LinkBack URL
About LinkBacksThats your host isnt it ? The WP stuff is a marketing front.Originally Posted by Rarst
Big Tipper
Thats your host isnt it ? The WP stuff is a marketing front.
John Myrstad
Hello World
@Rarst: You need to install the Post Logger plugin: http://www.village-idiot.org/archive...for-wordpress/
It records every usage of the $POST variable, from comments to admin logins to creating/editing posts and pages, and will give you more info on who they are and how they're getting in than simple Apache logs.
I've got it running on every WP install I have to help track down issues if I'm ever hacked.
Big Tipper
@JohnM
Nope, their parent company is http://exabytes.com/
@Kim
Thank you! Wish I had it in place for second attempt.
At moment I am waiting for reply from support/security... So I have no blog to install it on. :) Maybe they will roll back database delete, or I'll just restore from backup (might lose some comments and such made in last day).
Big Tipper
Big Tipper
http://www.google.com/safebrowsing/d...site=rarst.net
The fax number used to register the hosting domain does not have a good reputation.
John Myrstad
Hello World
@Rarst: When you do install it, set up the logs folder outside of the public_html folder, i.e. at the same level as public_html:
Account root/
wp-logs/
public_html/
I usually check the logs weekly, back up a copy locally, then empty the logfile.txt file to record the next week's events.
You can exclude certain IP numbers from being recorded (like your's) but I'd recommend not doing that right now until you get these problems cleared up.
Question: How were they able to delete your database? Are you using a database manager plugin inside WordPress? If not, then it sounds like they've got access to your hosting control panel as well.
Big Tipper
@Len
Thanks for suggestion, had mailed him. Also sent mail to dd of sucuri.net on suggestion of Daniel Scocco.
Only issue - I won't be able to properly hire either if they ask for it - retarded country issues that lock me out of PayPal and such. :( Make payments online close to impossible.
@JohnM
You mean their domain or my domain? Mine is registered with biggest local company, as legit as it get around here.
As for them I try to keep my opinion balanced. It might as well turn out to be completely my issue. So until proven guilty... Even if very suspicious. :)
Big Tipper
I have no idea on database. I logged new attempt to get WP admin access blocked... And some time later database is gone, absolutely nothing related in HTTP log.
I see no reason to go after WP with cpanel access, you have cpanel you own site.
And you don't just get into cpanel, just like you don't just get into WP. :(
[Update] As far as I remember I logged in into cpanel before hack today and it shows my IP as "Last login from", so I think it wasn't accessed.
Last edited by Rarst; 09-01-2009 at 03:06 PM.
Big Tipper
If you checked the link you would see that your domain is hosted on wehostesitescom.
The wehostsitescom domain is registered using a fax number that is associated with fishy stuff, so I guess its not the best of hosts.
John Myrstad
Big Tipper
Sorry, I missed where you made jump from zone name to that site. Now I see it.
As I understand that company is not exactly hosting company? I am not good with this stuff and don't know what exactly "network operator" means, as they call themselves.
Still no reply from support/security. Getting late here.
Reply With Quote