Hacked

[Scott L.]

DDNS:
http://www.EditDNS.net is another good dynamic DNS, it works with domains like abc.xyz
Where abc is the Second level domain and xyz is the top level domain.
Its free to use and alows control over the A, AAA, MX, NS, SRV, CNAME
More advanced features cost $6 for 6 months access to setup, but once set you don't need to pay after the 6 months unless you need to change a more advanced feature. I use the free service with my self hosted web sites and it works great.

Hosting:
The company I work with uses host rocket to host theirs and their customers sites on.
http://www.hostrocket.com/
They have 24/7 tech support (Actually called at 2am on Saturday)

Misc:
I haven't had much php or mySQL experience yet (I use SQL express and ASP.net 2.0), but would recomend making sure everything is up to date, and recheck all settings for any possible security holes.

I have two dual Xeon 2.6GHz HT (Device manager shows 4 CPUs) servers each with 1GB of Ram, striping Raid on Data Drives (SCSI LVD), 250GB SAN Storage for backups, VPN/Firewall router between servers and Internet
I used one of these servers to host the live web cast of PARC X.

[Tristan Lall]

Just to prove that Jacob's suggestion works, I'm making this post on my university's Windows Server 2003 terminal server, connected over Remote Desktop to a Windows XP virtual machine, which is itself connected over Remote Desktop to a Windows 98 virtual machine. Both VMs are running locally on Windows Vista (no, I didn't nest those too). It all seems to work pretty well (if you can tolerate 8-bit colour).

[EHaskins]

Quote:

Originally Posted by Tristan Lall

Just to prove that Jacob's suggestion works, I'm making this post on my university's Windows Server 2003 terminal server, connected over Remote Desktop to a Windows XP virtual machine, which is itself connected over Remote Desktop to a Windows 98 virtual machine. Both VMs are running locally on Windows Vista (no, I didn't nest those too). It all seems to work pretty well (if you can tolerate 8-bit colour).

You can change the color settings. Open the RDC windows, click "Options", Click the "Display" tab, and change it.

[Timothy D. Ginn]

I'm surprised that so far people have missed the obvious step of first looking at what you've got that you control before assuming that the problem is with the host (which it may well be, but, that shouldn't be the first thing to check for).

Questions you should ask yourself include:
What software do you have installed in your webspace? (check and make sure there aren't little temporary things installed just for testing that were never removed and never properly secured, this happens often)
Is it up to date? (this can especially be a problem if your team is using a CMS or old versions of phpBB2 or other forum software)
If what you've got is custom written, has it been checked over by someone knowledgable other than just the person who wrote it? If not, maybe it's time to audit it.
Assuming you have access to the web server access logs and error logs, read them carefully for the period of time before the last time you had problems. If the exploit is attacking something your team has control over, it's likely to appear strange and show up there. Be especially vigilant for things like phpShell and such which you don't recognize as being part of a normal type of request.

[robostangs548]

I have been using bravehost.com for close to 5 years now, and I have NEVER ran into something like this. It may cost a little more (I pay $4.99/mo with 30gig of space and 600gig of bandwidth) but I have had absolutely no problems with there service. If you ask me, there setup is the cleanest easiest to work with, and most secure setup that is out there. Check it out, I would definitely say that they are my favorite, because I also have a godaddy.com and hostmonster.com hosting account, but I am definitely gona switch them over, because I really was not impressed with there service. But seriously, that is ridiculous.

[wilsonmw04]

another site that I admin was hacked in the same way fairly recently. They replaced my site with some stupid splash screen, with the fools handle, a Turkish flag and a scrolling banner stating how "uber" this guy/gal was.

After some digging, We found that this person was exploiting a weakness in phpbb we were using. After updating the software, we haven't had a problem. no matter what you do you will always have a problem with security if you use a popular piece of software.

[whytheheckme]

It appears that this site is very cleancut and is lacking 3rd party apps (less the Google Gadget app, but I doubt there is a security problem in that). I looked at the source code, and everything looks HTML and Javascript.

Then I found forum.punahourobotics.org
It appears that they have the latest version of Simple Machines.

But I got to thinking, doesn't Simple Machines use MySQL, and PHP? That must mean that there is a MySQL server running on box188.bluehost.com, and perhaps this is the security hole. Check your MySQL version and patches, make sure it's all up to date.

What's odd is that a hacker would put this much effort into splashing a robotics team's website. Seems like it would be a fairly low-target kind of domain to hit.

Jacob

[wilsonmw04]

What they do is troll the internet looking for large hosting systems. Most of their accounts are small and use PhP Or MySQL. They don't care how big or small the site is. They do it for kicks.

Why do folks spray paint builds? Because they have brains no bigger than your average canine...