Wow… First and foremost I am going to say sorry to anyone who has visited AsGamer during any of the times we have been hacked this month. I promise, any virus installation attempts coming from this website are a result of hacking and are not the intent of AsGamer. I truly hope everyone was successful in avoiding the viruses. Anyway, let me explain exactly what has happened.
First I want to thank Raf, who on May 2nd, told me of the first hack on AsGamer. Upon getting his e-mail I immediately headed over to AsGamer only to be redirected to one of those fake you’ve got a virus you need to install this software to remove it websites. The site was absolutely impossible to get to close unless I opened up task manager to shut it down. Needless to say, I was ticked. So I logged into the FTP and checked out the php files, every php file on AsGamer had a nice little php encode attached to the top of the document.
Great! So now I gotta go through every php file and erase this code or either do a complete reinstall. I reinstalled. I didn’t have the latest back up of the site so the site is from a few months back. No problem, no significant changes in the past few months (Sorry guys). Anyway site was back up after a little tweaking. I wanted to blame AsGamer’s host Godaddy but I figured it was more likely the result of the phpBB forum that has been botted to death in recent weeks. Oh well, I deleted the phpBB for safety and updated Wordpress to the newest install.
Today, while reading in a forum I read that GoDaddy servers had been hacked. Flippin’ Awesome. I check AsGamer and it’s hacked again!!! Great, at least I know I can now blame GoDaddy. Last time I had a problem with them they locked me out of the FTP on one of my sites and told me it wasn’t on their end it was on mine. After repeated tests and traceroutes showing them that the block occured on their end they still told me it was my fault. Multiple calls and e-mails to customer service for two weeks and in the end finding out exactly where their issue was occuring (because they refused to admit it was their problem) finally resulted in a tech sending me an e-mail thanking me for alerting them to the problem with their FTP. Anyway, needless to say I don’t support GoDaddy hosting in any way. Go somewhere better… I have… with all my sites but AsGamer. Also needless to say, AsGamer will be moving away from GoDaddy very soon as well.
Anyway, if the site gets hacked again… forgive me and know I’ll get to fixing it ASAIKAI (As Soon As I Know About It).
Thanks.
Wow, that is too bad. I would recommend 1&1 if you are looking for a new host. I’ve been with them for years without any problems (and they aren’t too expensive).
That really stinks, sorry to hear that! Better luck in the future, mate. Keep up the nice site.
- Aaron
Interesting, I havent been hacked once since i got my website and thats along time ago… Of course I’ve skrewed it up sometimes but that my foult and its because i suck. If i my site got hacked because of the Host i would rather change host and/or complain to get money out of it. Because i dont want to do alot of work or even lose work because of some stupid hosting company who dosnt care about security (etc.). So thats why i use smaller hosting companies, it dosnt need to be expensiver or get anything less out off it than the other hosting companies. But when you use smaller hosting companies you dont need to worry (that much) about the security on the hosting company (as long as they have some security), since its less reknown and most likley dont get aimed cracking (hacking) attacks. But like you explain it it seem like an automated standard, non aimed attack. And that makes me realise how shitty godaddy actually is on security. Of course if you use an windows based computer (for example) you WILL get 3 viruses each hour connected to the large thing we call web, the avrange is one virus scanning your computer each 5th minute, and about 75% get stopped by the Anti-virus and other security(if you have one). So that makes up 2-3 viruses each hour downloaded on your computer and not stopped, the only thing to prevent this is too update your computer with the latest updates, since most crackers use old known security issues in the OS, so the people who are lazy gets tons of tons of them, eventually. Anyways to prevent your site from being hacked via. for example injection is too either decrease/limit the amount of plugins, since wordpress is mainly pretty secure in itself/mainly. Or by limiting the code you’ve written yourself (still need to decrease/limit the amount of plugins thought, AND just using plugins which are known to be good secured…but because its poplular dosnt nessecarly mean that its good secured, buddypress is another example on this, popular but bad). Remember that cracking is automated and rarley is manually done, even if its an aimed crack. Also hacking isnt something bad, cracking is, search on wikipedia if you wanna know more…just needed to correct you. There i think i covered the most of security issues by not showing code, or anything else… DAMN this is much.