FirefoxRocks
Sep 22 2007, 05:25 PM
Ok first of all I had this issue of my cPanel/FTP password not working: http://www.astahost.com/cant-access-cpanel...led-t16945.html. That raised a warning flag as I didn't change any settings of user authentication, etc. So then I reset my password using the forum thing under "Free Web Hosting". It supposedly "failed", so I didn't use 10 credits. When I accessed my FTP account to upload some PHP files that I corrected, I found this new directory/file under my public_html folder: /9xYenBai.Com/UploadMusic/Honey.wma So I raised security, went to that website http://9xYenBai.Com and couldn't understand Vietnamese, so it didn't look suspicious or anything becuase McAfee SiteAdvisor didn't rate it yet. Then, I downloaded the WMA music file, scanned it for viruses and found that it wasn't a virus, so I played it in Windows Media Player and the song was in Vietnamese, same as this site. Now my main concern is that the directory is called UploadMusic, so do you think someone cracked my password and uploaded files to my account?
Comment/Reply (w/o sign-up)
Mark420
Sep 22 2007, 09:30 PM
This sounds very odd indeed! I know Turbo had some issues this week with his Cpanel password also being changed for no reason. Can you have a look at you FTP/Webstats and try to work on whos been visiting your site and look for the wma file in the logs and see if its been downloaded by anyone other than you. Have you burned a lot of bandwidth this month you cant account for also?
Comment/Reply (w/o sign-up)
vujsa
Sep 23 2007, 12:39 AM
First, you were definitely hacked! Second, your hosting account has problems! Third, you need to contact support. Your site, for whatever reason, was, it looks like, suspended. Your member profile shows you as a HOSTED member but your profile is missing important hosting data! When an account sites around for awhile without activity, hacker take the site over and use it for their purposes! Now, between your suspension and member profile errors, when you earned enough credits to unsuspend your account, either the hacker had changed the password or more probable, the error in your member profile prevented you from logging into your account. So, now that you seem to have some access to the website, you can see the file changes that were made on your account. More than likely, a script like SMF or Mambo allowed a hacker to upload files to your account or even have full control over you public_html folder. It is unlikely that he was able to crack your password. So, once you get your account issues fixed, then you need to either remove the exploited web script or upgrade it to a more secure version! These little issues you have, are rather common. Even I have had a similar issue with random files or folders being uploaded to my file system. It was a result of little or no activity on the website along with an exploit in one of the scripts I had installed. Check this website to see what else they have done to your account: old.zone-h.org/en/defacements/filter/filter_domain=YOUR_DOMAIN_HERE.COM vujsa
Comment/Reply (w/o sign-up)
FirefoxRocks
Sep 23 2007, 12:42 AM
My bandwidth is about average for 66% of the month has passed. I couldn't find the WMA file in the logs as it was downloaded too little times I guess. The only files that I found in the log was the site to my Web Development Portal and the site to XKingdom Center (a game club site). There weren't any usual numbers of users/hits on the last few days, just about 15 unique users and the average ~150 pages hit. So I don't know what happened.
Comment/Reply (w/o sign-up)
Sten
Sep 23 2007, 05:29 AM
yay i have had no digital attacks, lol. that site you said vujsa freezes firefox, lol. well if the problem is caused by being inactive, then i guess ill always stay active. by staying active, does that mean in astahost or your cpanel? i havent had anything messed around with my account anyway so thats good for me.
Comment/Reply (w/o sign-up)
vujsa
Sep 23 2007, 12:31 PM
QUOTE(Sten @ Sep 23 2007, 01:29 AM)  yay i have had no digital attacks, lol. that site you said vujsa freezes firefox, lol.
well if the problem is caused by being inactive, then i guess ill always stay active. by staying active, does that mean in astahost or your cpanel?
i havent had anything messed around with my account anyway so thats good for me. Yeah, the site is really slow to load but it works okay most of the time. I use Firefox there without problem. Hackers and spammers love inactive website since they can have their way with them for a long time before anyone stops them. Some spammers are even nice enough to leave a removal link in their spam posts on inactive forums so that once you get around to working on your website again, they will stop spamming your site. Just remember, most of them don't care too much is Joe Average clicks on the link, they want the searchbots to see the link! The directory and file uploaded to the site is the hackers calling card. This is how they prove that they hacked your site. Then other hackers can check to see if the calling card is there. For most of them, it is just a game and the leave the calling card without damaging the website. Even the ones that do get a little out of hand usually just rename important files or folders so that the website won't work but the data is still there. Usually, just uploading the correct backup files then upgrading the program you are using is the solution to the security problem. Rarely do they get into your database and delete or edit data unless they don't like you for some reason. vujsa
Comment/Reply (w/o sign-up)
tansqrx
Sep 23 2007, 08:51 PM
Here is a related question. If someone else gets hacked on the same server that I am hosted at, how does this affect me? Is the server hardened enough to prevent any cross account hacking. I know that each account is protected from others to a certain extent but once a machine has been taken over can you really trust it?
Comment/Reply (w/o sign-up)
vujsa
Sep 24 2007, 12:26 AM
Well, just like you can't access my account from your account, a hacker can't attack you account from his account. The server is very well protected but from time to time, users unknowingly open security holes in their account with older scripts or self written scripts. Usually, it is older versions of popular scripts that get hacked into. Since these are generally open source, attackers can study the code and look for holes. Usually by the time a security exploit gets to the hacker mainstream, a new version that protects against the security issue is released. It is of course the job of the website owner or administrator to upgrade the script prior to being hacked. Self written scripts have to be pretty bad for a hacker to get in through since they probably can't view the source code of the script. They can however use common security holes to probe your website for exploits so be sure to add a little security to your scripts. vujsa
Comment/Reply (w/o sign-up)
FirefoxRocks
Sep 24 2007, 12:54 PM
The thing is, my website was ACCESSIBLE when cPanel and FTP were down. No files were renamed/changed except for the newer uploaded directory. Also, I wasn't using any content management systems on my website, I was going to install phpBB2 but I didn't get around to uploading that yet. And the site is pretty active, at least a few members visit it everyday. I regularly check on it also, so I don't see a problem with activity levels.
Comment/Reply (w/o sign-up)
BuffaloHELP
Sep 26 2007, 05:25 AM
FirefoxRocks, Was your original password found in a dictionary? In another words, was it not combined with numbers and symbols? If your original password was a combination of words found in a dictionary, please read http://www.trap17.com/forums/index.php?showtopic=51761And for the rest of AstaHost members, start changing your passwords as I explained in above topic ASAP!!
Comment/Reply (w/o sign-up)
Sten
Sep 30 2007, 01:01 AM
ive never used a password manager for anything. i would rather just type in a password my self than letting a program do it for me especially since my computer is shared with the rest of my family.
Comment/Reply (w/o sign-up)
.:Brian:.
Sep 30 2007, 12:38 AM
I haven't ever heard of the issues with the firefox password manager vulnerabilities... I'll have to look into those, in any event the password manager hasn't caused any issues for me so far... Also I have had trouble with Opera's password manager thing, it just isn't as easy to use as firefox's is for me....Anybody else experience that? In any event, even when you do use random passwords, if you use them enough you'll remember them... I can have a password like af3h2ls and within a couple of days of using it a couple times a day you'll remember it easily... (and no that is not a password i use for anything, so you don't have to go trying it on my account, as I would never give out a password i use for anything)
Comment/Reply (w/o sign-up)
Sten
Sep 27 2007, 09:00 AM
hmmm... my astahost forum account is found in a dictionary im pretty sure but i cant count on my cpanel password being found in a dictionary. i do have one password i only use for one site because i dont want to get hacked, it would NEVER be in a dictionary since i made it up and its the most secure password ive ever had, lol
Comment/Reply (w/o sign-up)
BuffaloHELP
Sep 27 2007, 06:31 AM
I do not know... but OpaQue tells me that most of accounts, I had to reset their passwords, were compromised by FTP brute force method. And once passwords were found the perpetrator then accessed those cpanels and started to use up their disk spaces. I noticed that when I went into each account and saw the last IP to log from 222.252.*.* (the last two values were not consistent). I'm wondering if you noticed out of ordinary IP as the last logged when you finally got into your cpanel...?
Comment/Reply (w/o sign-up)
FirefoxRocks
Sep 27 2007, 03:43 AM
Acutally, there is a vulnerability with Firefox/Flock's password manager. Search Secunia for details, I found this: http://secunia.com/advisories/23046/. I use Opera's wand, Internet Explorer autocomplete and I don't know if Safari has one or not, but I still use Firefox Password Manager regardless of the vulnerability. Do you think that this has something to do with this situation?
Comment/Reply (w/o sign-up)
Similar Topics
Keywords : account, hacked, suspicious, issues
- Blocked From My Own Account
HELP! (12)
My Account Is Suspended!
(10) Dear Astahost, My free web hosting account at jbitkill.astahost.com has been suspended. Can you
explain why? If it is a user on my forum, I will take action to warn/ban the user causing this
suspenion. Thanks jbitkill....
Username/pass Changed, Account Down
(8) Hey, my FTP and Xisto/account cpanel do not recognize my account/password combination anymore. My
hosting space (onzeklas.astahost.com) has also become inaccessible. Is this server down, has my
account been removed or compromised? Thanks in advance.....
Site / Account Not Working
(10) I currently have over 10 credits, but my account isn't working as if my account had been
depleted below zero. Help please?....
How To Add And Host A Registered Domain To My Account
If it is possible? (6) Hi, i have a question that i dont know if it is already made, well the situation is this, my brother
have its own domain for about 4 years ago but he is not happy with his host server because have a
lot of troubles, downtimes, etc. and he wants to change this but not right now. Lets says that
www.xyz.com is my brother's domain name that is hosted elsewhere and i want to host it
temporarily in my hosting account under a folder named xyz or whatever so when a user looks for
www.xyz.com he gets www.xyz.com and not www.myaccount.astahost.com/xyz, can it is possible to a....
Why Is My Account Suspended?
I have enough credits (2) Hi admins. I am trying to stay calm, but I am sort of freaking out now. I go to my site hosted at
AstaHost: http://www.WiseTome.com (without the parked domain: http://kmaheshbhat.astahost.com )
and it states: "This Account Has Been Suspended Please contact the billing/support department as
soon as possible. " I do not see why this should be the case because I have 120 hosting credits.
Could someone please look into this?....
Hosting Account Terminated - Still Negative Credits?
(2) Why do I have negative credits when i have already terminated my hosting account? I terminated it a
few days ago because I wanted to be still semi-active at the forums, but not hosting at astahost.
After a few days, the forums still showed at I was hosted. I tried terminating again but it failed.....
Addon Domain Disabled On My Account
(1) Hey, Can some update my cPanel account by adding addon domain support. I have 0 additional addon
domains on my accoun package and so can not add extra domains. If this can be done, it would be much
appreciated. Thanks....
Cannot Send Email After Account Upgrade
Outgoing mail broken after upgrade to paid account (3) I just upgraded mistymanor.astahost.com to a paid account. Since the upgrade, outgoing mail is not
working. Specifically, for mistymanor.astahost.com, using mail.mistymanor.astahost.com with
eric@mistymanor.astahost.com as the username, 587 for the port number, and the appropriate password,
sending mail from Apple Mail on OS X 10.4.8 fails. This account worked prior to the changeover.
Incoming mail still works. I have tried using "mistymanor.astahost.com" (dropping the "mail.") as
the mail server. I have tried with/without SSL. I have tried sending the message with Squ....
Can You Maintain An Additional Astahost Account?
(8) Well just out of curiosity, can a person have two astahost accounts? say for two sites...? ....
Hosting Account Cancellation Request
(3) Hello everyone, First of all, I'd like to say that during my breif period of hosting here at
AstaHost, and during the time I spent on its forum, I can honestly say that this is the unparalleled
best free hosting service there is. It's been a real pleasure /smile.gif"
style="vertical-align:middle" emoid=":)" border="0" alt="smile.gif" />. But since I've already
made arrangements for paid hosting as part of a business deal, I'm not going to be using the
hosting services here anymore. And so I thought I'd notify the admins about this, so that they ....
Re-Activating My Account
(4) I am sorry to say this, but I will have to terminate my Astahost account in four days. I have been
messing with domain names and it all got ****** up, so I have to terminate it and then apply again.
I know it sounds weird, but that is the only solution. Tomorrow I am going on a three-day trip, and
when I come back I will do it. I have made a full backup and MySQL backups. When I terminate it, I
will increase my credist again and re-apply with using my new top level domain. I just wanted to
get some opinions on this move. Will I be accepted ( /tongue.gif" style="vertic....
What Is The Upload Amount Of My Account ?
(10) Just a general question about the upload part in astahost. How much MB of upload is possible in
astahost ? I have a CMS where the default size is 2MB and they say that if i wanted to set the size
to more , then i needed to contact the service provider to change the htaccess file ? is this true ?
How much MB upload can a 150MB 2nd package account like mine handle ? if i need more what do i do ?
Regards Dhanesh....
Upgrade Error
Error while upgrading hosting account (3) Got this while trying to upgrade account .. Verfied.. Upgrading.. Connection Initilized... Secure
Socket Not Found. Continuing without SSL... Authorization Succeded.. Commands Executed.. Printing
out REturned DATA!. There were problems creating your account! Please Contact Administrator. And
it talks about bug info but doesnt show any .. so, err. Whats goin on?....
How Can I Cancel My Astahost Hosting Account?
before it gets messy.... (7) Well, i found it really hard to keep my hosting account active, because of my education (i attend
college) and it's very time demanding, so i bought a hosting service, that way i don't have
to suffer!!!!! I'm really thankful with astahost, the service is great, and i want to keep
participating in the forums... and i don't want to waste astahost hosting space if i'm not
going to use it... What do i have to do???? THANXS!....
General Problems With New Account
MySQL problems and quota issues (2) I just got a new account and CPanel reports that I have -380.2 MB of quota space and using 400.2MB.
This disables some of Cpanel's functions. It would have been nice to use the automated Mambo
installer, but no biggy. I uploaded the latest Mambo .tar.gz from my FTP program and unpacked it
via Cpanel's file manager with no problem. When I first logged into the system I created a new
Database for mambo and a new user for that database and linked the two from Cpanel. I logged off to
watch something on TV and came back and that database isn't being reported....
General Problem Using Account
i need help :P (3) Hi Problem is, i can't log into my ftp ( neither of this worked):
ftp.wykurz.astahost.com.com ftp.wykurz.astahost.com user: wykurz (cannot find computer or computer
name - gFTP) ftp.astahost.com.com user: wykurz (my passwd didn't work) Also I can't log
into my cpanel: http://69.50.168.69/cpanel http://wykurz.Astahost.com/cpanel Other: When
registering my domain name (wykurz.Astahost.com) i hoped it would be a subdomain of Astahost.com,
but the registration form told me, it isn't. I checked spelling and continued anyway, hoping
everything w....
My Account Suspended Whoom To Contact?
(6) Hello Mods and Admins please guide me That in case of suspension whoom to contact, I guess i have
enough credits to run .. maybe now its around 6 and never dropped under 3 .. And nor i have broken
any Tos.! The banner on site shows , Account Suspended please Contact Sales And billing Department
/sad.gif" style="vertical-align:middle" emoid=":(" border="0" alt="sad.gif" /> ! I had sent Mail
to Sales@astahost.com but still No response /unsure.gif" style="vertical-align:middle"
emoid=":unsure:" border="0" alt="unsure.gif" /> So please let me know whoom to contact ....
Im Goin Away, How Can I Keep My Account
(9) ok im going a way for 5 weeks to a Vietnam, where there is no internet, so can anybody tell can i
just put my account on hold and pick it back up again when i come back? or do i have to start all
over again when i come back thanks....
Cpanel: Missing Space On Hosting Account
cpanel fantastico's (3) CPanel is the best control panel i have ever used /laugh.gif" style="vertical-align:middle"
emoid=":lol:" border="0" alt="laugh.gif" /> but the only problem is, my hosting is saying 10mb left
/blink.gif" style="vertical-align:middle" emoid=":blink:" border="0" alt="blink.gif" /> but i
havent used anything yet.....
Negative Credits? Suspended? What's Going On?
I can't login to my hosted account... (4) I just signed up for a free hosted account a week or so ago and left for some much needed vacation
time. I just got back today and came on here to check the posts and what-not and to get my site
started when I see this at the top: QUOTE HOSTING CREDITS : (-)7.42 (Negative) Your Hosting
Credits have Expired. You will need atleast 4 credits to UN-SUSPENDED your hosting Account. Account
is UN-suspended only when a user has more than 3 hosting credits. You get credits by making forum
posts. After you make the required posts, your hosting account will be active automat....
"this Account Has Been Suspended"
What the hell is going on? (4) I can't login into my ftp not cPanel. I have a banner constantly telling me that I am
suspended, yet I can still post in these forums. This is doing my nut in. Please help.....
Please Delete My Hosting Account
i moved to your paid hosting (2) Thanks for your free hosting, astahost rocks :-) because of my work i can´t post everyday, so i
moved to computing-web-host with my site. I´ll keep on posting on astahost in the future, i think
it´s one of the best forums and the admins and moderators are very friendly and helpful. Blix....
Please Delete My Account
(6) hi, i was just wondering if you can delete my account, i've moved from astahost to a much
better host.......
Looking for account, hacked, suspicious, issues
|
See Also,
*SIMILAR VIDEOS*
Searching Video's for account, hacked, suspicious, issues
|
advertisement
|
|
