[videoblogging] Re: My Wordpress 2.01 blog on Dreamhost has been Hacked!
The problem is these things can happen at the worst time; have a newspaper that wants to look at my vblog. It would be great if Dreamhost had a backup they could restore; if not, I'd like to know so I can go to Plan B. Once I get through this fiasco, I am going to re-read all the Rocketboom posts on crisis management. Also, I sent Dreamhost a copy of the security scan and so far nothing. All I know is that when there is a breach on my PC, I go into lockdown mode and secure the perimeter. If I don't hear someting from the Dream Team soon, I'm going to try and contact that stealth hacker/cracker "Fantasy Kid" and see what he can do for me. --- In videoblogging@yahoogroups.com, Peter Van Dijck <[EMAIL PROTECTED]> wrote: > > Well, just speaking up for DH, I've had very good support from then so > far. The best in my 6 year career of trying hosting services. I think > they're overloaded right now for some reason. > > P > > On 2/12/06, Stan Hirson, Sarah Jones <[EMAIL PROTECTED]> wrote: > > > > --- In videoblogging@yahoogroups.com, "Patrick" wrote: > > > > > > So far, the only communication I've received from Dreamhost was an > > > automated e-mail apologizing for not getting back to me within 24 > > > hours, but that I would hear from them at some point. > > > > I have been on Dreamhost for only a few days and I have found the > > experience unpleasant because of a loutish indifference to support. > > I've gotten the same e-mail. Their skrimpy little wiki is of little > > help -- look something up and you even get a press release from 2001! > > > > Your friend's suggestion about lunarpages got me curious enough to > > browse their site. I found it very much oriented to a good user > > experience. They even encourage telephone support. I browsed around a > > bit and it looks as if I will go for it unless I find bad reports. It's > > better for me to bail from Dreamhost now before I have too much linked > > in. > > > > Stan > > > > > > > > > > > > > > > > > > Yahoo! Groups Links > > > > > > > > > > > > > > > Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/videoblogging/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
Re: [videoblogging] Re: My Wordpress 2.01 blog on Dreamhost has been Hacked!
Well, just speaking up for DH, I've had very good support from then so far. The best in my 6 year career of trying hosting services. I think they're overloaded right now for some reason. P On 2/12/06, Stan Hirson, Sarah Jones <[EMAIL PROTECTED]> wrote: > > --- In videoblogging@yahoogroups.com, "Patrick" <[EMAIL PROTECTED]> wrote: > > > > So far, the only communication I've received from Dreamhost was an > > automated e-mail apologizing for not getting back to me within 24 > > hours, but that I would hear from them at some point. > > I have been on Dreamhost for only a few days and I have found the > experience unpleasant because of a loutish indifference to support. > I've gotten the same e-mail. Their skrimpy little wiki is of little > help -- look something up and you even get a press release from 2001! > > Your friend's suggestion about lunarpages got me curious enough to > browse their site. I found it very much oriented to a good user > experience. They even encourage telephone support. I browsed around a > bit and it looks as if I will go for it unless I find bad reports. It's > better for me to bail from Dreamhost now before I have too much linked > in. > > Stan > > > > > > > > > Yahoo! Groups Links > > > > > > > Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/videoblogging/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
[videoblogging] Re: My Wordpress 2.01 blog on Dreamhost has been Hacked!
--- In videoblogging@yahoogroups.com, "Patrick" <[EMAIL PROTECTED]> wrote: > > So far, the only communication I've received from Dreamhost was an > automated e-mail apologizing for not getting back to me within 24 > hours, but that I would hear from them at some point. I have been on Dreamhost for only a few days and I have found the experience unpleasant because of a loutish indifference to support. I've gotten the same e-mail. Their skrimpy little wiki is of little help -- look something up and you even get a press release from 2001! Your friend's suggestion about lunarpages got me curious enough to browse their site. I found it very much oriented to a good user experience. They even encourage telephone support. I browsed around a bit and it looks as if I will go for it unless I find bad reports. It's better for me to bail from Dreamhost now before I have too much linked in. Stan Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/videoblogging/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
Re: [videoblogging] Re: My Wordpress 2.01 blog on Dreamhost has been Hacked!
Dreamhost can get a backup of your database, probably. They did that for me once. Peter On 2/11/06, Patrick <[EMAIL PROTECTED]> wrote: > Thank you for the informatiom. > > I am not familiar with MySQL, but I was able to get into MyphpAdmin > and remove Kid Fantasy's ID and e-mail address and restore my Admin > access, but it appears all my video posts, comments, and phpbb forums > are gone. > > Is there anyway to restore them? Is there a backup anywhere? If so, > how would I restore it, or is this something Dreamhost can do? > > Finally, is there a way to harden the system to prevent Kid Fantasy > from returning and doing this all over again? > > Again, thank you. > > -Patrick > > --- In videoblogging@yahoogroups.com, "Enric" <[EMAIL PROTECTED]> wrote: > > > > Wordpress stores login passwords in a database table (usually mysql.) > > You can use dreamhosts utility for modifying your data tables to > > change the password. For more information check the Wordpress Codex > > pages, http://codex.wordpress.org/Main_Page, and the mysql > > documentation, http://dev.mysql.com/doc/ . > > > > -- Enric > > > > --- In videoblogging@yahoogroups.com, "T.Whid" wrote: > > > > > > I'm not that familiar with WP so I don't know where the password is > > > stored, this is just a tip off the top of my head... > > > > > > Find out where the password is stored. If it's stored in the database > > > you'll need to login to the database (either via command line, SSH > > > perhaps, or phpMyAdmin I think DH provides this tool) and use a SQL > > > directive to change it (since it's probably stored in an encryped > > > way). > > > > > > If it's stored in a flat file somewhere (i doubt it), then just FTP in > > > and change it there. > > > > > > You probably need to check that the database configuration file for WP > > > still has the proper values as well. I'm not certain the name of the > > > file where this config is set, maybe wp-config.php ?? > > > > > > Good luck > > > > > > On 2/11/06, Patrick wrote: > > > > I just discovered my vblog has been hacked by "Kid Fantasy" and am > > > > unable to login as Admin. > > > > > > > > An FTP into the blog/ directory shows all the files are still there. > > > > > > > > There is some discussion on Google and the Forums about the problem, > > > > but nothing that I can get a handle on and fear trial and error > fixes > > > > might make thing worse. > > > > > > > > I've e-mailed Dreamhost support, but the last time it was days > before > > > > they got back me. > > > > > > > > Bottom line: I've looked into all the self-help options, but no > luck. > > > > I am new to MySQL & PHP so any help or pointers in getting my > vblog, > > > > back online would be greatly appreciated. > > > > > > > > Thank you... > > > > > > > > -Patrick > > > > > > > > > > > > > > > > > > > > > > > > > > > > Yahoo! Groups Links > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > www.mteww.com > > > > > > > > > > > > > Yahoo! Groups Links > > > > > > > > Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/videoblogging/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
[videoblogging] Re: My Wordpress 2.01 blog on Dreamhost has been Hacked!
So far, the only communication I've received from Dreamhost was an automated e-mail apologizing for not getting back to me within 24 hours, but that I would hear from them at some point. However, I did receive a report from an IT friend who had scanned the server and thought it might be of interest to others. NOTE: I am not trying to cause any problems for Dreamhost; in my view, they provide an excellent price/value proposition, but am concerned about the following: --- Patrick, I'm thinking that the first thing you will want to do is backup all the data you can. I think that your web server has been totally compromised. Of specific note, there is an IRC proxy service running on port 31337 (which is 'leet-speak for elite) and a telnet service running (Probably a back door installed for continued access). Telnet = bad, but is especially suspicious when running alongside ssh. (Which is a secure version of telnet) I have enclosed a security scan of your website that was taken last night, printed to a pdf. Another note. This morning I found that your DNS was broken. Even if your web site and server were working perfectly, this would still be completely debilitating. What is curious to me is that from what I can tell, your DNS and web site are served through a company called DreamHost. If this is true, I would strongly suggest moving your site to a different hosting company. I have personally used lunarpages.com in the past and believe that they are a very good and inexpensive solution. Lunarpages seems to meter usage in a much more fair way than others that I have seen, and are very helpful. No hosting provider should allow themselves to be compromised so badly and for so long. To the good news. . . . --- In videoblogging@yahoogroups.com, "Enric" <[EMAIL PROTECTED]> wrote: > > You're welcome. :) > > I think you'd need to check with dreamhost if they have a backup. I'm > not familiar with hardening Wordpress/mysql access -- some of it would > depend on how easy it is to guess someone's password, some on the > encryption method in mysql to store the password, etc. You may want > to search on "hardening", "mysql" and "wordpress" and see if any > useful links come up. > > -- Enric > -==- > http://www.cirne.com > > --- In videoblogging@yahoogroups.com, "Patrick" wrote: > > > > Thank you for the informatiom. > > > > I am not familiar with MySQL, but I was able to get into MyphpAdmin > > and remove Kid Fantasy's ID and e-mail address and restore my Admin > > access, but it appears all my video posts, comments, and phpbb forums > > are gone. > > > > Is there anyway to restore them? Is there a backup anywhere? If so, > > how would I restore it, or is this something Dreamhost can do? > > > > Finally, is there a way to harden the system to prevent Kid Fantasy > > from returning and doing this all over again? > > > > Again, thank you. > > > > -Patrick > > > > --- In videoblogging@yahoogroups.com, "Enric" wrote: > > > > > > Wordpress stores login passwords in a database table (usually mysql.) > > > You can use dreamhosts utility for modifying your data tables to > > > change the password. For more information check the Wordpress Codex > > > pages, http://codex.wordpress.org/Main_Page, and the mysql > > > documentation, http://dev.mysql.com/doc/ . > > > > > > -- Enric > > > > > > --- In videoblogging@yahoogroups.com, "T.Whid" wrote: > > > > > > > > I'm not that familiar with WP so I don't know where the password is > > > > stored, this is just a tip off the top of my head... > > > > > > > > Find out where the password is stored. If it's stored in the > database > > > > you'll need to login to the database (either via command line, SSH > > > > perhaps, or phpMyAdmin I think DH provides this tool) and use a SQL > > > > directive to change it (since it's probably stored in an encryped > > > > way). > > > > > > > > If it's stored in a flat file somewhere (i doubt it), then just > FTP in > > > > and change it there. > > > > > > > > You probably need to check that the database configuration file > for WP > > > > still has the proper values as well. I'm not certain the name of the > > > > file where this config is set, maybe wp-config.php ?? > > > > > > > > Good luck > > > > > > > > On 2/11/06, Patrick wrote: > > > > > I just discovered my vblog has been hacked by "Kid Fantasy" and am > > > > > unable to login as Admin. > > > > > > > > > > An FTP into the blog/ directory shows all the files are still > there. > > > > > > > > > > There is some discussion on Google and the Forums about the > problem, > > > > > but nothing that I can get a handle on and fear trial and error > > fixes > > > > > might make thing worse. > > > > > > > > > > I've e-mailed Dreamhost support, but the last time it was days > > before > > > > > they got back me. > > > > > > > > > > Bottom line: I've looked into all the self-help options, but no > > luck. > > > > > I am new to MySQL & PHP so any help or po
[videoblogging] Re: My Wordpress 2.01 blog on Dreamhost has been Hacked!
Thank you for the informatiom. I am not familiar with MySQL, but I was able to get into MyphpAdmin and remove Kid Fantasy's ID and e-mail address and restore my Admin access, but it appears all my video posts, comments, and phpbb forums are gone. Is there anyway to restore them? Is there a backup anywhere? If so, how would I restore it, or is this something Dreamhost can do? Finally, is there a way to harden the system to prevent Kid Fantasy from returning and doing this all over again? Again, thank you. -Patrick --- In videoblogging@yahoogroups.com, "Enric" <[EMAIL PROTECTED]> wrote: > > Wordpress stores login passwords in a database table (usually mysql.) > You can use dreamhosts utility for modifying your data tables to > change the password. For more information check the Wordpress Codex > pages, http://codex.wordpress.org/Main_Page, and the mysql > documentation, http://dev.mysql.com/doc/ . > > -- Enric > > --- In videoblogging@yahoogroups.com, "T.Whid" wrote: > > > > I'm not that familiar with WP so I don't know where the password is > > stored, this is just a tip off the top of my head... > > > > Find out where the password is stored. If it's stored in the database > > you'll need to login to the database (either via command line, SSH > > perhaps, or phpMyAdmin I think DH provides this tool) and use a SQL > > directive to change it (since it's probably stored in an encryped > > way). > > > > If it's stored in a flat file somewhere (i doubt it), then just FTP in > > and change it there. > > > > You probably need to check that the database configuration file for WP > > still has the proper values as well. I'm not certain the name of the > > file where this config is set, maybe wp-config.php ?? > > > > Good luck > > > > On 2/11/06, Patrick wrote: > > > I just discovered my vblog has been hacked by "Kid Fantasy" and am > > > unable to login as Admin. > > > > > > An FTP into the blog/ directory shows all the files are still there. > > > > > > There is some discussion on Google and the Forums about the problem, > > > but nothing that I can get a handle on and fear trial and error fixes > > > might make thing worse. > > > > > > I've e-mailed Dreamhost support, but the last time it was days before > > > they got back me. > > > > > > Bottom line: I've looked into all the self-help options, but no luck. > > > I am new to MySQL & PHP so any help or pointers in getting my vblog, > > > back online would be greatly appreciated. > > > > > > Thank you... > > > > > > -Patrick > > > > > > > > > > > > > > > > > > > > > Yahoo! Groups Links > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > www.mteww.com > > > Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/videoblogging/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
[videoblogging] Re: My Wordpress 2.01 blog on Dreamhost has been Hacked!
You're welcome. :) I think you'd need to check with dreamhost if they have a backup. I'm not familiar with hardening Wordpress/mysql access -- some of it would depend on how easy it is to guess someone's password, some on the encryption method in mysql to store the password, etc. You may want to search on "hardening", "mysql" and "wordpress" and see if any useful links come up. -- Enric -==- http://www.cirne.com --- In videoblogging@yahoogroups.com, "Patrick" <[EMAIL PROTECTED]> wrote: > > Thank you for the informatiom. > > I am not familiar with MySQL, but I was able to get into MyphpAdmin > and remove Kid Fantasy's ID and e-mail address and restore my Admin > access, but it appears all my video posts, comments, and phpbb forums > are gone. > > Is there anyway to restore them? Is there a backup anywhere? If so, > how would I restore it, or is this something Dreamhost can do? > > Finally, is there a way to harden the system to prevent Kid Fantasy > from returning and doing this all over again? > > Again, thank you. > > -Patrick > > --- In videoblogging@yahoogroups.com, "Enric" wrote: > > > > Wordpress stores login passwords in a database table (usually mysql.) > > You can use dreamhosts utility for modifying your data tables to > > change the password. For more information check the Wordpress Codex > > pages, http://codex.wordpress.org/Main_Page, and the mysql > > documentation, http://dev.mysql.com/doc/ . > > > > -- Enric > > > > --- In videoblogging@yahoogroups.com, "T.Whid" wrote: > > > > > > I'm not that familiar with WP so I don't know where the password is > > > stored, this is just a tip off the top of my head... > > > > > > Find out where the password is stored. If it's stored in the database > > > you'll need to login to the database (either via command line, SSH > > > perhaps, or phpMyAdmin I think DH provides this tool) and use a SQL > > > directive to change it (since it's probably stored in an encryped > > > way). > > > > > > If it's stored in a flat file somewhere (i doubt it), then just FTP in > > > and change it there. > > > > > > You probably need to check that the database configuration file for WP > > > still has the proper values as well. I'm not certain the name of the > > > file where this config is set, maybe wp-config.php ?? > > > > > > Good luck > > > > > > On 2/11/06, Patrick wrote: > > > > I just discovered my vblog has been hacked by "Kid Fantasy" and am > > > > unable to login as Admin. > > > > > > > > An FTP into the blog/ directory shows all the files are still there. > > > > > > > > There is some discussion on Google and the Forums about the problem, > > > > but nothing that I can get a handle on and fear trial and error > fixes > > > > might make thing worse. > > > > > > > > I've e-mailed Dreamhost support, but the last time it was days > before > > > > they got back me. > > > > > > > > Bottom line: I've looked into all the self-help options, but no > luck. > > > > I am new to MySQL & PHP so any help or pointers in getting my > vblog, > > > > back online would be greatly appreciated. > > > > > > > > Thank you... > > > > > > > > -Patrick > > > > > > > > > > > > > > > > > > > > > > > > > > > > Yahoo! Groups Links > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > www.mteww.com > > > > > > Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/videoblogging/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
[videoblogging] Re: My Wordpress 2.01 blog on Dreamhost has been Hacked!
Wordpress stores login passwords in a database table (usually mysql.) You can use dreamhosts utility for modifying your data tables to change the password. For more information check the Wordpress Codex pages, http://codex.wordpress.org/Main_Page, and the mysql documentation, http://dev.mysql.com/doc/ . -- Enric --- In videoblogging@yahoogroups.com, "T.Whid" <[EMAIL PROTECTED]> wrote: > > I'm not that familiar with WP so I don't know where the password is > stored, this is just a tip off the top of my head... > > Find out where the password is stored. If it's stored in the database > you'll need to login to the database (either via command line, SSH > perhaps, or phpMyAdmin I think DH provides this tool) and use a SQL > directive to change it (since it's probably stored in an encryped > way). > > If it's stored in a flat file somewhere (i doubt it), then just FTP in > and change it there. > > You probably need to check that the database configuration file for WP > still has the proper values as well. I'm not certain the name of the > file where this config is set, maybe wp-config.php ?? > > Good luck > > On 2/11/06, Patrick <[EMAIL PROTECTED]> wrote: > > I just discovered my vblog has been hacked by "Kid Fantasy" and am > > unable to login as Admin. > > > > An FTP into the blog/ directory shows all the files are still there. > > > > There is some discussion on Google and the Forums about the problem, > > but nothing that I can get a handle on and fear trial and error fixes > > might make thing worse. > > > > I've e-mailed Dreamhost support, but the last time it was days before > > they got back me. > > > > Bottom line: I've looked into all the self-help options, but no luck. > > I am new to MySQL & PHP so any help or pointers in getting my vblog, > > back online would be greatly appreciated. > > > > Thank you... > > > > -Patrick > > > > > > > > > > > > > > Yahoo! Groups Links > > > > > > > > > > > > > > > > > > > -- > www.mteww.com > Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/videoblogging/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
Re: [videoblogging] Re: My Wordpress 2.01 blog on Dreamhost has been Hacked!
Um, no point. I checked their blog, no mention of it there... Peter On 2/11/06, Patrick <[EMAIL PROTECTED]> wrote: > That's nice, maybe they're were busy/backed up when I contacted them. > > So, what's your point? > > > > --- In videoblogging@yahoogroups.com, Peter Van Dijck > <[EMAIL PROTECTED]> wrote: > > > > > I've e-mailed Dreamhost support, but the last time it was days before > > > they got back me. > > > > They've always gotten back to me within hours whenever I had a question. > > > > Peter > > > > > > > > > > > Yahoo! Groups Links > > > > > > > > Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/videoblogging/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
[videoblogging] Re: My Wordpress 2.01 blog on Dreamhost has been Hacked!
That's nice, maybe they're were busy/backed up when I contacted them. So, what's your point? --- In videoblogging@yahoogroups.com, Peter Van Dijck <[EMAIL PROTECTED]> wrote: > > > I've e-mailed Dreamhost support, but the last time it was days before > > they got back me. > > They've always gotten back to me within hours whenever I had a question. > > Peter > Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/videoblogging/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
