17 Comments

  • “FTP access is safe … It could believe that my password compromised in some way”

    If you are using FTP instead of SFTP or some other secure protocol, your password could have been sniffed very easily.

  • @Miles

    I meant in this specific case, poorly worded it. Host keeps separate and thorough FTP log – so I know I was only person to access it.

    On previous host I had FTP access locked to my IP, need to check up with new host if they have that.

  • Does your host not support SFTP? Most file transfer clients (WinSCP, FileZilla, etc) support it. No reason to send your login credentials in the clear, even with some sort of restriction based on IP (which could be spoofed: http://en.wikipedia.org/wiki/IP_address_spoofing )

  • @Miles

    Doesn’t seem like it.

    It does have WebDAV with SSL, I probably need to look if I can switch to that.

  • digitx

    In one of your previous posts you mentioned that:

    “Rarst.net is more or less settled in new place by now, courtesy of WPWebHost and my WordPress story that landed me in winners of their recent contest.

    [...]

    Maybe freebie is not a good choice.

  • @digitx

    Maybe, but what is a good choice then? :) This blog generates neither traffic or revenue to justify mid to high hosting plans.

    Previous host was hardly a bliss even if I paid for it. One doesn’t expect great things for several bucks a month.

    So between cheap and free with comparable service I’d prefer free – it is less hassle with finances.

  • digitx

    I personally do not mind paying a fee for your great blog. If others will, we should work together to find a safe hosting (paid). I will be the first to contribute. Keep this offer in mind and I you want I can research some hosting sites where what happened to you will never happen again.

    Cheers.

  • @digitx

    Thank you, this is great praise. :) It’s not strictly financial issue (I make enough to pay for hosting out of my pocket if needed). This blog was started with few rough internal guidelines and one of those is keeping it self-sustained.

    At moment my priority is to finish up new theme, because that will be major time saver and better platform for monetizing.

    After it goes live it will be much easier for me to get on with rest of issues and decisions.

  • Oddly my site(s) was hacked as well on Friday; they had injected some type of shell program via a vulnerability in a theme file on an other site and got in that way.

    Luckily all they did was muck about with index files and luckily for me I was working on the main sites earlier that day and had recent backups.

    Still a pain up the ass; also the quick thinking by hostgator security tech minimised the down time also.

  • @Donace

    Maybe someone was doing mass scanning for exploits… You mean that vulnerability was actually on site other than yours, but on same server? Do you know what vulnerability exactly that was?

    By the way I had scanned my server for other hacked sites yesterday and everything seems clean. So can’t say if more sites were hit, they could cleanup as fast as I did.

  • I am not quite sure how they did it though what I did find was a shell script installed which gave them access to the server without going through cpanel or leaving an IP log trail.

    Security said there was minimal fall out so wasn’t to bad.

  • @Donace

    Doesn’t seem to be same case then, no need to go through WP admin if you have access to file system.

    Still waiting for something from security department.

  • kelltic

    FYI: No new articles from 08/27/09 until today (09/03/09). That is not a new problem for me; there are always many days in a row that no article or comments show up. I’ve mentioned that issue before. But, during this last long run, every time I opened the site it hung up, leaving the hour glass running and notices in the status bar about what was trying to load. I wondered what was going on. Glad to see everything up and running normally (sort of) again.

  • @kelltic

    Ok… actually not ok. :) There is something seriously wrong with this blog, you and weekends. There was some problems on Friday and outage (blank page with brief explanation text) on Monday… Rest of time it worked. I know it worked – it worked for me at home, for me at work, and for some hundreds of subscribers and visitors.

    Cache plugin got recently updated with some new options and that should fix most of issues with comments not showing up.

    Are you subscribed to feed? If not could you please try that?

    Are you on any instant messenger so I could quickly get back to you next time it happens? I would really like to properly troubleshoot this.

  • Little update for those who interested.

    Hacker wrecked so much (and gave me more trouble on Monday) because he had earlier hacked another site on server via outdated WP. And as I was consulted by http://sucuri.net/ that if hacker has one site then he can screw rest of server really good. Downsides of shared.

    Issue should be closed, at least support reported they sent hacker’s ass flying off server. They also enabled/provided details for SFTP access, that should be little safer for me now.

  • [...] am stuck with it.LogLady is such kind of an app. It isn’t fancy or snappy but it is there for me when it really matters and that is what logs viewer application should be about.What it doesApp opens text file (or [...]

Comments are closed.