Got hack?

Looks like someone managed to hack their way into one of the servers at the hosting service that Blogomania rents space through. I was sitting here late last night (much later than I should have been) when I tried to go back to my site and ran smack dab into the image on the right here.

“Now that’s interesting.” I thought to myself.

First thought was that maybe my domain had been hijacked as the other weblogs I run here, Anne’s, Cindy’s, Courtney’s and so on, were all still A-OK and I could still login to my account which meant they hadn’t change the password on me. By the time I got the source file downloaded, though, the other sites here had also been hacked and I knew it wasn’t just a domain hijack. Which is good because those can be a pain to get corrected.

Instead it looks like someone got a hold of the root account on just one of the servers, as not all Blogomania clients got hit, and went around changing just the index.html files for every site on the server to let us know we had been ‘p0wned’ or whatever. OK, I’ll try to act suitably impressed.

It took just a simple index page rebuild under MovableType to undo the damage done. All of 20 seconds and we were back to normal. On the one hand it bothers me that there are people with nothing better to do than hack sites, but on the other I’m glad that they appear to be only letting people know they are vulnerable instead of wrecking pointless damage by deleting all of the accounts on a server. So, I guess it could’ve been worse and I should just be happy my downtime was minimal. Is this were I’m supposed to attribute my good fortune being an act of God?

8 thoughts on “Got hack?

  1. Now maybe you should tell the other people at blogmania how to correct this. some peeps are still down.

  2. Actually, the people at Blogomania know how to correct it since I fixed my own sites last night.  And it wasn’t just Blogomania clients – it was everyone on Themis, which has other people besides us on it.  They seem to have taken out every index.html and index.php page they could find.

    Now it’s just a matter of time to find everyone that can’t rebuild or restore and we will do backups on theirs.  The techno people already tried to find them all and restored several already – but with parked domains, addon domains and everything else, they have more to find.

    Thanks for helping to spread the word on how to fix it!  😀

  3. Not a problem. In thinking about it further it appears to me that the hackers just used a script to change every index file regardless of extension on the server to their little “hacked” webpage. This occurs to me because of sites like yours, Christine, that allow a visitor to “skin the site.” The method you guys are using involves an index.php file and that file on your site as well as Tampa Tantrum’s is still the “hacked” webpage that the hackers put on everyone’s site.

    For the record I’d like to say that Christine is pretty on the ball when it comes to crises like this and as such I’m pretty happy to be hosted on Blogomania.

  4. I was on last night and was thinking the same thing about my domain. LOL Glad it was an easy fix at least.  I use pMachine so all I had to do was re-upload the indexes.  Damn hackers…

  5. I dont know about thanking “Bob” for your good fortune, but maybe backing up your content from time to time is a good thing.  smile

    /me goes and backs up his site via FTP…

  6. Indeed, I already do regular exports of the database for SEB and the other blogs that I run here so that we have a recent copy on hand. Though I must admit that it’s been awhile since I’ve back up some of the additional files like the graphics directory. Yeah, I’ll have to do that this evening when I get home.

  7. Doing a backup through the cPanel gives you a nice compact little format that we can easily use to restore your site if you ever need it, by the way.  Another good option for a backup!  (I also keep all of my files, like graphics, and do exports via MT too.)

    For peace of mind – we also have daily, weekly & monthly backups stored for the servers.  We haven’t had to do it often – but people have accidentally wiped out entire sites and we went back to the last “good” backup and restored everything for them.  Just a nice thing to know… we’ve got you covered!  😀

  8. Hey!Some dude in tso Got on my account some how (Didn’t hack my msn accout) and stole everything i cant cancel my card or cancel the accout cuz he chaged it to hisemail adress and he left my number on there!!!Now i cantr get it off and i am poaying $12 a month for nothing!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.