Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


24khost Hacked - Page 5
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

24khost Hacked

1235

Comments

  • raindog308raindog308 Administrator, Veteran

    It'd be cool to have a service that runs on port 22 and adds any IP that tries to connect to a block list.

  • @raindog308 said: It'd be cool to have a service that runs on port 22 and adds any IP that tries to connect to a block list.

    there are some, is called firewall.

  • jarjar Patron Provider, Top Host, Veteran

    man sshd

    So many often overlooked features.

  • 24khost24khost Member
    edited May 2013

    Normally, on our cpanel server the ssh is turned off. So port 22 doesn't matter. We had moved this to a new server with some new fun stuff so iptables wasn't working right as not all the modules were installed. I had been working on correcting some other things this morning misconfiguration in the server. Otherwise ssh is turned off and not turned on till we need it.

    Our billing server is on a different port, and the admin had been moved to a different location when the first big whmcs hack happened.

    In regards to securing the form. Yep, that I guess does fall on me for not locking it down more. I wasn't strict enough on security for that. We do run csf/lfd with the 3 and done block (due to iptables modules not being all installed was not functioning correctly).

    Not saying it wasn't my fault. But I didn't check the permissions on a plugin. The plugin did not have any updates available. Didn't think was that big of a deal at the time. I did check my website in the morning, but that was at 7:00am so when I got to checking LET as saw a thread that my site had been hacked, I wanted to know when. Try and isolate things.

    I had a breach of our main website. That does not mean the rest is not protected. Means I failed to protect one part of our business highly. My customers PII is what I worry about.

    Does it look bad, yep. Is it is bad as say CVPS blunder or whmcs? I don't think so. Some of the largest places in the world have had this happen. FBI, CIA, Microsoft, Apple all have had pages that were defaced.

    I know that it may have come off saying that I did nothing wrong. It wasn't that I was denying that there was an issue. I am just saying that it doesn't mean that we don't take security seriously.

  • ZinnVPSZinnVPS Member

    Really to be just reading this thread some ppl think they are gods gift to the world of sys admins. Lol especially the correct permissions on the script and the not updating the plugin. How could he upgrade a plugin that hasn't been updated by the author. Lol I hate to call these ppl out but one time in your life where u accidently overlooked something or got a little complacent it is human nature. Actually the more anal retentive you are actually more bound to make a bigger mistake because you tend to focus on that one thing and don't look at the big picture. I seen it happen many of times while I served in the military. That is how I lost the bottom half of my left leg cause the driver of Humvee ran other a ied which had been marked by eod to be blown up cause he was so focused on incoming mortar fire and he just drove right into the marked ied spot.

  • 24khost24khost Member

    @ZinnVPS thanks for the kind words.

  • dedicadosdedicados Member
    edited May 2013

    @24khost my last words here are: my apologies and sorry if i sound rude. i'm not perfect i have a lot of errors and problems too.

    so hope you can solve that soon, or if it resolved already, take care and we hope this never happen to anybody of us.

  • 24khost24khost Member

    It was resolved right away. Been a few issues today and I hope it happens to no one else.

  • @24khost said: It was resolved right away. Been a few issues today and I hope it happens to no one else.

    Getting my WP sites screwed over is my worst nightmare, sorry to hear it happened to you.

    Going forward, Jetpack has a great Contact Form module that's well-maintained considering it's developed directly by Automattic.

  • @ATHK said: Wordpress attacks have risen like crazy the past few months, same with Joomla attacks..

    Wrong

    Wordpress PLUGIN and THEME attacks have risen. Too many people go crazy with 30 plugins on their WP installs. WP Super Cache and W3 Total Cache recent vulnerabilities are probably contributing to this but the core Wordpress itself does not experience security issues that much.

  • raindog308raindog308 Administrator, Veteran

    @dedicados said: there are some, is called firewall.

    Noble answer: "Actually, you can do that with CSF/LFD by configuring blah blah blah"

    Snotty sarcastic I-read-this-last-week answer: "there are some, is called firewall"

  • NoermanNoerman Member

    Come on guys, this is WordPress we are talking about. Securities about it will be hard to predict since it involve lots of developers (WordPress developers & plugins developers).

    WordPress itself I believe safe since have continually updates, but plugins not that smooth to update their codes.

    The best way to use WP is using minimal plugins specially NOT plugins that not updated frequently and use some securities plugins to protect known WP exploits.

    And about firewall, that is a must. I use CSF and I install it minutes after the server is up.

    I have been hacked one time on my wp client site, and I learn a lot after it.

  • SetsuraSetsura Member

    @raindog308 said: It'd be cool to have a service that runs on port 22 and adds any IP that tries to connect to a block list.

    You can do this quite easily, it is called a honeypot and works quite well. You can have a read on this post I found about it a while back and setup myself.

    @DomainBop said: Using passwords and SSH on port 22. #winning...NOT. Changing the SSH port should be one of the basic security measures you take when you first setup a server.

    @dedicados said: awesome..., even me, changing ssh port to 4 digit at least, is the MUST DO <1 min before server is installed.

    how can you forget it.

    This really isn't all that helpful, all it does it make them have to port scan longer if they really want in, using a honeypot on 22 isn't perfect either, but I think it is a lot more fun since they at least think you have it on 22, which usually(but not always) keeps them from checking elsewhere. I usually don't even bother to do the banning part, but rather just let them go at it as long as they feel like to gather data for future use.

  • bigballbigball Member

    @Setsura said: You can have a read on this post I found about it a while back and setup myself.

    look like I must use this, thanks anyway :D

  • HC_RoHC_Ro Member

    Was it WPTC ? There was a bunch of warnings about it, I think one on here.

    If not which plugin was it.

  • 24khost24khost Member

    no, it was contact form 7

  • seriesnseriesn Member
    edited May 2013

    @raindog308 said: Noble answer: "Actually, you can do that with CSF/LFD by configuring blah blah blah"

    Don't underestimate the power of modsec.

  • KrisKris Member

    @seriesn said: Don't underestimate the power of modsec.

    +1

    Also some common PHP security like allow_url_fopen = Off, and even little things like chmod 700 /usr/bin/wget , /usr/bin/lynx

    Mod_Security above all else. Been using it since 2005 to stop root-escalations in their path.

  • I was mdn_newbie that you are looking for.
    why the webhosting 24khost.com?
    find me on : http://facebook.com/r0ot.exploit.

  • VPSCornerVPSCorner Member
    edited July 2013

    This is exactly why you should keep a forum, blog or other third party script on a different VPS/Server. I never used to think much of it years ago but I've pretty much had it drummed into me and now when I see things like this I get why. For the sake of $5 to host a blog elsewhere, why not for the sake of your main site. There's lots of good providers on LEB for this exact purpose (plus of course others).

  • bdtechbdtech Member

    @24kHost contact form 7 didn't patch the hole? Didnt update in time? What was the vulnerability? I usually only let wordpress write to wp-content.

  • Are you saying that the most recent version of Contact Form 7 currently has a security hole or did you use an outdated version of the plugin?

  • @doughmanes said:
    What about "National Center for Missing and Exploited Children"

    How 'bout NAMBLA?

  • @sleddog said:
    The way people continually beat up on shovehost (who is a kid) is simply incredible.

    If this was real life, you'd be arrested for abuse, or sued.

    And we would win the trial.

  • DewlanceVPSDewlanceVPS Member, Patron Provider

    image

  • And we would win the trial.

    No, you would not.

    As to the owner of 24kHost, you might want to stop tripping balls before trying to respond to a community of trolls, or a community, really.

    Or, hire a PR guy.

  • bdtechbdtech Member

    Is allow_url_fopen required for wordpress plugin updates?

  • Their website is still down? WOW!

  • VPNVPN Member
    edited August 2013

    Hate to bump old threads but fell I need to say something in @shovenose defence. Why assume he is the 'suspect' just because his LET name sounds similar to the attackers name?

    You all seemed to carry on your pointless debate about security measures that quite frankly we all know about and have completely missed this above:

    @mdn_newbie said:
    I was mdn_newbie that you are looking for.
    why the webhosting 24khost.com?
    find me on : http://facebook.com/r0ot.exploit.

  • tr1ckytr1cky Member
    edited August 2013

    Seems like all the LEB hosts are security experts and @24khost isn't.

    E: Just saw this was some months ago, please don't throw stones at me.

Sign In or Register to comment.