Web Hosting Talk : Web Hosting Main Forums : Web Hosting : 2 Sites hacked by same guy within 1 week on slhost.com

[jwg1800]

Two of my sites with Slhost.com have been hacked by the same people within the past week. Is this just a totally crazy coincidence or could it have something to do with Slhost.

Anyone else experiencing any problems?

John

[sugarsnow]

i dont know anything about that host but sounds like to me it's possible since its the same hacker and your site maybe the hacker just has something against you personally.. From what I've seen online if someone is determined and good enough, they'll probly get past the best of secuirty. But that's just my 2 cents

[xxkylexx]

Most likly it was just a defacement, which would be vulnerabilities within your code source-- not the host.

[Greg Carnegie]

Quote:

Originally Posted by sugarsnow

i dont know anything about that host but sounds like to me it's possible since its the same hacker and your site maybe the hacker just has something against you personally.

I agree, but maybe you were using the same passwords or software, so it wasn't hard for him to hack your another site?

[clanosiris]

Your issue can also be your php cms or forum is simply out of date. Hackers simply have the ability to do php injection.

I will advise checking for newer release.

If that doesnt work check your permissions usually some users will upload backdoor shell systems if you have 777 or bad permissions within your directories.

[mitchalertsite]

have you had it scanned for vulnerabilities

[Rotfil]

Quote:

Originally Posted by Greg Carnegie

using the same passwords

. Similar IP addresses, and a same password, on the same network, probably just what he was after... How do you now it was the same hacker?.

[Omega-Mark]

left the same mark at a guess

[DamonF]

Do you have any scripts that are just laying there and not installed correctly? (not chmoded,open vulnerabilities within the script,etc.)

[roby2k]

install mod_security
update all scripts
check http://www.milw0rm.com for any exploits for what you have been using
then ask them to check the server with a rootkit detector
and to do a security audit on their server.

[SeriousServers]

Without more information I can not make my conclusions.

It could be someone who knows your sites, and dislikes you.
It could be you use insecure scripts, and they just searched the server / ip's to find holes
It could be a coincidence,

It could be a number of things, what other information can you give us?

[Billiken]

Quote:

Originally Posted by SeriousServers

Without more information I can not make my conclusions.

It could be someone who knows your sites, and dislikes you.
It could be you use insecure scripts, and they just searched the server / ip's to find holes
It could be a coincidence,

It could be a number of things, what other information can you give us?

Actually, the hacking has been a problem on SLHost's servers. A couple weeks ago all of my sites on my resller account had anything named index.* were replaced with hacked files. It turned out it was the entire server not just my reseller account. They had been as they put it "Rooted".

They took the server offline, repaired it and restored from backup, I'd lost a day's worth of data but things were back.

What really upset me was when they didn't follow up with the backup and the next morning something had hung up and it did a restore again from the 'pre-hack' data making me loose a second day's set of data.

Since then the hacking issues seem to have been resolved, I had one directory that ended up with an injection happening simply b/c I'd left it as 777 and didn't have an index.html in it. I fixed that and havn't had a problem since. I'm being extremely cautious though as their servers appear to be a steady target (or someone on their servers is at least).