New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
maybe they are in the process of doing a new website?
@24KHost
@VMVPS He's been posting here recently so should be around...
h4x0r3d?
http://24khost.com/images/log/
Uhoh doesn't look too good.
If I remember correctly they redesign their website
Not again....
It has been like that for a while.
@24khost mentioned that there is a new design work in progress. I am sure all order links from their offers work just fine.
Wow!
I've put in a ticket to let them know.
If I remember correctly they did that after their WordPress install was hacked and they claimed they checked and everything was OK even though they hadn't had time to do a thorough security analysis of their server. They also said the hack wasn't a big deal
http://www.lowendtalk.com/discussion/10167/24khost-hacked
umm, yeah killer.php
Back in May I had this to say about 24K host :
The existence of that hacked file indicates my analysis was correct.
That's actually a bad thing for customers since 24Khost doesn't know his ass from a hole in the ground when it comes to server security.
edited to add: "configuration file killer/killer.php" allows a hacker to (description from a download site):
Creates Config files within few seconds.
Creates Symlinks as well
Manual Symlinking
Automated Mass Symlinking
perl Based Symlinking
Disable Safe Mode, by uploading a php.ini file.
User friendly.
Till now, best shell for creating symlinks.
An article on WordPress symlink hacking
http://whmscripts.net/misc/2013/apache-symlink-security-issue-fixpatch/
@DomainBop Nice job!
24khost seems to be just a reseller of cloud3k(rockmyweb) vps services.
@niceboy I thought reselling wasn't allowed here?
No more gauranteed and balls-out ?
Not a reseller sorry.
Also, the file did not allow them to get anything but server usernames. No passwords were available thanks to mod_security. I did a scan for the most commonly used file names. For some reason it was not in the list of file names.
Mod_security had nothing to do with them not getting passwords. The exploit isn't designed to steal passwords directly. It is designed to create symlinks in the other accounts on the server. By creating symlinks however they could gain access to passwords and data in other accounts and mod_security would be of no help since it only protects at the Apache (or Nginx) webserver level. If they were able to get the server usernames then they would have been able to create symlinks with the exploit and it is likely that the entire server your WordPress installation was hosted on is still compromised (especially since you didn't even notice that the killer.php file was on your site until it was pointed out in this thread 2 months after the hack).
Uhm why would you trust @24khost with anything security related? He has stated himself multiple times that he doesn't know much about computers and just outsources everything that needs to be done. See also his SSL fiasco.
Which one? The "who needs SSL" thread or the "trying for 3 days to install an SSL cert" thread?