All my 10 sites were hacked! hosted on justhost

49 replies
  • OFF TOPIC
  • |
all my 10 sites were down,just happen one hour ago,my sites were hosted on justhost
it is the information they left on my homepage:


hacked by Team 1

MuslimHackers
Now We AreRunninGThis Site
AnD
We Are LookinG For The Answer From YouAdmin!
Where Is YourSecuritY!
Right! No Answer IGuesS!
Be Ready We AreComing Back If You Did Not ResponD To This Message:-
.......................(200 words about Nation attack sentence..you know)..

but I still don't know which weak cause their access
#hacked #hosted #justhost #sites
  • Profile picture of the author nickhumph
    Ouch,

    You have to contact justhost immediately and inform them of the situation.

    I've been hacked before and it was due to my CHMOD file permissions being left open to the public.

    And you have to make sure that all your plugins are updated to the last version
    {{ DiscussionBoard.errors[5343008].message }}
  • Profile picture of the author mikelito11
    ohh thats really BAD news mate.

    Sorry to hear, but I only trust my site's to Hostgator nothing else.
    Signature

    How to hack android apk games?

    {{ DiscussionBoard.errors[5343015].message }}
  • Profile picture of the author arranrice
    Why do people do this!!!
    You need to contact your hosting straight away and they should be able to restore your sites and help you.

    Do the sites get any traffic? You need to find out what made them target your site and work around it and stop it happening again. I think people who hack sites are very sad and how the hell do they do it! There sad people!

    But yes contact your host now! If they have a live support option just use that Hope you get the sites back to normal, keep me posted on what happens!

    ArranRice!
    {{ DiscussionBoard.errors[5343017].message }}
  • Profile picture of the author ruby2011
    Your story tells us it is very important to choose a good host. I have not met this situation before and all of my sites are hosted on reliable hosts, although it costs me an extra of money.
    Signature

    Want to recover lost data on iPhone? Check this tutorial to fully restore deleted files from iPhone just in 3 clicks.

    {{ DiscussionBoard.errors[5343057].message }}
  • Profile picture of the author johnben1444
    Talk to your hosting company immediately and see what they can do. Some hosting companies have more security and gives users a better chance of getting back their site.

    Wish you luck!
    Signature
    Grow your social media account, Spotify Streams, YT Views & IG Followers & More
    Software & Mobile APP Developer
    Buy Spotify, Facebook Bot & IG M/S Method
    {{ DiscussionBoard.errors[5343062].message }}
  • Profile picture of the author JWImarketing
    I can't give much advice on this one my friend....just wanted to say sorry to hear it. Some people just suck.

    Jim
    {{ DiscussionBoard.errors[5343359].message }}
    • Profile picture of the author atxadmin
      I've been wrestling with JustHost for a week now since I saw that logging into any of my blogs hosted there now causes a browser redirect to one of the Russian Federation ugly sites and keeps reinfecting me with a false antivirus (the "Security Center 2012 one). I couldn't see the redirect until I turned on a firewall blocker and saw the attempt being blocked now. No more False Antivirus but I can't go on like this.

      Support there just says they've scanned my account and it's "OK" so it's my local computer causing the problem. Guess what, I can use a different browser and different computer and still see the problem. They ignore me when I tell them that and just want to close the ticket.

      Heck, I can just surf to the server there (cx112.justhost.com) and am redirected to YET ANOTHER super spammer server! Try it! Just make sure you have something blocking outgoing requests.

      Don't know how to make these folks listen and I'd hate to pull all my blogs and move them, but this is too much.
      {{ DiscussionBoard.errors[5346893].message }}
  • Profile picture of the author onegoodman
    You just scared me. I had a site on justhost and I am glad it is not hacked.

    contact justhost immediately and request an explanation of what is going on
    {{ DiscussionBoard.errors[5346924].message }}
  • Profile picture of the author atxadmin
    It still could be that all of my blogs on JustHost became suddenly infected somehow but nothing shows up when I download and scan all the files. This all started around the time of the last WordPress update, to 3.3, but certainly could be a coincidence. I used the "automatic" update within the admin area to do the upgrade.

    Ugly stuff.

    JustHost support just 'scans' my account and says "Nothing is wrong. Please clean your computer."
    {{ DiscussionBoard.errors[5347589].message }}
  • Profile picture of the author RavishingRajni
    so sorry to hear of this
    {{ DiscussionBoard.errors[5347664].message }}
  • Profile picture of the author meaghandrina
    Thanks for some great information. I’m glad it wasn’t worse. You are a saavy guy with computers and know what you’re doing. I don’t have a website, just a blog which soon will also be my business.

    thanks very much!
    {{ DiscussionBoard.errors[5347720].message }}
  • Profile picture of the author Big Al
    Definitely speak to your host and see if they can restore your sites back to their original state. Then investigate how you can back-up your sites in future.

    There are some really good threads here on site security and what to do to protect your sites.

    Looking for ways to change your table settings, upload a .htaccess file to the wp-admin folder, use stronger passwords, don't use 'Admin' as the login in name, change your existing passwords (including your FTP account one) and start backing up all your sites on a regular basis.

    These threads may help:
    http://www.warriorforum.com/main-int...e-hackers.html

    http://www.warriorforum.com/main-int...ress-site.html

    http://www.warriorforum.com/main-int...your-site.html
    {{ DiscussionBoard.errors[5348315].message }}
    • Profile picture of the author atxadmin
      Originally Posted by Big Al View Post

      Definitely speak to your host and see if they can restore your sites back to their original state. Then investigate how you can back-up your sites in future.
      Good help! I wish I could trust what condition the "original state" means, in my case.

      I've pulled the entire contents of my blogs down and run three different antivirus programs and they see nothing. Yet when this file set is online in my account at JustHost, my browser attempts a behind-the-scenes redirect to a malware site when I access them. It seems to point to some kind of problem at one level higher than my actual files. It's now my driven desire to fill in my knowledge gap and understand how this is happening.

      One thing I have not yet done is to do a file-by-file compare with the latest WordPress basic (3.3) file set against one of my troublesome WordPress installs. Could very well be that my installs now have code in them that isn't really recognized as malware because of the environment. That is, PHP isn't what runs in Windows XP so might appear completely benign. Plugin antivirus software, at least the ones I've tried, aren't seeing anything unusual either, but could be a fairly new exploit.

      I understand that JustHost isn't in the malware debugging business, but I wish they'd be a little more worried about what other problems accounts on their system might have. Perhaps they are but are just keeping mum.
      {{ DiscussionBoard.errors[5351829].message }}
  • Profile picture of the author gridley
    Justhost are the worst hosting company in my experience. My sites, regardless of CMS all got hacked multiple times, there is definitely some sort of vulnerability in their system. I've now been with a new host since October and no hackings since (exactly the same websites).
    {{ DiscussionBoard.errors[5348372].message }}
    • Profile picture of the author minisite911
      sorry to hear that
      i've been hacked before (my sites), but my brother can fix it in 10 mins. basically they're just modifying a few lines which can be fixed.
      Signature
      {{ DiscussionBoard.errors[5348407].message }}
    • Profile picture of the author Don Luis
      Banned
      Originally Posted by gridley View Post

      Justhost are the worst hosting company in my experience. My sites, regardless of CMS all got hacked multiple times, there is definitely some sort of vulnerability in their system. I've now been with a new host since October and no hackings since (exactly the same websites).
      You might want to check your site because your hosting was suspended.
      {{ DiscussionBoard.errors[5348464].message }}
    • Profile picture of the author profitprint
      Originally Posted by gridley View Post

      Justhost are the worst hosting company in my experience. My sites, regardless of CMS all got hacked multiple times, there is definitely some sort of vulnerability in their system. I've now been with a new host since October and no hackings since (exactly the same websites).
      All my 5 sites in Justhost were hacked before. I am also thinking about changing to hostgator.
      Signature
      {{ DiscussionBoard.errors[5349398].message }}
  • Profile picture of the author humbledmarket
    Banned
    Yeh very common. I had 100 sites hacked on host dime before...boy it wasn't good. My SERPS fell like a rock! It was terrible.

    In terms to fixing it the biggest vulnerability is when you don't update your site. The sad thing is wordpress has a lot of vulnerabilities and VERY easy to hack. You can get some plug ins to help but it isn't a perfect solution
    {{ DiscussionBoard.errors[5348426].message }}
  • Profile picture of the author anshuldayal
    You should also consider adding additional security to your sites against hackers with a readymade plugin like WPLockup which provides multi layered security features like custom admin login page, http authentication and captcha login screens.
    {{ DiscussionBoard.errors[5349159].message }}
  • Profile picture of the author Daniel Ong CW
    Get someone who knows about security and have them scan through and check for all areas for possible security flaws.

    I am pretty sure you can get some good help on WF.
    {{ DiscussionBoard.errors[5349403].message }}
  • Profile picture of the author JeremiahSay
    Listen learned.. Never trust other hosting service provider accept for hostgator and bluehost..

    May God bless you,
    Jeremiah
    {{ DiscussionBoard.errors[5349475].message }}
  • Profile picture of the author atxadmin
    Originally Posted by Cigar2010 View Post

    all my 10 sites were down,just happen one hour ago,my sites were hosted on justhost
    it is the information they left on my homepage:


    hacked by Team 1
    Were all of your sites standalone HTML?

    Or were they WordPress blogs?
    {{ DiscussionBoard.errors[5351850].message }}
  • Profile picture of the author anthony2
    sorry to hear about your website being hacked.
    never used justhost before so not sure how reliable they
    are.

    I Have my websites with hostgator.

    I hope you backed up your websites. If so then you may
    want to move it to a more reliable webhosting service.
    Signature
    "I Leveled The Playing Field And Removed Every Roadblock
    To Helping You Make Maximum Profits In Minimum Time"
    Click Here Now To Find Out How!
    {{ DiscussionBoard.errors[5351911].message }}
    • Profile picture of the author Steve Hunt
      I know what you are going through, I had all my sites hacked 2 months ago after I changed my hosting to another provider. (not justhost)

      It took two weeks to get it sorted out, I spoke to hostgator about what had happened ( my original host provider) and as I had not cancelled my account they let me change back and ran a series of security checks on all my sites.

      I have learned my lesson that the cheaper options are not always the best. especially if you are running a web based business.
      {{ DiscussionBoard.errors[5352044].message }}
    • Profile picture of the author Francois du_Toit
      Originally Posted by anthony2 View Post

      sorry to hear about your website being hacked.
      never used justhost before so not sure how reliable they
      are.

      I Have my websites with hostgator.

      I hope you backed up your websites. If so then you may
      want to move it to a more reliable webhosting service.
      I am with hostgator and one of my sites hot hacked recently... But,
      hostgator was on to it in a flash and fixed the problem in no time at all.

      So, having a good host won't prevent your sites from being hacked but
      will help a lot to get things back to normal.
      Signature
      Destiny is not a matter of chance, it's a matter of choice.
      {{ DiscussionBoard.errors[5364638].message }}
      • Profile picture of the author anthony2
        Originally Posted by Francois du_Toit View Post

        I am with hostgator and one of my sites hot hacked recently... But,
        hostgator was on to it in a flash and fixed the problem in no time at all.

        So, having a good host won't prevent your sites from being hacked but
        will help a lot to get things back to normal.

        sorry about hearing your website being hacked.
        yea you are right it could happen to any hosting service.
        BILLION DOLLAR Company Sony Online System was hacked and shut down for a couple weeks or a couple months.

        So if it could happen to a big company like that with Billions then
        it could happen to anyone of these hosting services.
        Signature
        "I Leveled The Playing Field And Removed Every Roadblock
        To Helping You Make Maximum Profits In Minimum Time"
        Click Here Now To Find Out How!
        {{ DiscussionBoard.errors[5373607].message }}
  • The problems might be in the wordpress files or theme files or plugin files, or somewhere outside of the wordpress files altogether. OR the problems could be in the database.

    Chasing these things down (and I've done it multiple times, and it's not always the host's fault) is time consuming and you have to find all the dang spots they've injected code. If you leave even one, you're scrooed. I would also run virus and malware and trojan scans on your own machine. It is very possible that's their vector. Make sure to do an online trojan and rootkit scan since some savvy malware will turn off your AV program but make it look like it's still doing its job.
    {{ DiscussionBoard.errors[5352122].message }}
  • Profile picture of the author zaco
    I have seen alot of replies from Warriors saying they downloaded the files and scanned them, I am not an expert but when they hack your site, they modify the files and add redirects so even if you scan, you won't see anything, they do not put a virus or malware on your site ( usually ) they either change the homepage to prove a point or they redirect the traffic to another site, its all about changing few lines without adding any software to your site.
    {{ DiscussionBoard.errors[5352536].message }}
  • Profile picture of the author atxadmin
    Well, now after looking carefully at my WordPress installations, I can see the problem. Apparently my sites were hacked too: ALL javascript file, every single .js file had been changed on 12/27/2011, 2:40am. Each file had the same bit of code appended, which, I'm sure if I untangled it, would be the browser redirectiom I had been seeing.

    I've been using some of the most popular protection plugins, but I might as well save my time and web space and not even bother.

    Not sure we, as WordPress users, or regular old web builders, can stop someone who seems to have free access to our accounts to just edit anything they want ...Aaargh.
    {{ DiscussionBoard.errors[5353607].message }}
  • Profile picture of the author atxadmin
    Well, how very interesting - WordPress has just issued yet another release, Version 3.3.1 - says someone had discovered a cross-scripting security hole in the Version released in mid-December. Guess that might explain some of the problems folks have seen, here on JustHost as well as some other servers I suppose.

    I will test my problem again after I get my installations cleaned up from scratch with the new 3.3.1 Release.
    {{ DiscussionBoard.errors[5354302].message }}
  • Profile picture of the author webskipper
    Oh no... I feel for you as I had a similar experience before... I believe they hacked my sites through my SQL database... I ended up paying someone to fix it then got a guy from Fiverr to reinforce the security for my sites (WP). Since then non of them have been hacked.
    {{ DiscussionBoard.errors[5354554].message }}
  • Profile picture of the author John Romaine
    Let me guess....Wordpress?
    Signature

    BS free SEO services, training and advice - SEO Point

    {{ DiscussionBoard.errors[5354567].message }}
  • Profile picture of the author WiFi
    Contact your hosting company ASAP they have the know-how and expertise to deal with recoving it for you.
    Signature
    WiFi
    {{ DiscussionBoard.errors[5354622].message }}
  • Profile picture of the author John Romaine
    Your sites being hacked have NOTHING to do with the host. It has EVERYTHING to do with you ensuring your sites are secure.
    Signature

    BS free SEO services, training and advice - SEO Point

    {{ DiscussionBoard.errors[5354959].message }}
  • Profile picture of the author Jerome15
    if you are using Wordpress, try to avoid using "Admin" as your username. one of my big site was hacked because i was using "admin" as username and always update it.
    {{ DiscussionBoard.errors[5355077].message }}
  • Profile picture of the author atxadmin
    Yes, I have verified this now.

    I don't know if the cross-scripting vulnerability introduced with the recent (Mid December) WordPress 3.3 caused this, but on December 26 and 27, every site I have on JustHost has had EVERY SINGLE *.js file modified by adding code at the end. This is semi-encoded and appears to be browser redirect code.

    I'll get it decoded to see if the USSR site that's been serving me the "Security Center 2012" threatware is indeed the end redirected target.

    If you are on JustHost, you might want to look at the very end of your *.js files for something that starts out like this:

    var _0xdc8d=["\x73\x63\x5F\x63\x6F","\x67\x65\x74\x45\x6C\x65\x 6D\x65\x6E...

    And ends something like this:

    ...var head=document[_0xdc8d[21]](_0xdc8d[20])[0];head[_0xdc8d[22]](js);} ;



    EDIT:
    After translating the escaped Hex codes, I have verified that this .js hack indeed carried the code to redirect to the Russian malware site I was seeing blocked by MalwareBytes. If I didn't have the blocking enabled, I couldn't see anything unusual going on until later, when all of a sudden I'm infected with the "Security Center 2012" threatware.

    It's now just a matter of removing this from all my sites .js files. The first cleaned site now appears to be operating normally. I'll notify JustHost Support, for whatever good that'll do.
    {{ DiscussionBoard.errors[5355306].message }}
  • Profile picture of the author Cigar2010
    Yes,I use Wordpress,it is my favourate script. now I have restored all my sites.they only change my homepage without modify other files,so it is easy to be restored..
    {{ DiscussionBoard.errors[5364563].message }}
    • Profile picture of the author lukedidit
      Update to 3.3.1

      I would then do a recursive sweep on wordpress:

      chmod -R 644 public_html/wordpress_site

      And to each directory to 755

      chmod 755 wp-content
      chmod 755 wp-admin
      chmod 755 wp-includes

      You may need sudo - depending on the user and who owns public_html (ls -al ~)

      Background - I don't know much about IM, but I work in IT security.
      {{ DiscussionBoard.errors[5364682].message }}
  • Profile picture of the author dailyblogtools
    if you are using ant wordpress security plugins ? i prefer to use some security plugins and back your blog regularly
    {{ DiscussionBoard.errors[5364672].message }}
  • Profile picture of the author Ben Gordon
    I'm not exactly sure what you should do, as I am no hacking specialist. But I would like to thank you for informing the Warrior Forum community about this. I will not be using JustHost in the future due to this incident and other incidents I've heard in this thread with them as hosting providers.
    {{ DiscussionBoard.errors[5364676].message }}
  • That's so unfortunate for you. The important thing to do right now is to contact justhost. They need to explain to you and fix your problem.
    {{ DiscussionBoard.errors[5371522].message }}
  • Profile picture of the author paul_1
    I upgraded to the latest wp version too... I feel we should all be safe for now...
    Signature
    {{ DiscussionBoard.errors[5380107].message }}
  • Profile picture of the author atxadmin
    Well, shoot! Looks like last night all my sites on JustHost were attacked again! This time, they installed a nifty little drive-by trojan. Anyone just browsing to my sites gets redirected to a Russian Federation ugly site, very quietly in the background.

    Latest W.P. (3.3.1) and all plugins updated.

    I asked JustHost if they could restore from their backup and they agreed. Unfortunately, the backups all included the trojans, too.

    Looks like it's time to pick up the whole thing and move to a new hosting company!
    {{ DiscussionBoard.errors[5452995].message }}
  • Profile picture of the author KevinA
    When I was hacked all my affiliate sites (on two different hosts) were attacked - the only link between those two hosting accounts was my FTP software.
    {{ DiscussionBoard.errors[5453020].message }}
    • Profile picture of the author atxadmin
      Originally Posted by KevinA View Post

      When I was hacked all my affiliate sites (on two different hosts) were attacked - the only link between those two hosting accounts was my FTP software.
      Ah, I was fortunate to have only the installations on JustHost attacked. Was this company hosting some of your sites? What was the time frame?
      {{ DiscussionBoard.errors[5454064].message }}

Trending Topics