Have you ever been hacked?

Bluehost = Crappiest bunch of crappers to ever crap

Ive been hacked once, they got full cpanel and server access because they got into my hotmail account by useing my secret question, which i told them over msn My question was "What is my cats name" and he asked me and i didnt even think twice....

 

be careful with point 8, if you change your file extensions to .html and don't alter your .htaccess file, hackers can just look at your source code and config files.

i have been hacked 3 times in about 8-9 years or so, 2 of which where vb hacks and one was a cpanel exploit.

 

old thread ongoing topic:
yes i have beenb hacked repeated times on shared hosting - thru a ("built-in"?) admin-backdoor of an installed SW.
repeated times - it appeared later, abou tevery 1-3 months for at least the past two or so years - until 2 years ago.

i got usually informed by my ex- host that some mail abuse was originating from some SW and that he ( the host ) has chmod'ed those files 000.
I then removed those files
and had in earlier years no idea what else to do and the host never mentioned that it actually came from hacking.

then some 2 years ago i had again my ( last known ) hacker - i sat down for almost a month day and night until all studied and solved.

the point was that the particular SW in question appeared to have a backdoor fully open into admin with all admin rights
i research who else had that SW installed
found a bunch
from my own experience i knew what long admin URL to use to directly access that backdoor - and found out that almost all installed SW had that door still open
and from all webmasters contacted that responded to my detailed hacker info - ALL ( 100% ) had NO knowledge but after a day or so of research ALL confirmed having been hacker - some for a LOOOONG time by aparently various hackers / various installed hacker SW found from setup phishing sites, to chat rooms, to mass mailers, etc

my experience has shown that MOST ( all ? )webmasters who belief never having been hacked most likely are but are simply lacking knowledge to FIND out about being hacked.

in my new dedicated server hacker attempts started before even the domain was actually installed - hence a totally different approach for my current site has been used to ease sleepless nights.

those who "belief" to be save - you MAY be safe if you KNOW that you have personally studied the topic and DONE ALL that ever could be done.
all tose who just trust that all is right - may be a "guesthouse" / host for hackers without knowing until the site is either shut down or police rings the bell.

my ex-host found some 2-3 hacker activities - out of a dozen or so ...
if your only belief is the trust into your hosts sleepless webmasters / admins ...
then you better wake up yourself to verify on your own
a dedi server has the advantage to offer full access to ALL logs besides apache logs and to allow to install any and all possible security tools.

 

Shells are bsic things which can be uploaded your webspace with a click. Don't allow users to upoad anything, just anything.

.thaccess must be used to protect important files and folders.

 

shells is but one way
.htaccess only one of may security solutions
a complete and secure apache configuration and above all a clean secure server space configuration of ALL SW: CMS, blogs, plugins, forums, and any upload facility or login facility of any kind may become entry points of hackers. some hackers need no shell - they simply use the existing unsecured SW tools such as admin tools, etc of CMS and other SW running in user space.

getting into your real system and uploading a sub.domain or plugins to existing (joomla or other ) CMS just another powerful practiced method hackers currently used these very days.

a rather new ( to me ) system seems to be to upload only a redirect ( may be hidden in any regular existing HTML file ) then redirecting to another site where the actual phishing system is setup. the site hosting redirects currently are on CN or other Asian domains that are difficult or impossible to reach efficiently - hence the hackers original work might be at least over a few days out of control of authorities.

a most common and still ongoing example of such hacker work is below ( without the spaces ). still active these minutes - despite repeated reports to pp and server / site owners more than 24 hrs ago:

( all below URLs without spaces !)
http: // 210.142.235.74/ libsh. so/ paypal/ login.htm
redirects to
http: // class8. be /paypal . com/ confirm/

hence on a server
http: // 210.142.235.74/
> host 210.142.235.74
74.235.142.210.in-addr.arpa is an alias for 74.072A.235.142.210.in-addr.arpa.
74.072A.235.142.210.in-addr.arpa domain name pointer kuts.fitsite.ne.jp.

http: // kuts .fitsite .ne .jp/
shows page
test

above is a sub.domain of
http: // www . fitsite . ne . jp
hence a mistake in apache config PLUS site / server config as it often may be seen in NEWLY / incompletely configured dedicated servers during installation work.

my advice for anyone getting a dedicated server is to:
chmod entire webspace 000 UNTIL all site is completely configured and secured and chmod ALL 000 specially during your breaks from work !!!

the final host of the phishing site is apparently a newbie who does NOT respond to mails within reasonable time to secure his site and stop the hacker's activities.
even if the final host is closed
the redirect may eventually simply be pointing to a new victim .

the host of either such a redirect OR the phishing site may be YOU unless you have verified your entire access_logs, error_logs, system logs and user space files by file name AND by its actual content ...

the more you think NOT to be hacked - the more likely you ARE being hacked these very moments or any time in the past months or years, repeatedly - may be on a regular basis on rotation with other sites. today you, yesterday your friend, the next day another friend and then next months again you .....

the fact that none of the last 2 days reported site owners reacted, shows how many site owners have a totally unsecured/wide open site without caring for it at all.

lack of www education as a result of successful hacking and cybercrime.
when you become a private pilot, you have to make a license to prove basic knowledge, when you SCUBA dive as well, when you drive a motorcycle as well, so do HAM radio and many others,
site owners can setup a site that might be used by terrorists, cyber criminals or other monkey business - because no one has to prove even MOST basic knowledge at all - yet every site owner has the potential to cause directly or indirectly millions or more $ in direct damage to others.

 

Yes, my website got hacked.

 

Being hacked on a shared server once cant just put you off. There are many advantages to using shared hosting. One being the price and two the support is usually good as your not the one managing the server.

 

my host keeps my websites pretty secure