FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


I think I might've been hacked





saratdear
I just logged in to my DirectAdmin after a REALLY long time and I noticed I've used up almost 99% of my disk space. I'm sure I'll have files to fill up only like maybe 20%. The message system says 1000s of emails have been sent out through my account, last was Feb. I changed my password and I'm trying to find the directories to delete to clear up space...should I be worried more?
rx9876
Yes. Which server is your host on?
Server 1 got hacked.
If you're not on server 1,
that means other servers need checking too.
deanhills
saratdear wrote:
I just logged in to my DirectAdmin after a REALLY long time and I noticed I've used up almost 99% of my disk space. I'm sure I'll have files to fill up only like maybe 20%. The message system says 1000s of emails have been sent out through my account, last was Feb. I changed my password and I'm trying to find the directories to delete to clear up space...should I be worried more?

Nice to see you posting Sarat albeit in less than fortunate circs. Have you been using Joomla? As I've heard of hosted accounts using Joomla have exactly this scenario happening to them. If you are using Joomla you need to upgrade to the latest version, as well as update your spam blocker.

Are you on Servers 2/3? If yes, you need to check Bondings' Official Notification. He is planning to transfer the Servers 2/3 accounts to a different server and hosted members on the servers have been asked to make backups.

http://www.frihost.com/users/Bondings/blog/vp-159788.html
saratdear
I'm hosted on Server 2. And the only thing worth backing up is the blog I've been working on now, Wordpress has been doing that automatically.

And hello there Dean! I do visit once in a while and lurk..I am too lazy to post. College and a new internship now has been keeping me busy. If this blog takes off I might move it to a paid host.

How've you been?
Pippo90
That's so disappointing
deanhills
saratdear wrote:
I'm hosted on Server 2. And the only thing worth backing up is the blog I've been working on now, Wordpress has been doing that automatically.

And hello there Dean! I do visit once in a while and lurk..I am too lazy to post. College and a new internship now has been keeping me busy. If this blog takes off I might move it to a paid host.

How've you been?
I'm doing the same for now. Everything seems to be changing around me and who knows, if come September my work contract doesn't get renewed I'll probably get into changing as well .... maybe it's long overdue.

Glad to hear your blog is doing well. Maybe if you're away from your Website for periods of time you could also think of disabling comments - check up on all of the gateways where spam can get in when you can't monitor the blog on a daily basis. It's one of the first things I do when I start a WordPress site these days. Disable the comments. Check up on all of the places where people can get in, which are also the places where hackers are looking to get in. Don't have an Admin account. Create a brand-new account with Admin power and delete Admin. Make sure the WordPress site as well as ALL of the plug-ins are up to date. If you have downloads enabled, get a script to put a cap on how many are allowed so you don't get attacked. I've seen that happening too. It could happen by mistake as well. A subscriber of your blog has a script to download things from your Website, and it goes into a loop. All of a sudden you're maxed out on your Bandwidth. Etc. Too many scripts going round these days. Easy way to do it is to install a captcha for downloads.
RosenCruz
I agree with Deanhills.

IF you can not check your web site, disable comments. I had an unused myBB forum on Server 3. A while ago, I got an e mail from Direct Admin that my diskspace was almost full. I came back and saw that spam bots posted like 30000 posts on forum and filled up the database. I believe your situation is the same.
saratdear
@Dean - Everything you've suggested seems good to me - but what's with deleting the default admin account and creating a new one?
deanhills
saratdear wrote:
@Dean - Everything you've suggested seems good to me - but what's with deleting the default admin account and creating a new one?
It's used as a security measure. Here are the steps for doing it. Before you do it make sure to make a back-up of your blog first. And be careful to assign all of the posts when you are deleting the Admin account. The steps at the URL show you exactly how to do it:

http://www.inmotionhosting.com/support/website/wordpress/change-wordpress-admin-username-for-security
saratdear
deanhills wrote:
saratdear wrote:
@Dean - Everything you've suggested seems good to me - but what's with deleting the default admin account and creating a new one?
It's used as a security measure. Here are the steps for doing it. Before you do it make sure to make a back-up of your blog first. And be careful to assign all of the posts when you are deleting the Admin account. The steps at the URL show you exactly how to do it:

http://www.inmotionhosting.com/support/website/wordpress/change-wordpress-admin-username-for-security

Seems good - I actually DON'T use the default username, so I'm guessing I'm good. Will look at other steps. Thanks Dean!
deanhills
saratdear wrote:
deanhills wrote:
saratdear wrote:
@Dean - Everything you've suggested seems good to me - but what's with deleting the default admin account and creating a new one?
It's used as a security measure. Here are the steps for doing it. Before you do it make sure to make a back-up of your blog first. And be careful to assign all of the posts when you are deleting the Admin account. The steps at the URL show you exactly how to do it:

http://www.inmotionhosting.com/support/website/wordpress/change-wordpress-admin-username-for-security

Seems good - I actually DON'T use the default username, so I'm guessing I'm good.
As long as you have an Admin account you would still be vulnerable regardless if you were using another account. Also, if you removed the Admin account you would be decreasing the chances of access not eliminating it, as there are many other ways hackers could get in as well.
Related topics
Google Hacked?
Php-Nuke Site -- How likely is it going to be hacked?
Hotmail accounts at risk
How To : Secure Your PHP Website
Yahoo EMail Accounts Being Hacked (NOT SURE)
My forums keep getting hacked..
How do you keep the CD-Drive from making too much noise.
Quick Question
Help Putting a Banner
Task manager
my website
What have you hacked resently?
CD Drives disapperd
Please help me recover from apparently being hacked.
they hacked my account!
Reply to topic    Frihost Forum Index -> Support and Web Hosting -> Web Hosting Support

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.