New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Sounds funny, but certainly is always a possibility.
No, just a plain old retard.
You sir, have made my day.
Being completely serious though. In fact, never mind, I think most people saw that statement for what it was.
@W1V_Lee I don't search the code to find code errors. When there is an update announced on my wordpress I update the plugins. It is what it is. But it has been corrected, was corrected quick. It did not put any PII in danger. All is good.
xD
Wow really? You couldn't stay on top of patches for your wordpress installation and you didn't know your site was hacked. Then you want to expand your services and want people to trust that they'll be placed on a node with less clients IF they pay you a little more money? So why should someone trust your company?
The way people continually beat up on shovehost (who is a kid) is simply incredible.
If this was real life, you'd be arrested for abuse, or sued.
And in this case 24khost for being targeted by someone who clearly goes around targeting wordpress installations like it's a career.
Thread should have ended at:
1. That it was reported to be shovey on a website that apparently doesn't ask questions about that field and that said report could be linked to can in no way be interpreted as even evidence of guilt.
2. Wordpress hacked. OMG. This is new. Problem solved, it's up to 24khost to oversee the rest.
Only because of this thread!
Confirmed by the fact he asked if anyone knew what time it had been down since.
As a customer, can I angrily and rudely demand my money back, on the basis of this?
I don't really want my money back, but can I?
Only because this thread was first, and only because shovenose is the perp.
Most others would and do, what makes you special?
@sdotsen, was on top of patches. Can't help it if the programmer of the plugin, doesn't keep it up to date. didn't know there was an issue with it till this happened.
@jarland or any other host, how often do you visit your front page?
@24khost I'm probably not a good example, I'll get an alert in 30 seconds if my front page changes
@serverian do you check the front page of your website all the time. Nothing would have advised me that I had been hacked with out somebody telling me or such as the server never went down.
@jarland what do you use to keep track of it?
@24khost http://specto.sourceforge.net/
http://www.changedetection.com/
-- ChangeDetection.com provides page change monitoring and notification services to internet users worldwide.
Changedetection always seemed a little slow to me. May have just been me.
Wordpress attacks have risen like crazy the past few months, same with Joomla attacks..
Most vulnerabilities have been patch so it's normally just as simple as upgrading everything.
Which is easier said then done in some cases ....
Are you for real? Apologies if this has been misread, but from what I can see.
good
systems administrator and be much more concious when it comes to your buisness.Visiting it once a day isnt going to kill you, have it load up when you start your Browser, what's that extra 1MB of ram going to do to load that page? Nothing. But it may save your ass one day if you're attacked like this again.
What happens if they inject on your billing from a broken module? Oh fuck, sorry clients, your Personal Deetz' are all over the net, go blame my portal provider for not patching an unused module. Or having a zero-day exploit.
You take responsibility for your clients data, I'm pretty damn sure there's a legislation in every country regarding Data Protection.
NEED for DPA
8 Principles for UK act
I'd not waste the time of day dealing with anybody who feels this lazy about security.
Have a good day.
-Chris.
No offense.
Your main entry to customers fucked -> impression? (regardless how secure your client-portal and control-panel is)?
"Old, unpatched plugin by programmer" -> Same, but worse, tech savvy customers might question rest of your setup.
edit: some typos and shit
Using passwords and SSH on port 22. #winning...NOT. Changing the SSH port should be one of the basic security measures you take when you first setup a server.
Hostname: 24khost.com
Port: 22
Test performed from: New York, NY
Test performed at: 2013-05-03 21:56:09 (GMT +00:00)
Status: OK
Response Time: 0.177 sec
DNS: 0.120 sec
Connect: 0.025 sec
Redirect: 0.000 sec
Jarland said:
Thread shouldn't have ended because some of 24k's comments in this thread, along with his running SSH on port 22 (not to mention using passwords instead of SSH keys) indicates we're dealing with a web host whose knowledge of security is...ummm...lacking.
It does matter. Did you do a thorough security analysis of your entire system (i.e. not just the compromised wordpress installation) after being hacked, check for rootkits, backdoors, etc, etc?
based on the port 22 and "doesn't matter" and other comments by 24khost in this thread I think sdotsen has a valid point.
@DomainBop +1
awesome..., even me, changing ssh port to 4 digit at least, is the MUST DO <1 min before server is installed.
how can you forget it.
Yesterday if you tried to ssh into my nodes as root on port 22 you'd have been presented with a password prompt. Every day before it as well, since we started using virtpanel. This alone would be indication that it wasn't secured?
(Hint: It won't even accept the right one, but it'll ask.)
More than one way to secure a server.
well, and what about firewalls??, 3 failed and bang! you are blocked and ignored.
ssh/smtp/apache/pop
can be done with CSF
No but it makes it slightly more interesting and worth checking into further, whereas if it's not on a standard port it more likely indicates a level of seriousness about security and I am better looking somewhere else.