SQL attack on wpress 2.9.2

@bottleneck and @songdogtech:

The question is, how do we know that ANY shared host is secure? If the vulnerability that allows a hacker to attack other sites hosted on the same server was as simple as having more restrictive file permissions, I think NS would have figured that out by now. And while this attack does seem targeted mainly at NS, it’s happened on other hosts over the weekend as well.

I’m thinking about moving to HostGator, but the move has the potential to be a major project–not just our WP blog is involved, and we can’t have any significant downtime. But I’m wondering whether anything short of a virtual private server at ANY host will really prevent these
types of attacks (and that assumes I know enough about Linux and Apache security to set up the VPS correctly, which I probably don’t).

Thoughts?

everything comes with its price.

You need a real good tech guy to support your VPS, if you plan it.

Meantime please google:

VPS hacked

easysale . .

Yes CHMOD was acting very strangely this weekend. Permissions we’re not setting properly. As of this moment I’m back via SFTP and index files appear to be clean. And my platform appears to be reset. I just added File Monitor a few minutes ago to my project blog. I’m still going to be spending all day today double checking things. I have a bottle of Advil, weeks supply handy here on the desk.

If something like this happens again in the short term, I am most definitely going to have to seriously consider other options.

@easysale: Nothing is completely secure. And Google “hostgator hack” before you move.

See https://blog.networksolutions.com/2010/we-feel-your-pain-and-are-working-hard-to-fix-this/ and https://www.ads-software.com/development/2010/04/file-permissions/ to find it is a NetSol problem.

I’ve never heard of any hacked accounts at my host. Not saying it won’t happen, but as I said before, some webhosts are much better than others.

@songdogtech

I’ve never heard of any hacked accounts at my host.

you never heard it because you didn’t want it to hear.

you are in the sinking boat as well:

diagnostic page for songdogtech’s network

oops

you never heard it because you didn’t want it to hear.

you are in the sinking boat as well:

That might be a pretty bold assumption. I think ( that is if I read the info correctly ) that songdogtech might be on a dedicated server, so the generalities being applied to shared hosting environments might not completely apply in that situation.

A darn fine looking site it is, too.

??

@bottleneck: and what did I say?:

“Nothing is completely secure… Not saying it won’t happen, but as I said before, some webhosts are much better than others.”

Test your own host.

And consider tributing something relevant and substantial to this thread. Anything else is a waste of people’s time.

We jumped off this topic’s track already and turned the serious matter in some sort of twittering.

I am out.

At the (real or perceived) risk of drawing attention to my host, it is shared, not a VPS; though I’ve considered a VPS in the past.

NetSol admits WP is not the issue: WordPress is not the issue. | Small Business Conversations by Network Solutions

We jumped off this topic’s track already and turned the serious matter in some sort of twittering.

I am out.

YOU turned it into twittering….

I wonder if NS is even going to be able to repair this mess at this point.

Back to the topic at hand, my site continues to be hacked overnight. Specifically:

— Malicious code appears in my footer. It begins with <script>var dC and continues with a long string of JavaScript.

— Virus protection blocks whatever it is attempting to do when I load a page (I use AVG). Turn off the virus protection, though, and you get rerouted to a malware site (don’t do this: I did it with great precaution and was blocked by my own security setup before I could get there).

— Yesterday, I overdid the correction and completely reloaded my site and restored my database from a backup. Of course, it worked but it was a pain.

— This morning I did a more careful look through. I noticed that my index.php file (in root) was modified in the very early morning. At the end there was new code added, which I won’t repeat here. It was similar to what was appearing in my footer. I deleted this code and now everything is fine.

It’s worth noting I am a Network Solutions customer (until tomorrow, at least) and I think it’s safe to say at this point this is their problem. Hackers have access to their servers and can simply change our files–this is why NetSol has twice this week changed my FTP password, including overnight tonight. I’m not a security expert, but I’m guessing they are able to detect the file changes after they are made, triggering the FTP password change; they just can’t stop it in advance.

Hope this is helpful. Sorry if there are inaccuracies or points that aren’t relevant to everyone.

– JP

This has been going on for almost a month now. This NS breach was first being reported on April 9th.

Whats it going to take?

Update: There are three index.php files changed.

— In WordPress root
— In wp-content
— In wp-admin

– JP

Might be time to close this thread.

The issue is not an SQL attack; NetSol has confirmed that it’s their problem with their servers. WordPress is not the issue. | Small Business Conversations by Network Solutions. And WordPress confirms this: WordPress ? Blog ? Secure File Permissions Matter

If you keep getting hacked, work with NetSol to move you to a new server. If you don’t want to work with NetSol anymore, change hosts.

If you don’t do anything or NetSol does nothing for you, chances are very good you will continue to be hacked because of NetSol’s problems.