Jump to content
The Corroboree
Sign in to follow this  
Followers 0
trucha

Important notice about Trout's Notes and SacredCacti.com

By trucha, in News & Notices

Recommended Posts

trucha   

trucha
Posted

I know some people that visit this webpage also visit my websites.
This is a comment to say that my primary website at sacredcacti.com has been hacked and should be avoided until further notice due to at least three pages containing links to known malware injection sites.
I have to assume that the subdomain troutsnotes.com should be avoided as well.
I presently have no idea how this will be resolved or how long that will take as I am now being blocked from accessing the site via the CPanel, direct log-in to either WP page and also FTP, and the webhost support of Arvixe is completely unresponsive. They are in their second week of ignoring what are now several open trouble tickets.

I'll edit this or add a comment whenever this is resolved.

  • Like 2

Share this post

Link to post
Share on other sites

watertrade   

watertrade
Posted

Thanks for the heads up.

I hope you get some support and have it resolved soon.

Share this post

Link to post
Share on other sites

theuserformallyknownasd00d   

theuserformallyknownasd00d
Posted (edited)

Shit mate did you have it backed up anywhere or just on the hijacked servers? I hope someone here reads this and can help you reclaim them.

Edited by theuserformallyknownasd00d

Share this post

Link to post
Share on other sites

gtarman   

gtarman
Posted

Who the hell hacks Trout?? Douche move.

  • Like 3

Share this post

Link to post
Share on other sites

Evil Genius   

Evil Genius
Posted

Hi guys, this is most likely not a classic hack. Well, now it is but this kind of stuff usually begings with hackers brute forcing their way into to the admin login panel of the websites. That´s why you always have to have a Firewall that blocks a certain IP address after a given number of failed login-attempts. This can happen with ALL websites, not just wordpress. There are bots running 24/7 doing nothing but trying to brute force the admin accounts of websites. As soon as you regain access to your Admin panel, change the password and log out all the other sessions.

Right now, the easiest way would be to re-gain access to the website via FTP. Quarantine everything from the other websites, change the themes on the websites, install Wordfence and choose the highest security settings (lockdown), install Anti Virus and Brute-Force Security by Eli and install and anti-spam plugin. If I were you, I´d also change the intern security keys in wpconfig.php. And have Anti-Virus software running over your webspace.

Share this post

Link to post
Share on other sites

Evil Genius   

Evil Genius
Posted (edited)

Trout, I just checked your site with an online virus scanner and it doesnt seem to affect the troutsnotes website YET. The other site is hacked though.

It shouldnt be a problem to remove it but it may be worth thinking about copying the texts and the permalinks and starting the website again. But if you do what I wrote above, it may be possible to get the website safe again.

Try getting in touch with your host and as soon as you have your website under control, I´d recommend to switch to a reliable hoster. Every hoster that cant get back to you within 1-2 days is not really recommendable for a commercial website. Check out Namecheap. They arent great either but at least they have live chat 24/7.

Edited by Evil Genius
  • Like 1

Share this post

Link to post
Share on other sites

trucha   

trucha
Posted

All good advice.

Some of it I do not yet understand (such as how to quarantine anything or how to "change the intern security keys in wpconfig.php") but I will try to learn what it means and do it.

The webhost has not responded to me at all in over a week of my currently open trouble tickets. One of those trouble tickets was about my FTP which has not functioned at all in some weeks (I cancelled the previous trouble ticket on this same topic after it had no response in 8 days so the lack of response from tech support is now in its third week for me)

I was on hold for 15 minutes this morning before noticing the abundant online reports of an average 5 hour wait time before being told to use email support instead of phone support.

I managed to get two of the three pieces I knew about removed but what EG showed me in a PM indicated that many more are now there.

Share this post

Link to post
Share on other sites

Sallubrious   

Sallubrious
Posted (edited)

Google webmasters have an online help system for hacked websites. Some of the info could be helpful Trout. They have a series of youtube vids about dealing with hacked sites too.

This link gives you a walkthrough and might help explain a few things for you.

https://www.google.com/webmasters/hacked/

It sounds like your host has really dropped the ball with this one. Maybe they were hacked too.

Edited by Sally
  • Like 1

Share this post

Link to post
Share on other sites

trucha   

trucha
Posted (edited)

Thanks. I've possibly been been through every existing page and video at google on this topic since yesterday but everything is helpful.

Edited by trucha

Share this post

Link to post
Share on other sites

trucha   

trucha
Posted (edited)

I finally got a reply from technical support about my trouble ticket submitted on the 8th.

In view of my ongoing experiences this reply from a "Technical Support Ninja" at Arvixe was actually funny enough I thought I should share it.

"I would first like to apologize for a delay in getting back to you. Unfortunately, we are under higher than usual support requests load, which is causing additional delays.
Your reported issue has been fixed server wide, if you are still facing any issue please get back to so that we can certainly assist you accordingly.
Once again we sincerely we apologize for the inconvenience.

Yours Sincerely,
Mohsin Sarfraz,
Technical Support Ninja"

I am probably too easily amused by noting a common definition of a ninja:

"A ninja was a covert agent or mercenary in feudal Japan. The functions of the ninja included espionage, sabotage, infiltration, assassination and combat in certain situations."

I think I'd rather have a technician showing up to help than a ninja.

I also came across an article on the company that bought Arvixe (also webgator and a host of other companies that have been going the same route down the tubes)

http://www.digitalfaq.com/editorials/websites-blogs/hostgator-alternatives-eig-pt1.htm

Edited by trucha
  • Like 1

Share this post

Link to post
Share on other sites

trucha   

trucha
Posted

Both websites (troutsnotes.com and sacredcacti.com) were passed by google as containing no malware but I'm not going to remove my added malware notes until after I've been able to check them thoroughly and know that it can't reoccur. After I am sure I will remove that note.

Anyone visiting my websites in the past month should do a malware and virus scan and specifically look for something called "Myweb".

Both sites have been moved to a different webhost so may not be live again for a day.

  • Like 1

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing News & Notices
×