E%67%3E%26%6E%62%73%70%3B%26%6E%62%73%70%3B%20%0A%66%72%30%6D%26%6E%62%73%70%3B%20%3C%2F%73%74%72%6F%6E%67%3E%3C%2F%73%70%61%6E%3E%3C%73%70%61%6E%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%37%22%3E%3C%73%74%72%6F%6E%67%3E%53%68%45%6C%4C%2D%54%65%41%6D%3C%2F%73%74%72%6F%6E%67%3E%3C%2F%73%70%61%6E%3E%3C%2F%73%70%61%6E%3E%3C%73%74%72%6F%6E%67%3E%3C%62%72%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%31%38%22%20%2F%3E%0A%3C%62%72%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%31%38%22%20%2F%3E%0A%3C%2F%73%74%72%6F%6E%67%3E%3C%73%70%61%6E%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%31%38%22%3E%3C%73%74%72%6F%6E%67%3E%46%30%72%20%4D%30%72%65%20%53%65%43%75%52%69%54%79%20%3D%3D%26%67%74%3B%20%43%39%39%40%4C%69%76%65%2E%44%65%3C%2F%73%74%72%6F%6E%67%3E%3C%2F%73%70%61%6E%3E%3C%73%74%72%6F%6E%67%3E%3C%62%72%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%31%38%22%20%2F%3E%0A%3C%62%72%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%31%38%22%20%2F%3E%0A%3C%73%70%61%6E%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%38%22%3E%49%53%4C%41%4D%20%66%30%72%20%45%76%45%72%3C%62%72%20%2F%3E%0A%3C%62%72%20%2F%3E%0A%3C%2F%73%70%61%6E%3E%3C%73%70%61%6E%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%32%30%22%3E%4D%6F%73%54%61%47%61%4E%65%4D%3C%2F%73%70%61%6E%3E%3C%73%70%61%6E%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%32%33%22%3E%20%3C%2F%73%70%61%6E%3E%0A%3C%73%70%61%6E%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%32%32%22%3E%5F%3C%2F%73%70%61%6E%3E%3C%73%70%61%6E%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%32%33%22%3E%20%3C%2F%73%70%61%6E%3E%0A%3C%73%70%61%6E%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%32%31%22%3E%41%4C%47%45%52%49%41%3C%2F%73%70%61%6E%3E%3C%62%72%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%31%38%22%20%2F%3E%0A%3C%62%72%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%31%38%22%20%2F%3E%0A%3C%2F%73%74%72%6F%6E%67%3E%3C%73%70%61%6E%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%34%22%3E%3C%73%70%61%6E%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%31%34%22%3E%3C%73%74%72%6F%6E%67%3E%47%69%66%74%20%54%30%3C%2F%73%74%72%6F%6E%67%3E%3C%2F%73%70%61%6E%3E%3C%73%70%61%6E%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%31%31%22%3E%3C%73%74%72%6F%6E%67%3E%3A%20%0A%59%61%73%4D%6F%75%68%20%5F%20%4E%65%54%2D%44%65%56%69%4C%20%5F%20%41%72%47%6F%6E%2D%48%61%43%6B%45%72%20%5F%20%26%61%6D%70%3B%20%55%3C%2F%73%74%72%6F%6E%67%3E%3C%2F%73%70%61%6E%3E%3C%2F%73%70%61%6E%3E%3C%73%74%72%6F%6E%67%3E%3C%62%72%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%31%38%22%20%2F%3E%0A%3C%2F%73%74%72%6F%6E%67%3E%3C%73%70%61%6E%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%36%22%3E%3C%2F%73%70%61%6E%3E%3C%73%70%61%6E%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%31%34%22%3E%3C%73%74%72%6F%6E%67%3E%0A%3C%73%70%61%6E%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%34%22%3E%53%70%65%63%69%61%6C%20%54%68%61%6E%6B%53%20%54%30%20%6D%59%20%46%72%69%45%6E%64%3C%2F%73%70%61%6E%3E%3C%2F%73%74%72%6F%6E%67%3E%3C%73%70%61%6E%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%31%36%22%3E%3C%2F%73%70%61%6E%3E%3C%2F%73%70%61%6E%3E%3C%73%70%61%6E%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%34%22%3E%3C%73%70%61%6E%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%31%31%22%3E%3C%73%74%72%6F%6E%67%3E%3A%26%6E%62%73%70%3B%0A%3C%2F%73%74%72%6F%6E%67%3E%3C%2F%73%70%61%6E%3E%3C%73%70%61%6E%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%31%33%22%3E%3C%73%74%72%6F%6E%67%3E%54%65%61%4D%20%4D%6F%73%54%61%3C%2F%73%74%72%6F%6E%67%3E%3C%2F%73%70%61%6E%3E%3C%2F%73%70%61%6E%3E%3C%73%70%61%6E%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%39%22%3E%3C%2F%73%70%61%6E%3E%3C%73%74%72%6F%6E%67%3E%3C%62%72%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%31%38%22%20%2F%3E%0A%3C%62%72%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%31%38%22%20%2F%3E%0A%3C%2F%73%74%72%6F%6E%67%3E%3C%73%70%61%6E%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%31%38%22%3E%3C%73%74%72%6F%6E%67%3E%4C%6F%67%4F%55%54%3C%2F%73%74%72%6F%6E%67%3E%3C%2F%73%70%61%6E%3E%3C%73%74%72%6F%6E%67%3E%3C%62%72%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%31%38%22%20%2F%3E%0A%3C%2F%73%74%72%6F%6E%67%3E%3C%62%72%20%63%6C%61%73%73%3D%22%73%74%79%6C%65%31%31%22%20%2F%3E%0A%3C%2F%70%3E%0A%0A%3C%2F%62%6F%64%79%3E%0A%0A%3C%2F%68%74%6D%6C%3E%0A'));
    
    
    //-->
    
    
    </Script>
     
    • Thanks Thanks x 2
  2. wrangler

    wrangler Regular Member

    Joined:
    Jun 14, 2010
    Messages:
    487
    Likes Received:
    599
    Before you shitlist your host, how are you certain it was their fault? Could it have been an issue with your content on the sites, or a weak password?
     
  3. flexnds

    flexnds Power Member

    Joined:
    Jan 4, 2010
    Messages:
    643
    Likes Received:
    680
    Occupation:
    Internet Marketing, Web development, Internet Repu
    Location:
    AZ
    I have 4 hosting accounts for this client with over 75 domains spread through bluehost, hostgator, iwebhostinglink and justhost. This is the only time it has ever happened. Also, the code you see above was in my index.html in my root directory on all websites. NOTE: none of the other sites were hacked all permissions are always check. Only sites on justhost were hacked. All 75 websites were virtually the same with the same plugins and same themes everything. Sounds weird, i know, but this is how we track our campaigns is with new website launches/domains.
     
  4. yuyo

    yuyo Regular Member

    Joined:
    Oct 29, 2008
    Messages:
    478
    Likes Received:
    24
    YES it happened to me with them people dont use justhost..

    they tend to let hackers to hack your sites....
     
  5. No1here

    No1here Regular Member

    Joined:
    Aug 17, 2009
    Messages:
    208
    Likes Received:
    100
    Home Page:
    I have to say that I've been with JustHost for a long time and I've never had a problem. I've had more trouble with Godaddy then I have with JustHost.

    Is it possible that your password was the weaklink? Just asking, not stating.
     
  6. flexnds

    flexnds Power Member

    Joined:
    Jan 4, 2010
    Messages:
    643
    Likes Received:
    680
    Occupation:
    Internet Marketing, Web development, Internet Repu
    Location:
    AZ
    My password was well over 10 characters long with multiple symbols, numbers, upper case and lower case. I always use strong passwords and I always use webroot antivirus with spysweeper paid version and sweep regularly.
     
  7. extremephp

    extremephp BANNED BANNED

    Joined:
    Oct 19, 2010
    Messages:
    1,293
    Likes Received:
    1,272
    You never gave a thought to Disable your anonymous FTP instead of complaining your host at a shot! :)

    Well, I dont know how they peep in with Anonymous FTP access, but thats how the hackers enter in!

    I am evident about this, because I added a hacker to my Yahoo, who once hacked my website. And In the end, he just became low after I disabled it!

    Edit : Post Edited :) Thanks to the guy who gave me a neg. I do think that was needed :)

    ~ExP~
     
    Last edited: Feb 13, 2011
  8. Jared255

    Jared255 Jr. Executive VIP Jr. VIP Premium Member

    Joined:
    May 10, 2009
    Messages:
    1,965
    Likes Received:
    1,787
    Location:
    Boston, MA
    That's not saying much honestly... I think everyone in the history of IM has had trouble with GD hosting.
     
  9. likeskoolaid

    likeskoolaid Regular Member

    Joined:
    Dec 27, 2009
    Messages:
    352
    Likes Received:
    104
    Occupation:
    \˚ㄥ˚\
    Location:
    \ᇂ_ᇂ\
    is anon ftp set to off by default on shared hosting?
     
  10. Black Hat Expert

    Black Hat Expert BANNED BANNED

    Joined:
    Dec 27, 2010
    Messages:
    415
    Likes Received:
    303
    Securing your WordPress blog is the most important thing that you must do after
    you have set it up on your server. There shouldn?t be any reason for you to
    leave your WordPress wide open for hackers to creep in and steal your
    information and/or destroy your data. Here are 11 ways that you can use to
    secure your WordPress blog.

    1) Encrypt your login

    Whenever you try to login to your website, your password is sent unencrypted.
    If you are on a public network, hacker can easily ?sniff? out your login
    credential using network sniffer. The best way is to encrypt your login with
    the Chap Secure Login plugin
    . This plugin adds a
    random hash to your password and authenticate your login with the CHAP
    protocol.

    2) Stop brute force attack

    Hackers can easily crack your login password and credential using brute force
    attack. To prevent that from happening, you can install the login lockdown
    plugin . This plugin
    records the IP address and timestamp of every failed WordPress login attempt.
    Once a certain number of failed attempts are detected, it will disable the
    login function for all requests from that range.

    3) Use a strong password

    Make sure you use a strong password that is difficult for others to guess. Use
    a combination of digits, special characters and upper/lower case to form your
    password. You can also use the password checker on WordPress 2.5 and above to
    check the strength of your password.

    4) Protect your wp-admin folder

    Your wp-admin folder contains all the important information and it is the last
    place that you want to give access to others. Use AskApache Password Protect
    to password
    protect the directory and give access right only to authorized personnel.


    5) Remove WordPress version info

    To fix this, you can simply install the WP-Security Scan
    plugin.


    6) Hide your plugins folder



    Open your text editor. Save the blank document as index.html.

    Using a ftp program, upload the index.html to the /wp-content/plugins folder.


    7) Change your login name

    The default username is admin. You can make it more difficult for the hacker to
    crack your login credential by changing the login name.

    In your WordPress dashboard, go to Users and set up a new user account. Give
    this new user administrator role. Log out and log in again with the new user
    account.

    Go to Users again. This time, check the box beside admin and press Delete. When
    it asks for deletion confirmation, select the ?Attribute all posts and links
    to:? and select your new username from the dropdown bar. This will transfer
    all the posts to your new user account. Press Confirm Deletion.

    8) upgrade to the latest version of WordPress and plugins

    The latest version of WordPress always contains bugs fixes for any security
    vulnerabilities, therefore it is important to keep yourself updated at all
    times.

    9) Do a regular security scan

    Install the wp-security-scan
    plugin and perform a
    regular scan of your blog setting for any security loopholes. This plugin can
    also help you to change your database prefix from wp_ to a custom prefix.

    10) Backup your wordpress database

    No matter how secure your site is, you still want to prepare for the worst.

    11) Define user privilege


    thanks,
    tillu
     
    • Thanks Thanks x 9
  11. Jackson51

    Jackson51 Newbie

    Joined:
    Jan 8, 2011
    Messages:
    19
    Likes Received:
    6
    Being that it was multiple sites, justhost is likely to be at fault. The attacker most
    likely got into one outdated site and used some kernel exploit to get root access to
    the server or the directory privileges were set incorrectly. In either case, justhost
    is at fault for not staying on top of new security updates/privileges.
    If a hacker gets file access to one site, most of the time they will be able to at least
    read other files on the server. From this, they can read configuration files to get database
    access and so on.. they will usually read the 'etc/passwd' for ftp logins and directories to
    other sites. With the ftp login and file access, brute forcing passwords becomes easier because
    he/she can upload a script to brute force locally - which is much faster.
    But here are ways to bypass nearly every security measure shared hosting takes, but it's
    more dependent on how easy it is and how much the attacker knows that will affect your
    chances of something like this happening. PHP safe mode, file privileges, directories access
    does not mean you're safe...
    If your website is generating a nice income, especially if it has some nice and unique code, you're
    going to attract some more advanced hackers that won't tell you if they have hacked your website
    by defacing it for online reputation but rather to benefit from your work.

    I have professional experience working with website security. pm me if you have questions.
     
    • Thanks Thanks x 1
    Last edited: Feb 16, 2011
  12. frank888

    frank888 Newbie

    Joined:
    Jan 20, 2011
    Messages:
    0
    Likes Received:
    1
    Same old story. Let me tell why I'm not surprised your sites where hacked. I had a website on JustHost and I had all my passwords with a combination of 12 symbols, numbers letters. I read one article that stated if you have a combination of 12, it would take a hacker with a very powerful computer with the software running at 1 billion combination's a second 18 years to crack the password. (that's what I read) Back to the subject. My site was hacked and all affiliate I.D.'s and google adsense where changed. They even changed my password. The only people to have access to that site where me and the people working at Just Host. I contacted them and told them that they employ thieves, which they denied, but when I requested the phone number of their legal office to file a law suit. They quickly gave me a full refund. If you have your site with JustHost and it's doing well, it's just a matter of time before their employees go into it . To all that have a website on JustHost, I suggest you do a weekly check to see if you affiliate and adsense is still your name.
     
    • Thanks Thanks x 1
  13. Dareeude

    Dareeude Registered Member

    Joined:
    Mar 25, 2010
    Messages:
    56
    Likes Received:
    4
    Occupation:
    Studying
    Location:
    Denmark
    Assholes tried to hack mine on justhost too.
     
  14. not4nuthin

    not4nuthin Registered Member

    Joined:
    Aug 6, 2010
    Messages:
    79
    Likes Received:
    13
    Occupation:
    Certified Project Manager with two masters degrees
    Location:
    Georgia
    Home Page:
    I just had all of my JustHost sites defaced. Grrr... I'm pissed but back up and running. It was definitely JustHost. My yearly subscription is renewable in May and I'm considering going elsewhere... But I hate Host Gator and GoDaddy isn't much different... Oh well.
     
  15. 2 4 k

    2 4 k Junior Member

    Joined:
    Jul 31, 2008
    Messages:
    166
    Likes Received:
    89
    Its not just JH, I'm with IXWebhosting and had 4 of my sites all hacked by some Turkish group, somehow they uploaded some file, luck nothing too malicious.

    Also if you DL any "shared plugins or themes" be careful, make sure you use a couple of plugins called:

    TAC-theme authenticy checker;
    Wordpress Exploit Checker;

    these 2 will check to see if any holes inside your WP install.
     
  16. 1gl0w

    1gl0w Newbie

    Joined:
    May 10, 2011
    Messages:
    15
    Likes Received:
    0
    itsn ot their fault actually they just suck
     
  17. Loconoco

    Loconoco Newbie

    Joined:
    Jun 11, 2011
    Messages:
    0
    Likes Received:
    0
    I had the same problem in February 2011. A palestinian sympathiser hacked the servers at Just Host and they refused to admit it was their servers. I work for an organisation one branch of which runs the UK Defence Academy. The UK e-Crime squad got involved and they passed it to the UK Anti-Terrorist Squad because they thought I may have been targeted. After investigation they discovered that JUSTHOST HAD BEEN HACKED. It wasn't only my site it was someone who had just got lucky and hit an American host's Servers.

    Anyway, since then, I can't get my site up and working. I want to remove Wordpress and use the iWeb package that came with my Mac (just moved over). Despite many attempts by their support staff who keep giving me very brief answers nothing is happening except an error message on my website saying IndexOf/.

    Would anybody be so kind as to tell me in a step by step way how to remove the wordpress from my cPanel and to publish using iWeb?

    Thank you,

    Peter
     
  18. islandman1010

    islandman1010 Elite Member

    Joined:
    May 10, 2008
    Messages:
    1,651
    Likes Received:
    195
    This isnt a Justhost problem. Its an exploit in wordpress that has been used a lot. Happened to me too. The hosting companies dont upgrade your wordpress installs. Thats for you to do but once the hacker has got into wordpress by an exploit in it they can then execute code on all domains on the same hosting. Mine was happeneing right in front of my eyes on Hostgator.

    The other major weakness that hackers can use is in Filezilla for FTP transfers. Do not save your password on Filezilla...it is not saved securely and and is a well known hackers dream .
     
  19. randomwoman

    randomwoman Newbie

    Joined:
    Dec 9, 2008
    Messages:
    39
    Likes Received:
    3
    Occupation:
    Freelance Writer
    Location:
    Georgia
    I'm sorry this happened to you. The only experience I have with JustHost was briefly promoting them. I remember hearing about this happening maybe a year ago and that is when I stopped recommending them. I know a lot of people have nothing but good things to say about the company, but every site getting hacked is a bit much...
     
  20. BuyLowSellHigh

    BuyLowSellHigh Newbie

    Joined:
    Apr 29, 2011
    Messages:
    33
    Likes Received:
    10
    Getting hacked is usually your own fault. The type of Wordpress hack described here is the webmasters fault..