I had a weird hack to day from (Kiev, Russia). Someone took over one of my shared sites (Cpanel login) and updated my textpattern instance to the latest version!? Added a wierd domain name as well. Very quirky.
one plus one
Shared publicly•View activity
View 3 previous comments
- I meant Ukraine/Russia as I just briefly glanced at the IP locator to confirm. They gained access through Cpanel login from what we can tell. They then set up a sub-domain, and a redirect it to www.talonbooks.com/news where they had placed an html file in the public html. It didn't work because news already in use by textpattern, which I why I guess they tried updating it? (still confusing)Sep 30, 2015
- I'd install a fresh copy of Textpattern and smd_prognostics* to monitor things.
*) http://stefdawson.com/sw/plugins/smd_prognosticsSep 30, 2015
- CPanel password update warranted..Oct 1, 2015
- from what i understood, if they got access through cpanel then change pasword for cpanel first asap.Oct 1, 2015
- You could really fox them and switch to Plesk. Things like this is why I dont do shared hosting any more.Oct 1, 2015
- On the other hand, this means Txp has hit the big time, right? ;)Oct 2, 2015