Hacked for the 4th time this month


#1

I have been hacked for the 4th time this month.
My website has no content its a fresh wordpress install.

someone with the user details.

mahabir23 $P$BMIaLkTUi5RG4iKwpwlulufq1cfT9n1 mahabir23 mahabirsahoo23@gmail.com

seems to have made an account. There has not been any sufficient reply from dreamhost end all they give in return is a wiki page.

How was the site hacked.
Who hacked it what is the weakness

No explaination. Can someone test my site for security flaws.

Thanks


#2

Good luck with that. Nobody here is doing to invest time in something like that for no pay. All you can do is make sure your WP install is updated with the latest fixes. DH does not help with security of your scripts. They merely provide you web related services. Try your luck on the wordpress community forums or something.


#3

What type of “sufficient reply” are you expecting from dreamhost? Dreamhost does provide the hardware and bandwidth, but they didn’t write the code you are utilizing on their service.

How are you installing worpress? Using dreamhost’s 1-click? simple or custom? Or manually? Also are you loading any theme’s or plugins? Those may have security flaws as well.

I can’t guess too much since it looks like you have a fresh worpress install.


#4

if dreamhost cant even keep a wordpress site a blank wordpress site secure what is it good for I am sure it is some kind of database flaw or something else.

Directory listing is denied i am using latest wordpress Secure FTP 555 permission what could be wrong from my end its DH all the way responsible

I have installed wp from dreamhost no plugins its a blank wp


#5

DreamHost isn’t monitoring your scripts. They are NOT responsible for the security of your website. They give you the space and bandwidth etc and the rest is up to YOU. They do offer one-click installs for the less web savvy but they do not give support for them. They didn’t write the scripts. Take your concerns over to the wordpress community forums. I am sure the users there will be more than happy to discuss the security of wordpress. I do believe the one-click install DH has is not the latest version though.


#6

I have updated it to the latest version and if its a blank site what least DH can do is provide me the IP details of the users visiting the website specially the secure areas like the dreamhost panel and database access. Dont you think that will help in catching the hacker and taking legal action against him


#7

So it’s no longer a 1-click install by dreamhost, it is now your own manual custom install.

You should be able to determine this on your own via logs available to you. visit https://panel.dreamhost.com/index.cgi?tree=status.stats&

This is likely not where the compromise has occurred. If it has you should change your password. The hostname for mysql access will not respond outside the dreamhost network unless you have specifically configure the database user to allow connections from outside dreamhost by specifing an IP address(s) to accept connections from.

What court has jurisdiction?[hr]


#8

I have the email of the hacker who hacked in i will get the ip from dreamhost and cyber laws are quite efficient in here :slight_smile:


#9

I feel bad because my post above does nothing to solve your problem, but until you accept that it is your problem to solve and not dreamhost, the problem is not going to get solved.

Take Ryo-ohki advice and discuss this over in the wordpress forums where it gets better exposure, it’s a wordpress problem not a dreamhost problem.


#10

Where did you find this info? .htdigest or in your database?


#11

While I partially agree, DH does need to be interested in security and preventing unwanted access. Once a hacker compromises an account, it becomes much easier compromise others. Read about the HBGary break-in. One the hacker was in based on a regular account, they exploited a bug in their un-updated kernel to obtain root access.

DH doesn’t always run the bleeding edge versions of software either, so there are likely exploits waiting to be hacked. The reason they don’t is that legitimate users a) know they will be tracked and b) don’t have anything to gain from compromising the system. Should an outsider get in… well, you get the idea.


#12

I completely disagree - DH needs to take steps to protect their hardware systems form being hacked. I have the same issue all 6 of my web sites are being hacked and I can;t stop the intrusion. Some of them only had a index.hrml file on the domain and that’s it and they still got hacked. DH needs to protect its customers from people illegally gaining access to their hardware.

I am a long time DH customer and now will probably leave because completely frustrated with the lack of…


#13

so… it sounds like you are completely agreeing with me, not disagreeing


#14

Of course then there are the intrusions that dreamhost can never protect against because the user is careless with passwords and/or somehow got a keylogger installed on their workstations allowing the intruder to gain access via password.

oh wait, dreamhost is careless about password security too.


#15

So does anyone know how to stop our dreamhosts accounts / hosted websites from being hacked.

I clean everything up (change all passwords) and 3 hours later the hack is back.

Is there a product I can install to scan my sites and then protect them?


#16

UPDATE: Dreamhost support got back to me and told me exactly waht to do to clean everything up. THANKS - all faith in DH is restored.


#17

please do share the tips or add it to the wiki