So far, the only communication I've received from Dreamhost was an automated e-mail apologizing for not getting back to me within 24 hours, but that I would hear from them at some point.
However, I did receive a report from an IT friend who had scanned the server and thought it might be of interest to others. NOTE: I am not trying to cause any problems for Dreamhost; in my view, they provide an excellent price/value proposition, but am concerned about the following: --- Patrick, I'm thinking that the first thing you will want to do is backup all the data you can. I think that your web server has been totally compromised. Of specific note, there is an IRC proxy service running on port 31337 (which is 'leet-speak for elite) and a telnet service running (Probably a back door installed for continued access). Telnet = bad, but is especially suspicious when running alongside ssh. (Which is a secure version of telnet) I have enclosed a security scan of your website that was taken last night, printed to a pdf. Another note. This morning I found that your DNS was broken. Even if your web site and server were working perfectly, this would still be completely debilitating. What is curious to me is that from what I can tell, your DNS and web site are served through a company called DreamHost. If this is true, I would strongly suggest moving your site to a different hosting company. I have personally used lunarpages.com in the past and believe that they are a very good and inexpensive solution. Lunarpages seems to meter usage in a much more fair way than others that I have seen, and are very helpful. No hosting provider should allow themselves to be compromised so badly and for so long. To the good news. . . . <snip> --- In videoblogging@yahoogroups.com, "Enric" <[EMAIL PROTECTED]> wrote: > > You're welcome. :) > > I think you'd need to check with dreamhost if they have a backup. I'm > not familiar with hardening Wordpress/mysql access -- some of it would > depend on how easy it is to guess someone's password, some on the > encryption method in mysql to store the password, etc. You may want > to search on "hardening", "mysql" and "wordpress" and see if any > useful links come up. > > -- Enric > -======- > http://www.cirne.com > > --- In videoblogging@yahoogroups.com, "Patrick" <mobile@> wrote: > > > > Thank you for the informatiom. > > > > I am not familiar with MySQL, but I was able to get into MyphpAdmin > > and remove Kid Fantasy's ID and e-mail address and restore my Admin > > access, but it appears all my video posts, comments, and phpbb forums > > are gone. > > > > Is there anyway to restore them? Is there a backup anywhere? If so, > > how would I restore it, or is this something Dreamhost can do? > > > > Finally, is there a way to harden the system to prevent Kid Fantasy > > from returning and doing this all over again? > > > > Again, thank you. > > > > -Patrick > > > > --- In videoblogging@yahoogroups.com, "Enric" <enric@> wrote: > > > > > > Wordpress stores login passwords in a database table (usually mysql.) > > > You can use dreamhosts utility for modifying your data tables to > > > change the password. For more information check the Wordpress Codex > > > pages, http://codex.wordpress.org/Main_Page, and the mysql > > > documentation, http://dev.mysql.com/doc/ . > > > > > > -- Enric > > > > > > --- In videoblogging@yahoogroups.com, "T.Whid" <twhid@> wrote: > > > > > > > > I'm not that familiar with WP so I don't know where the password is > > > > stored, this is just a tip off the top of my head... > > > > > > > > Find out where the password is stored. If it's stored in the > database > > > > you'll need to login to the database (either via command line, SSH > > > > perhaps, or phpMyAdmin I think DH provides this tool) and use a SQL > > > > directive to change it (since it's probably stored in an encryped > > > > way). > > > > > > > > If it's stored in a flat file somewhere (i doubt it), then just > FTP in > > > > and change it there. > > > > > > > > You probably need to check that the database configuration file > for WP > > > > still has the proper values as well. I'm not certain the name of the > > > > file where this config is set, maybe wp-config.php ?? > > > > > > > > Good luck > > > > > > > > On 2/11/06, Patrick <mobile@> wrote: > > > > > I just discovered my vblog has been hacked by "Kid Fantasy" and am > > > > > unable to login as Admin. > > > > > > > > > > An FTP into the blog/ directory shows all the files are still > there. > > > > > > > > > > There is some discussion on Google and the Forums about the > problem, > > > > > but nothing that I can get a handle on and fear trial and error > > fixes > > > > > might make thing worse. > > > > > > > > > > I've e-mailed Dreamhost support, but the last time it was days > > before > > > > > they got back me. > > > > > > > > > > Bottom line: I've looked into all the self-help options, but no > > luck. > > > > > I am new to MySQL & PHP so any help or pointers in getting my > > vblog, > > > > > back online would be greatly appreciated. > > > > > > > > > > Thank you... > > > > > > > > > > -Patrick > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Yahoo! Groups Links > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > <twhid>www.mteww.com</twhid> > > > > > > > > > > Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/videoblogging/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
