Comments on: TuxTweaks Got Hacked http://tuxtweaks.com/2009/10/tuxtweaks-got-hacked/ Linux Tweaks, HowTo's and Reviews Mon, 21 May 2012 13:40:55 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: Linerd http://tuxtweaks.com/2009/10/tuxtweaks-got-hacked/comment-page-1/#comment-979 Linerd Sun, 18 Oct 2009 04:29:17 +0000 http://tuxtweaks.com/?p=931#comment-979 Well, if it was a problem with my site, it was an exploit in WordPress 2.8.4. I upgraded the site to 2.8.4 in August and my site got hacked on Sept. 11. It seems like more than coincidence that 9 out of 10 sites I found showing the same problem were all with Inmotion. BTW, it's been reported on Drupal sites as well. Perhaps it's my fault for not changing my cPanel password since signing up. Account login information was included in the site activation email, so if someone got into the sent mail at Inmotion they would have several ID's and passwords. The disappointing thing is that Inmotion knew that there was an issue. They could have run a simple <div class="term">rgrep 2309h34b34b34b *</div> on each of their servers and found all the hacked accounts. It wouldn't have been too much to ask to send out an email to the affected account holders letting them know of the problem and their proposed solution. Instead, they chose to simply deny any responsibility and left their customers to discover the problem on their own. Well, if it was a problem with my site, it was an exploit in WordPress 2.8.4. I upgraded the site to 2.8.4 in August and my site got hacked on Sept. 11. It seems like more than coincidence that 9 out of 10 sites I found showing the same problem were all with Inmotion. BTW, it's been reported on Drupal sites as well.

Perhaps it's my fault for not changing my cPanel password since signing up. Account login information was included in the site activation email, so if someone got into the sent mail at Inmotion they would have several ID's and passwords.

The disappointing thing is that Inmotion knew that there was an issue. They could have run a simple

rgrep 2309h34b34b34b *

on each of their servers and found all the hacked accounts. It wouldn't have been too much to ask to send out an email to the affected account holders letting them know of the problem and their proposed solution. Instead, they chose to simply deny any responsibility and left their customers to discover the problem on their own.

]]> By: Matt http://tuxtweaks.com/2009/10/tuxtweaks-got-hacked/comment-page-1/#comment-963 Matt Sat, 17 Oct 2009 21:50:37 +0000 http://tuxtweaks.com/?p=931#comment-963 The same thing happened to me but I'm hosting with Hostgater not Inmotion. The search you showed though doesnt seem like its all the same kind of problem. With mine Hostgator showed me the logs and I saw that the problem was an exploit in Wordpress 2.8.3. When I upgraded Wordpress and changed my FTP password I never had this problem again. Sorry man but the problem is your site not your host. The same thing happened to me but I'm hosting with Hostgater not Inmotion. The search you showed though doesnt seem like its all the same kind of problem. With mine Hostgator showed me the logs and I saw that the problem was an exploit in WordPress 2.8.3. When I upgraded WordPress and changed my FTP password I never had this problem again. Sorry man but the problem is your site not your host.

]]>