| 9:41 pm on Jul 29, 2004 (gmt 0)|
My guess is that it's the hosts fault. Unless you were running some script that could be exploited. What to do now? Get another host and start over. As long as your domain name is OK, you can switch everything to a new host in about 24 hours. Sometimes, cheap hosts are no bargain.
| 9:43 pm on Jul 29, 2004 (gmt 0)|
Go get another host. Unfortunately, you get what you pay for.
| 9:48 pm on Jul 29, 2004 (gmt 0)|
It would be solution too, but Webhost is not that cheap host. I do pay there over 140 USD/year. Before I had "cheap" host and it was terrible.
Should they move my site to other server?
| 9:53 pm on Jul 29, 2004 (gmt 0)|
Less than $12/month for ecommerce hosting = cheap host.
| 11:51 pm on Jul 29, 2004 (gmt 0)|
Well, before looking into switching hosts - look at the code on your site.
Did you write any scripts on the site? If so, you probably overlooked something and left a security hole(s).
You mentioned it is an ecommerce site - are you using a ecommerce solution from another company (Miva Merchant , oscommerce, etc...)? If so, they are not hack-proof either. In fact, because they are so popular/well known - it is easier for security holes to be found in them!
It is possible for someone to write & delete files using port 80(http). I've seen it and experienced it - and is usually a security hole due to bad coding.
At $140/mo you probably are not behind a firewall. but even then, sites can still get hacked through common ports like 80, 443, etc.
In a nutshell - moving hosts may not be the issue. You should concentrate on finding out exactly how they did what they did. Look through your logs (web logs, messages logs, etc.) You need to find how they did it so you can fix the cause. If you move hosts and you didn't fix the problem, you may just get hacked again.
| 3:29 am on Jul 30, 2004 (gmt 0)|
It may not be the hosts fault at all, your machine may have spyware on it. Restore your site then go to another machine and change your password and don't use new password on your machine.
| 5:10 am on Jul 31, 2004 (gmt 0)|
Problem is hopefully solved now. We do have CC gateway installed and we had to disable some security attributes, because It did not work. I upload all files back and I will monitor all files, if there will be some changes.
| 6:57 am on Jul 31, 2004 (gmt 0)|
Are you hosted on IIS?
There is a method to take control over the filesystem of the server using the filesystem and ADSI object. The damage can be "somewhat" toned down if very strict permissions are set. You can view and change every single file on all drives that are mounted on the server. This exploit has been around for YEARS, from IIS4 to IIS6. Unfortunately Microsoft hasn't done anything about it yet.
I have been through many many host (shared environment), from cheap ones $12 bucks/mo to $49/mo, so far I have not seen 1 single host that has this problem resolved. Partially because setting the necessary permission to stop this exploit will also make many other software unuseable (most webcontrol panel) If you are serious in running a business online, get a dedicated and the problem will be solved.