Have I been hacked or what? Very scary version....
-
-
- Ellie
- Sr. Rocketeer
- Posts: 143
- Thanks: 0
-
I hope I can be forgiven for starting a new thread on this, but things have gone from frustration to just downright bizarre, and I wanted to have as many smart Rocketeer thoughts on this as possible. Let me tell you what has been happening.
This past monday, when I logged onto my site after having been away from it for the weekend, I noticed that it seemed to have been down on Sat, as there was only one page view for the entire day. And looking at my site, I could see that it seemed to have been 'reset' to August the 9th. All work since then was gone.
After contacting my host and having been told that it was nothing that they had done, and having a backup from the 29 restored, I immediately set about installing a daily backup system for myself (Thanks to all the good advice from the previous thread, and I chose to install JoomlaCloner). I did notice that the site files seemed to be unaffected during the time travel, as even though my content was AWOL, the image files were current. As were the component files, even though they were not showing on my back-end, they were still on the server.
But now today, very mysteriously, my site is restored to what it was last friday, before the loss. Except now the work from this week is gone, along with the password changes I made and the installation of a backup system. All gone. My hosts again inform me that they haven't touched a thing, and I am starting to believe them. And again, even though JoomlaCloner isn't showing on the backend, I can still find it's file under /components in Xplorer.
It's all a little "Groundhog Day" gone wild. Do I have a puppetmaster? And if so, how are they doing it? There are a few little weird things that I have noticed in my trying to sort this out, like that the top search string for finding my site seems to be "dnsas". I put that into a search engine and after 20 pages don't find my site listed. But it is apparently my number 1 keyword. Could be nothing, I know.
There is also this: logs -> /usr/local/apache/domlogs/supersma - File (Symbolic Link) 1969/12/31 19:00 0
root () / root () as the last listing when I open Xplorer. It could have always been there and I just haven't noticed it before. But I can't open it so I don't know what it is.
I also have a .spamkey in that same list. Open it up and it just lists what looks like a password string. That seems odd too. Perhaps these things are supposed to be there. I am learning alot over the last year since I decided to try my hand a website building. But I am still very green and this is still all over my head.
I am just not sure at all what is going on. And I am at a loss now how to stop it.
If you have any ideas or thoughts, I would be most grateful to hear them.
Thank you. - It feels like someone with a fever is yelling at my pants.
-
-
-
- Joe Halleck
- Preeminent Rocketeer
- Posts: 5481
- Thanks: 68
- Never give up!
- Who is your hoster?
- Magento - phpBB3 - Kunena - RokBridge Specialist
No Secure Tab posts unless requested.
Use the Thank You and Life Preserver Buttons!
Your signature is also great place for setup details...help us help you!
-
-
-
- Dan L
- Elite Rocketeer
- Posts: 1453
- Thanks: 0
-
Ellie wrote:
If you have any ideas or thoughts, I would be most grateful to hear them.
Change hosts immediately
- Toolbox Digital | Dribbble | Forrst
-
-
-
- Ellie
- Sr. Rocketeer
- Posts: 143
- Thanks: 0
-
Hosts are JaguarPC, and I had just switched over to them 2 months ago. They came highly recommended, but I may just have bad luck with them, as my site was definitely hacked by spammers in the first month I was with them and now this nonsense. They are month to month, so I will look into my other options. It's too bad really, as they have a nice package they call SDX (Semi-dedicated) whereby they offer a shared server environment but with 6x fewer sites (they say) on the same server.
For someone who wanted something much faster and consistent than your typical $5.99/month shared server, but not near ready for a dedicated, they seemed to be one of the few with a nice middle ground.
*le sigh* - It feels like someone with a fever is yelling at my pants.
-
-
-
- Robert D. Wagers
- Elite Rocketeer
- Posts: 1545
- Thanks: 0
- Full-Time Cancer Fighter!
-
I use godaddy and I have had very good luck with them. The one downside is that i know more about server operations than their help line.
- "Everyone has to get knocked-down every once-in-a-while, otherwise you'll never learn how to get-back-up!
"
A quote attributed to my Grandpa Wagers
-
-
-
- Behring Bautista
- Sr. Rocketeer
- Posts: 226
- Thanks: 0
-
What components have you installed in your site? May be one needs an urgent update.
Could be also, some other site under the same server that has been compromise and affecting yours in this
shared environment.
hacked by spammers
How that happened? What did the host said? - IT Consulting - Asesor Informatico
www.ninjoomla.com
Extensions, training, tips and services to support Web Developers and Site Owners.
-
Time to create page: 0.061 seconds