Big Problem

[iamar]

Sthepen or Yash,

I have a really big -and weird- problem.

A couple of days ago I completly lost some domains folders in one of our windows accounts. They just disappeared. About 5 or 6 domains folders. We recreate them, but we are so in panic about this... what happened?

I think you have all server's activity logged, so probably you can tell us what is going on.

Thanks in advance, Ignacio Marcos

 

[Stephen]

Need details, you need to mail, submit a ticket, or send to helpline with some of them.
I have in the past seen such mistakes when someone goes to search for a domain to delete it from the reseller side, and it deletes all of the account, it is more common than one would think.

 

[iamar]

Stephen,

Thanks for you fast response.

In fact we have some exprience doing this, and believe me, we dont do anything about this.
The weird thing is that the domains are properly configured under domains in control panel, and even databases are there.. but the domain folders (inside one windows account) are lost.

Before posting here I created a Ticket (with the first domain we found lost, 407623), but as I dont have any reply from you, I come here and post this issue that, I repeat, has us very worried (we already changed all our passwords and access).

Thanks again, Ignacio Marcos.

 

[Stephen]

just FYI we can't reply that ticket as it is in your reseller CP, not to us.

I found the ticket and am checking but you need to properly log a ticket to get a reply:
Jodohost.com :: Help

 

[Stephen]

it was setup 2/2/07 and it is still setup the same today, so nothing happened in hsphere to make it disappear.

It looks like you have some hack attempts against the domain you mention in the ticket, I'd check that you had the latest wordpress installed and it did not allow php file uploads, or remote includes.

 

[iamar]

Stephen,

Thank you.
Very sorry about the ticket, I confused where to post it.
Please keep me posted about this issue, so I can know what to do.

PS: I just disabled that domain WP.

Ignacio Marcos.

 

[Stephen]

any idea what day this folder was removed, I need to track it some in logs, it was clearly not hpshere or FTP(I checked back to the 22nd anyway), so it had to be PHP or ASP on your sites that allowed this to happen.

 

[iamar]

Stephen,

Probably on March 1st. Keep present that even when I submitted that ticket for a single domain, in fact there was 4 or 5 that really disappears.

I agree with you that probably is a buggy script that give someone access to our server.

Any other information just let me know.

Thanks, Ignacio Marcos.

 

[Stephen]

please submit a ticket with a full list so that I may check logs for all those domains, we have them safe far away from any access level someone gaining access via php or asp could have reached

 

[Stephen]

ehh check this, bad news from wordpress!!

WordPress › Blog ? WordPress 2.1.1 dangerous, Upgrade to 2.1.2

 

[iamar]

Stephen,

Yes, I already have readed that. But my WP version is 2.0, wich is not affecteed by that cracking.
I'll send you the missing domain list very soon.

Thanks again, Ignacio Marcos.

PS: do you found anything on logs?

 

[iamar]

Stephen,

This is the domain's lost list:

encyclofreedia.com
bairesdesignstudio.com
chestudio.com.ar
didacticamultimedia.com
delsilencio.com
aboriginalhands.com

We already re-setup some of them.

Please any news will be appreaciated, we're still in panic here.

Thank you, Ignacio Marcos.