Even worse, they didn't even notice until I called. If you're a 1and1.com customer I recommend you change your username and password now! I included some log snippets to help you make sure your account hasn't been compromised. 1and1.com hacked
how come you're saying that it's 1and1? if it 1and1 then it should have been the whole shared server that's being hacked now. guess it's only your site? any other customers of 1and1 here having the same problem?
your "So how did they get my username and password, were they specifially targetting me? Turns out they weren't, they were randomly hitting onlinehome.us hostnames. From my apache logs: " IS AN ASSUMPTION and NO fact. of course it is possible to hack any account WITHOUT using password / username !! all a hacker needs is a backdoor CREATED BY YOU - a weakness of any of your scripts/forums/ etc uploaded. whoever knows what scripts you run may be able to search google to find the path on your site. whoever knows ANY script with security problems - may search G to find sites hosting such scripts to then directly access that site WITHOUT password/username if the security hole allows such. until 2 years ago I hosted my site on 1and1 and had such problems. 1and1 has a most weak intrusion detection system and little support to help you in such cases. in any way security ALWAYS is site-OWNERS problem and NEVER host problem as security ENTIRELY depends on YOUR scripts and configurations created by YOU. in addition: NO professional site owner uses pwd/user to access his web space - on 1and1 and all professional hosts a serverkey authentication is DEFAULT security configured by site-OWNER. in addition all pwd access needs to be DISabled for entire site. strictly SSH access your site for ALL work to be done in addition SECURE every bit and byte hosted - no matter where. if security becomes vital and important to you and you have traffic and scripts needed care, then its time to move to your OWN dedicated server NEVER hosted on 1and1 but a professional / reputable dedi host ! fall 2006 I moved to my own root server and am MOST happy with it, despite the many hundred additional hours of annual work and the hundreds of additional one times work to learn additional admin work during early many months.
There are no assumptions. If they were targetting me, they would show a referrer of my domain name, not the 1and1 hostname that is assigned to every account: s92198053.onlinehome.us (this is another users, not mine) I've administered servers for over 12 years both linux and windows. I use throwaway 1and1 accounts for developing sites so they don't put my established sites at risk. In my case, I don't host anything on 1and1.com that is important, but thousands of other people mistakenly do. 1and1 shouldn't have their passwords stored in plain text in their control panel database. Dreamhost learned that the hard way last year.
Any site using MySQL database is prune to be hacked if your script is susceptible to security threats and it has nothing to do with the hosting service your are hosted on
Please point out ANYWHERE I mentioned mysql. Not only did I not mention it, but none of the sites in this hosting account use mysql. If you know anything about interpreting log files, it will make complete sense.
Yes I agree for the claim he made My server was formatted 4 times even without notice see the event log iam posting for auditfailures Below IP are even now trying to get in [TABLE] [TR] [TD="width: 15"][/TD] [TD="width: 130"]IpAddress[/TD] [TD]218.207.113.102[/TD] [/TR] [/TABLE] [TABLE] [TR] [TD="width: 15"][/TD] [TD="width: 15"][/TD] [TD="width: 130"]IpPort[/TD] [TD]3088[TABLE] [TR] [TD="width: 130"]IpAddress[/TD] [TD]222.185.27.27[/TD] [/TR] [/TABLE] [TABLE] [TR] [TD="width: 15"][/TD] [TD="width: 15"][/TD] [TD="width: 130"]IpPort[/TD] [TD]1552[/TD] [/TR] [/TABLE] [/TD] [/TR] [/TABLE]