My apologizes to anyone who visited the Thinkworx blog in the last 24 hours. I woke up yesterday to find that the site had been hacked into with all pages displaying the image below.
As far as I can tell the server hosting the site had been compromised, probably affecting all sites hosted on the server, rather than a targeted attack on this site.
After contacting my web host (2M Host) they were quickly able to get the site restored, but unfortunately it was restored to a very old version. After several messages trying to convince them that what they restored was not the April 6th, 2008 version, as they claimed, I finally gave up and proceeded to restore the site myself. Fortunately, once I had discovered the site was compromised I checked the database contents, which I found to be intact so I immediately downloaded a backup version and used this to restore the site.
Personally this was my first time getting hacked, since it isn’t an experience that I would like to repeat even if it wasn’t a hack directly on my site, I will be more security conscious from this point out. It also turned out to be an opportunity to move to WordPress 2.5, which, by the way, if you are using WordPress you will definitely want to use, this upgrade has a nice redesign of the dashboard and back-end administration with some nice new features.
April 10th, 2008 at 1:15 pm
very sorry for this
how about converting the db from your previous platform (which was?) to WP?
was it easy, or does WP provide utilities to convert?
April 10th, 2008 at 1:32 pm
Actually I was already running WP, however I hadn’t upgraded to the latest release. 2Mhost.com, similar to most hosts, run the cPanel platform which offers the Fantastico scripts, included in which is WordPress. I just ran the upgrade option to get the latest release.
Interestingly enough, today I received an email from my host that they will be moving my site to a new server for security reasons. Hopefully this will help reduce the chances of it happening again.
April 12th, 2008 at 2:09 pm
The hack was server wide because of old os-commerce script used by a client, we found the security hole, and patched all servers we have
April 17th, 2008 at 1:46 pm
Besides not getting the database restored properly, the rest of the support by 2MHost was excellent. They were fast in responding to my support tickets and there wasn’t any issues as they recently moved the account to a new server.
April 20th, 2008 at 11:23 am
My website was hacked by the same person this morning.
Different host to yours (xcalibre in the UK), so….
B**** hackers!
April 20th, 2008 at 1:29 pm
Alan, I hope your host is able to get their servers patched and back up as quickly as mine did. Good luck!
April 22nd, 2008 at 10:41 am
Within a few hours the server affected was taken off line, and a couple of hours later, came back on, fully restored and back to normal.
So, a total of 5 or 6 hours from attack, to working normally again, which I think is good service.
April 24th, 2008 at 8:55 am
@Alan, sounds like good service indeed. Who do you use for your hosting?
April 25th, 2008 at 7:56 am
Dear Thomas, our website is also attacked by the same hacker within an hour ago. I wrote a letter asking the solution to your host which they have gotten action on it before. Hope our sites also has been up to the latest version.
July 20th, 2008 at 11:15 pm
hi rvrry body
it just the begianing