Monday, August 24, 2009

Ukrainians Save Me From Brute Force Hack

That is a pair of Ukrainian soldiers you're looking at it in picture. I think I've mentioned the Ukrainians before. My webhost, which is based in the United States, has Americans handling customer support if you call. But if you submit a support ticket, it goes to the Ukrainian support center in the Ukraine. The Ukraine is now a country. It used to be part of the Soviet Union.

The reason I submit a support ticket rather than call is because it takes less time and usually eventually the Ukrainians solve the problem. A lot of seriously fractured English is usually involved.

I don't remember if I mentioned it or not, but recently one of my websites developed a problem so serious that Google pretty much banned it from the Internet.

So, I contacted the Ukrainians, who I'm sure work in a very secure bunker likely guarded by soldiers like you saw above. Saturday they went right to work on the problem. This morning I got a message from Dmitriy Pavlov. It is not as fractured as they often are. However, following Dimitriy's instructions did not work, because his instructions did not match with the reality on my webhost control panel.

Below for your confusion is Dimitriy's message in which I learn I was hacked by brute force....

Thank you for waiting. Our administrators have completely cleaned your account from all malware. During investigation we have found that your account was hacked due to bruteforce attack on FTP. Due to not very strong FTP password hacker was able to get it and used FTP access for adding harmful code inside your files. To get more information you can check FTP logs in files ftp.logs and wrap.log, which located inside your FTP root directory. You will see that a lot of different IP address were tried to access your account. To protect your account we have already changed FTP passwords for all accounts. To get FTP access back you need to change passwords back. For creating FTP password we suggest to use some password generator like at "goodpassword.com". To change FTP password you should login at manage.9webhosting.com, then click manage button for your hosting plan. After this please click on FTP Manager icon and then click on little notepad icon nearly with caption "password".

Also we have found a lot of files and folders with unsecured permissions. Full list of them you can find in file permissions.list, which located inside FTP root directory. We are suggesting to use 755 permission mask for folders and 644 mask for files in your account. For checking/changing permissions please use following steps:

1 Go to webshell in your control panel
2 Find certain folder
3 Click on little folder icon left from folder name (or simple on file name)
4 At right side you will see permissions table
5 Choose needful permission mask
6 Click change

Kind regards,
Dmitriy Pavlov
Technical Support

1 comment:

twister said...

One of my favorite password keeper/ generators is coded up by someone in the Netherlands. Pretty sure anyway, his e-mail has a .nl suffix which is the Netherlands. Don't do any online banking w/ out it. In fact, for sites, such as banking, or your website and admin duties your user name should be your first password. By this, for instance, when you log on to do any banking your user name shouldn't be a name such as Durango and then a password. I will roll my knuckles across the keyboard for awhile to create a user name, and I store my user name and password in the little program I suggested. I started doing this when I kept getting kicked out of one of my accounts. I was thinking, "what the heck." Then it came to me. Someone had correctly guessed my user name but not my password. Trying three times the host booted them and me out. The way to solve that little imbroglio is to do as I suggest, create a user name that is your first password, or not. Good luck either way.
http://theetron.googlepages.com/