arrow_upward

Pages (2):
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
What does "spamvertised website" mean and has this happened to any one else before?
#11
(08-01-2019, 03:33 AM)deanhills Wrote: @Manal  Thank you so much for sharing your experience.  So now that is in the same time frame as mine.  And you probably also update your WP script and plugins as regularly as I do.  I wonder whether this has anything to do with the WP last update 5.2.2?

I must research this more and check whether any one else has reported it at the WordPress support forum.

What is interesting is when I uploaded my "test site" at another server, I had a serious issue to import the backup (with the All in One Migration plugin).  Eventually after a few tries, I found that it was because of the up to date version of WordPress that was incompatible with it.  Version 5.2.2.  Softaculous allows one to choose the version of WordPress one wants to load, and when I loaded an earlier version 4.9 something, everything worked fast and clean.

So can't help but wonder whether there are some gaps in 5.2.2 that allows for something to happen that will end up planting something in your Website.

If I may ask. How to you create WordPress installation? Do you do it from the command prompt, or with softaculous? And how do you update your scripts, plugins and themes?

I mostly use Softaculous to install and sometimes I mark plugins and themes to be updated by themselves within Softaculous installation so whenever there is any new update of WP, Plugins or Themes, they get updated automatically(On every cron run of Softaculous, it checks for all stuff to see if there has been any update provided, if yea, it executes the update process and informs the site owner through email).
Premium Web Hosting | ShadowCrypt | Manal Shaikh Official Website
If you find my post/thread useful, you're supposed to +rep me. 
#12
(08-01-2019, 06:54 AM)Manal Wrote: I mostly use Softaculous to install and sometimes I mark plugins and themes to be updated by themselves within Softaculous installation so whenever there is any new update of WP, Plugins or Themes, they get updated automatically(On every cron run of Softaculous, it checks for all stuff to see if there has been any update provided, if yea, it executes the update process and informs the site owner through email).

Thanks @Manal.  This is appreciated.   @"Hidden Refuge"nd also @Manal.  What is the possibility that the IP could have been compromised with DNS manipulation instead of hacking a Website on the domain on the VPS?  Like my VPS has been emptied with no content in it and powered down since Monday - the IP is no longer mine as I'm in the process of being issued with a new IP.  However there are three domains that are being indicated as actively and currently hosted by the IP (and they don't include the one and only domain I had on the VPS before I shut it down).  One of those three Domains is the one that carried the spam link (refer below).  Like technically is it possible to hack the DNS of a server without hacking the actual website on the server and getting the same result?

Here is the DNS analysis from dnsinspect.com with the IP that was compromised - I use dnsinspect.com when I change the DNS of my domains, so it's always current - so the info below has to be current for the domain below BUT the domain is not on that IP physically:
https://threatintelligenceplatform.com/r...ULK2QwHs4R

You can see the two other domains that are listed as well at the URL below.  
https://ipinfo.io/5.189.154.243

And of course my domain that was used on that VPS is no longer listed with the IP, but it is still blacklisted by some places. But those listed domains aren't blacklisted. Like my domain is still associated as a domain with the IP in the blacklisting, but when you check the other way round, the IP is no longer associated with my domain.  Instead the IP is associated with the other three domains (one of which carried the spam link in the complaint) and they're all in the clear - no blacklistings.  This is confusing the daylights out of me.
Terminal
Thank you to Post4VPS and VirMach for my awesome VPS 9!  
#13
Hacking the DNS of a domain is possible if a) the DNS hosting provider gets hacked (security holes in their system maybe, etc...), b) the account that holds the domain gets hacked somehow or c) maybe someone wasn't careful enough and left access open to an API for the DNS hosting and someone found out and used API access to modify records. Otherwise it would be impossible to simply go and change the DNS entry of a domain. I mean the chance that someone went so far is unlikely.

I could great domains and all point them to your IP if I really wanted. Nothing stops me from doing so. Before you other people owned that IP address and probably hosted sites.
[Image: zHHqO5Q.png]
#14
(08-02-2019, 07:43 PM)Hidden Refuge Wrote: Hacking the DNS of a domain is possible if a) the DNS hosting provider gets hacked (security holes in their system maybe, etc...), b) the account that holds the domain gets hacked somehow or c) maybe someone wasn't careful enough and left access open to an API for the DNS hosting and someone found out and used API access to modify records. Otherwise it would be impossible to simply go and change the DNS entry of a domain. I mean the chance that someone went so far is unlikely.

I could great domains and all point them to your IP if I really wanted. Nothing stops me from doing so. Before you other people owned that IP address and probably hosted sites.

I can't remember where I saw this, as it came up in my researches of a few nights ago.  It was a complaint about the security of Namecheap DNS.  There are some dated 2018 and a major one in 2014.  But I've also found this now about GoDaddy in a quick search - like ways these spammers can use the Domain Registrars to get access to domain DNS that don't belong to them:

https://krebsonsecurity.com/2019/02/croo...addy-hole/
Terminal
Thank you to Post4VPS and VirMach for my awesome VPS 9!  
Pages (2):


person_pin_circle Users browsing this thread: 1 Guest(s)
Sponsors: VirMach - Host4Fun - CubeData - Evolution-Host - HostDare - Hyper Expert - Shadow Hosting - Bladenode - Hostlease - RackNerd - ReadyDedis - Limitless Hosting