(mt)

Out of context: Reply #15

  • Started
  • Last post
  • 26 Responses
  • nocomply0

    Well guess what? I woke up this morning to 2 more of my wordpress websites that were subject to this database injection hack on 2 different MT grid-service accounts of my clients. These are different sites than the ones on my own MT account which were hacked a few weeks ago.

    I called MT and spoke with a tech on the phone about it. Here is what I gather thus far:

    From the research MT has done up to this point, there is no evidence that a security vulnerability on their system has led to these hacks. However, MT engineers are still investigating the problem because they have not yet found out the entry point of these attacks. So it may wind up being MT's fault in the end, but at this point we just don't know. They claim that the hack is affecting both GS and DV accounts, though the sites hosted on my own personal DV account thus far have been safe. They do say they're seeing it far more frequently on the GS accounts (probably just because way more people have gs accounts though).

    Here's what I'm doing in the meantime:

    Backing up EVERYTHING! All files and databases on ALL of my websites (wordpress or not).

    Resetting all passwords (FTP, acct center, DB, WP, etc...)

    Checking all of my files for weird script injections in the header/footer.

    Installing an automatic DB backup plugin for wordpress (http://wordpress.org/extend/plu...

    Might look into installing some WP security plugins as well.

    Installing and running anti-virus software on my computer

    Might even remove all of my stored FTP info from FileZilla (haven't decided yet)

    I'm not here to talk shit about MT. There's enough of that already and I may soon be one of those people. I've known the gs was not rock solid, but for most of my clients a little down-time here and there didn't matter. This hack however, is unacceptable.

    So for now I just want to help out others out there and pass along what I know.

    Also - MT does not have any kind of backup system in place. (They do have a "disaster recovery" service but the the tech kind of made that out to be a worst case scenario kind of deal that couldn't be guaranteed to be entirely accurate. It also costs money to use.) So basically it's your own responsibility to back up your shit! Fortunately I'm pretty good about that.

    ACESCENCE - Can you please provide some more info about SFTP? I might look into using that instead of regular FTP.

    nocomply 0Permalink
    UpvoteDownvote
    Flag
      Show [[ numHiddenNotes ]] more notesAdd Note
      SaveCancel

    View thread