piratereports.com

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • woostar
    Senior Member
    • Aug 2006
    • 155

    piratereports.com

    Posting this here only because I notice there is a locked thread relating to this below, but if the problem was sorted, someone has hijacked their website again.

    Maybe someone that knows them could give them a nudge (or prehaps 'PirateReports' is browsing).
    Last edited by woostar; Fri 14 May '10, 9:58am.
  • feldon23
    Senior Member
    • Nov 2001
    • 11291
    • 3.7.x

    #2
    Schadenfreude

    Comment

    • PirateReports
      Banned
      • Aug 2004
      • 355

      #3
      Thanks I will upload the backup again.

      For anyone interested Godaddy gave no help at all despite the fact that the problem is nothing to do with me or my personal site security. I have also encountered the problem on other networks recently so it is not going to go away. Have a site backup to be safe.

      Comment

      • PirateReports
        Banned
        • Aug 2004
        • 355

        #4
        Just to add further information as I know of at least one vB user who requested support on the same issue thinking he had been hacked via his forum, there APPEARS to be nothing you can do to stop this if you are on a shared server as it is not your actual site that is being targetted. So don't take it personally.

        The files that are changed are .php files and the added code is right at the top of the file if you open it with notepad. You can just delete it and it is code that is unreadable which will also give you a clue. For a simple site like mine it was two files index.php and gdform.php in the root.

        Because I have character recognition in my contact form there were an additional two files in the contact folder so if you have any other additions it will infect all .php files even in folders. Replacing the files with uninfected backups is simple with an ftp client or you can manually edit the files.

        The infection time was 0301 yesterday so it seeems checking your site for changes in the morning may be worthwhile and once you have been hit it is likely to happen again whilst the networks ignore the issue as some like Godaddy currently appear to be doing. The "infection" does nothing more than run a bogus script to scare you into thinking you have a virus and offereing to sell you software to resolve it. The only "infection" is the script causing the bogus scan and your PC is fine.

        Hope that helps anyone with the same problem.
        Last edited by PirateReports; Fri 14 May '10, 11:08pm.

        Comment

        • nitra1000
          Member
          • Nov 2009
          • 54

          #5
          No offence but if it's happening on goDaddy hosting and other hosting providers you have tried... then surely the fault is with you.

          Maybe double check the machines you FTP from for dodgy programs.

          Comment

          • Private_Ale
            New Member
            • Nov 2007
            • 20
            • 3.8.x

            #6
            Originally posted by PirateReports
            Thanks I will upload the backup again.

            For anyone interested Godaddy gave no help at all despite the fact that the problem is nothing to do with me or my personal site security. I have also encountered the problem on other networks recently so it is not going to go away. Have a site backup to be safe.
            Hi Howard,

            I know it's none of my business, but have you considered getting a VPS? (Virtual Private Server)
            Godaddy is an infamously bad host, so if you do get a VPS or even a cheap dedicated, go for a different company.

            In the long run it will be a better choice.

            Hope everything works out,
            Maurice

            Comment

            • PirateReports
              Banned
              • Aug 2004
              • 355

              #7
              Nitra1000 My site does not run anything it is glorified business card and has not been edited since it was last updated a few years ago but does use the latest php


              Private_Ale Yes I did consider a VPS but not for a glorified business card. I do have a private server for my data.


              Here is Godaddy's generic response and I reiterate my site was not hacked it was cross infected. Note they list all other hosts before themselves as if they are just an also ran. It also took me about 5 support tickets to even get recognition a problem existed. They never contacted me at all despite my being infected for 3 days the first time and about 8 hours the second time.


              Who has been affected:


              * We've confirmed with or seen reports from customers of BlueHost, DreamHost, Media Temple, Network Solutions, Go Daddy and other hosting providers

              * Individuals running outdated applications and software, including forgotten files

              * Sites running WordPress blogs and other PHP-based platforms, including Zen Cart eCommerce

              * Tens of thousands of users across the Internet

              * Of Go Daddy's more than 4.3 million hosted sites, this impacted less than 0.05% of our customers



              What are the attacks:


              * A PHP exploit affecting older versions of hosted software, such as WordPress

              * An injection of malicious JavaScript, redirecting visitors to virus-ridden scareware domains

              * Malware that changed its point-of-entry several times, adapting to defenses

              * A security compromise that came back in multiple waves, finding new vulnerabilities



              How is GoDaddy helping:


              * Scanning our servers upon first instance of the attacks, to identify impacted customers

              * Contacting affected users directly by phone and e-mail to alert them of the issue

              * Creating a "Security Submission Form" for users to submit their site for review by our Security Team

              * Reaching out to other large hosting providers, our competitors, to share best practices and protect the Internet community

              * Developing Help Articles to inform users how to keep their sites safe and avoid the problem

              * Participating in webcast and blog discussions to educate the public about the attacks



              Why are the attacks happening:


              * Powerful, robust applications like WordPress have lots of code ... one tiny vulnerability is all it takes

              * Old software versions require updates to patch security holes, customers aren't always aware

              * Neglected, once-used applications with security holes are sometimes overlooked

              * Security is only as strong as its weakest link, one bad file in a hosting account can bring everything down!

              * If a site is already compromised, updates themselves won't always fix the problem
              Last edited by PirateReports; Sat 15 May '10, 9:44am.

              Comment

              • PirateReports
                Banned
                • Aug 2004
                • 355

                #8
                Originally posted by nitra1000
                No offence but if it's happening on goDaddy hosting and other hosting providers you have tried... then surely the fault is with you.

                Maybe double check the machines you FTP from for dodgy programs.

                You misunderstod, I have never used another host I have heard of the issue from users of other hosts as well as Godaddy.

                Comment

                • Carnage-
                  Senior Member
                  • Jan 2005
                  • 758
                  • 3.8.x

                  #9
                  This is godady's fault through and through.

                  There should be NO possible way that an infected shared hosting account should be able to affect another shared hosting account on the same server.
                  Some of my Mods:
                  Advanced IP Ban Manager (vb3.6+ version) - Fine grained control over blocking trouble makers.
                  Advanced IP Ban Manager (vb4 version) - Fine grained control over blocking trouble makers.
                  Use Original thread for Comments - Uses the original thread for comments for any forum threads promoted to CMS articles.
                  Custom Friendly Urls - Allows customisation of forum urls from the admin CP.

                  Comment

                  • Riasat
                    Senior Member
                    • Aug 2006
                    • 4013

                    #10
                    Originally posted by Carnage-
                    This is godady's fault through and through.

                    There should be NO possible way that an infected shared hosting account should be able to affect another shared hosting account on the same server.
                    depending on the level of sharing, it might be possible.

                    Comment

                    • PirateReports
                      Banned
                      • Aug 2004
                      • 355

                      #11
                      Originally posted by CvP
                      depending on the level of sharing, it might be possible.
                      It IS possible or I would not have been cross infected. The point the previous poster was making, and the one I have made to Godaddy, is that if a person is sold shared hosting they should only have to worry about their own security and software, not everyone else who bought space.

                      Even more important when something goes wrong as in life it surely will, the host should not ignore the customers and make them ALL feel they have poor security, they should imediately admit THEIR system if flawed and post a full explanation of what they intend to do about it.

                      Listing all the possibilites and not focussing on the correct one on this occasion namely shared server cross infection again is spin to pretend the system is not flawed and the users are the problem. Yes the initial access would have been via ONE user but after that the other millions or the vast majority are propogation casualties.

                      Too many companies nowadays direct support staff to mislead users as a damage limitation excercise when honesty would go further. You can't assume your whole customer database is stupid and eventually (in this case about 5 emails later) you have to admit (even through clenched teeth) that the customer is a victim having done absolutely nothing wrong.

                      Hopefully individual user accounts will in future be isolated even on shared hosting and it does seem logical to me that data jumping different accounts cannot be seen as acceptable without some sort of manually activated challenge so a script cannot propogate.

                      Pehaps the more technically minded of you can make some suggestions to [email protected]

                      Comment

                      • Riasat
                        Senior Member
                        • Aug 2006
                        • 4013

                        #12
                        Originally posted by PirateReports
                        It IS possible or I would not have been cross infected.
                        I use HostGator. They have a strict policy about this. If you damage others' property in your shared server, your account will be banned.

                        Comment

                        • Homeworld'sa
                          Senior Member
                          • Sep 2009
                          • 920
                          • 3.8.x

                          #13
                          Why is a company like PirateReports using GoDaddy anyway?
                          That's it. If you REALLY can't say ANYTHING nice to me at all on this forum, then I am going to go insanely mad at you. I've had enough of the UNTOLD ABUSE you are all giving me and you should really be CONSIDERATE of other people.

                          Comment

                          • Carnage-
                            Senior Member
                            • Jan 2005
                            • 758
                            • 3.8.x

                            #14
                            If you have proper access control and apache setup to shed privilages and run under the user who's files its executing (which should be the default setup for shared hosting) It becomes a much harder task to cross infect hosts.
                            Some of my Mods:
                            Advanced IP Ban Manager (vb3.6+ version) - Fine grained control over blocking trouble makers.
                            Advanced IP Ban Manager (vb4 version) - Fine grained control over blocking trouble makers.
                            Use Original thread for Comments - Uses the original thread for comments for any forum threads promoted to CMS articles.
                            Custom Friendly Urls - Allows customisation of forum urls from the admin CP.

                            Comment

                            • PirateReports
                              Banned
                              • Aug 2004
                              • 355

                              #15
                              Originally posted by Homeworld'sa
                              Why is a company like PirateReports using GoDaddy anyway?
                              Never had an issue before and it's only a glorified busines card. As stated above I have my own server for critical data.

                              If the issue is not resolved then I might move but I can fix it in about 2 minutes so not worth losing sleep over yet especially as some respected networks are also having the same problem.

                              If you never bought software with a bug you would have a blank screen, it's just an irritation for now not a deal breaker.

                              Comment

                              Related Topics

                              Collapse

                              Working...