WordPress.org

1. kimchihead
   Member
   Posted 6 years ago #

   If you go to my site at kimchihead.com, you'll see this following message:

   A1TS AQUI NAO TEM MOLEZA OU OWNA OU SAI FORA by pitt3r_p4rk3r

   My host is 1&1. I am running the latest version of WordPress. I still have FTP access. It looks like one file (index.php) has been modified, and two files have been added, called simply "i" and "a".

   Right now, I am on hold with my host. I've been on hold for 30 minutes and counting. Luckily, I have speakerphone, so I am typing this message while waiting. What should I do next?

   Thanks!

2. msadventures
   Member
   Posted 6 years ago #

   Start changing all your passwords, number 1. And as I, thankfully, have never had that problem, I couldn't advise what to do next, but there are lots of helpful folks here. Best of luck, hope it's resolved quickly and painlessly for you. :)

3. whooami
   Member
   Posted 6 years ago #

   I cant speak to the hacking, but damn your site is nicely done. i REALLLLY am impressed.

   search pitt3r_p4rk3r on google, the guys email addy is easily gotten -- send an email off asking what he did, I, for one, would be interested

4. kimchihead
   Member
   Posted 6 years ago #

   Thanks for the feedback. :)

   I changed all of my passwords. Hopefully that will work for now.

   And thanks, whooami, for the kind words. :)

5. kimchihead
   Member
   Posted 6 years ago #

   Well, they've done it again. This time, the message is...

   [ A1TS - r3ckd4ll ]

   And, this time, they've deleted everything in the root directory. All that remains are the subdirectories, as well as the .htaccess file, and the index.php file.

6. Mark (podz)
   Support Maven
   Posted 6 years ago #

   Do you have the server access logs / error logs ?
   What are your hosts doing about this exactly ? If nothing, move hosts.

7. kimchihead
   Member
   Posted 6 years ago #

   Hi podz,

   I do have the access and FTP logs. The FTP log is fairly straightforward, and indicates that I'm the only one that has been doing at FTP there, but the access log is really hard for me to decipher.

   I called my host the other day. I was told that there are two possibilities: 1) either the host is being hacked, or the script (i.e., WP) is being hacked. Moreover, I was told that this was possibly due to my passwords being easy to guess.

   I told the phone support person that my passwords are alphanumeric combinations, very hard to guess. But we all know that they read from a script anyway, and I knew at that point that my conversation with her would be useless.

   Anyway, after being on hold for 30 minutes, and then being "accidentally" cut off from the support line, I was sent an e-mail instructing me to change my passwords to something more difficult.

8. James
   Happiness Engineer
   Posted 6 years ago #

   This Google search may shed some light on the issue:

   http://www.google.com/search?q=pitt3r_p4rk3r

9. Mark (podz)
   Support Maven
   Posted 6 years ago #

   kimchihead - I would dump 1and1. If all they are prepared to do is give you a stock answer to a serious issue, I'd move. There are better hosts out there.

10. kimchihead
    Member
    Posted 6 years ago #

    macmanx: I conducted the same search, although I could not make heads or tails of the search results...

    podz: Any recommendations, given that I'm on a tight budget? :)

11. Mark (podz)
    Support Maven
    Posted 6 years ago #

    http://www.asmallorange.com is a great host, as is http://www.site5.com
    You get what you pay for with hosting like any other product but both the above have excellent support and actually know what they are talking about - which is always a bonus :)

12. vkaryl
    Member
    Posted 6 years ago #

    As well, http://below10host.com.... and while you CAN pay more, this relatively inexpensive host has been the most helpful, responsive, and concerned one I've used in the last 8 years or so - and they ALWAYS respond within just a couple of hours, WITH the answers!

Topic Closed

This topic has been closed to new replies.