Hacker Attacks Namesco
Namesco was down for about an hour tonight as a turkish hacker had attacked the server. There were apparently attacks yesterday on WordPress sites exploiting the wrong permissions on the wp-config.php file – the automatic set-up by wordpress sets the wrong permissions for this file and so if your website has been hacked you need to;
1. delete the extra index.html file inserted by the hacker
2. set the chmod permissions for the wp-config.php file to 640
3 change your passwords for the website and for the databases used by wordpress.
No related posts.
April 14th, 2010 at 9:23 am
Yes, I experienced this also last night. Database access seems to be messed up at the moment through Namesco – logins diverting to the domain which has been registered “Mydbadmin.co.uk” but not allowing access through their control panels.
April 14th, 2010 at 10:35 am
Oh dear! Right I will have a check of ours again. What kind of login are you refering to? Has the control panel gone down again, it was down last night but then came back up. Is your website a wordpress one?
The frustrating thing last night was that the phone lines shut at 8pm, they used to be 24 hour and Namescos status update page said everything was fine! Weirdly they did not disable the ftp which is what they did last time they were hacked. Is it any co-incidence that the security breach occurred whilst they were updating the control panel.
If you hear anything further do let me know.
Gill
April 14th, 2010 at 10:52 am
Hi Gill. My own website is not a wordpress site, although I am currently in the process of changing my site completely and updating it to wordpress. One of the sites I designed though is a wordpress site. I have changed the permissions as you advised in your article. I can access the main control panel for namesco, but when you try to login to the databases (whilst still logged into main site control panel via the “login to your database” feature), then it diverts to the above address only. Not sure what is happening there!
I have contacted Namesco in by email, to which I am still waiting on a reply. I guess they have their hands full at the moment panicking!
I know what you mean about the support. I tried calling them last night, only to find them closed. Think I noticed sites had gone to “there are no nodes available to serve your request” at approx 8.20pm. Then there was an “error 404 – powered by Zeus severs” displayed for about five minutes. Then the “Turkish hacker” index.html displayed after that. They seemed to sort out most site by about 9.20pm-ish, but I had to login manually and delete the index.html in a couple of my sites.
April 14th, 2010 at 11:16 am
Hi Angela
I have just checked the domain you gave and the spam results are here http://www.siteadvisor.com/sites/mydbadmin.co.uk – it does not appear to be spam and is linked to phpmyadmin.net which also appears to be safe, so really you just need to check with Namesco why you cant login. Will let you know if I find anything else out.
April 14th, 2010 at 11:22 am
Hello all; as a web design company we have had multiple sites affected by the Turkish Hacker attack on Namesco. The thing that annoys me is that we have not received any notification from Namesco about the attack which has been the case on previous occasions when this has happened. I would expect that if we did manage to get through to Namesco support then we would get the same story that maybe our local computers are infected and that we should change all ftp passwords and re-upload the websites after scanning with Antivirus software. It is obvious that this is not the case as none of the websites on our own hosting are affected by the hacked files. To change FTP passwords is a nightmare (already done several times) as this changes the email passwords too and results in about a weeks work re-configuring all our customers email clients to resume email services.
All in all it is not good enough and we are in the process of moving all our customers sites albeit resulting in an additional cost of £10 plus VAT to Namesco to move each domain away. It just proves that Namesco is not secure and should be avoided if you require secure hosting for Ecommerce websites etc.
April 14th, 2010 at 11:32 am
I agree with you completely, their support is atrocious! Last time this happened I had to point out on the phone to them that they were lying to me, but this time the phones were not open – ridiculous. So hackers can do what they like to Namesco between 8pm and 8am.
April 14th, 2010 at 11:38 am
Update from WordPress – see this link http://wordpress.org/development/2010/04/file-permissions/
It would seem they are laying the blame at Namescos door and as it looks as if Namesco were changing the admin panel at the time of the attack I wonder if they are correct. Did anyone else notice changes to the control panel in the hour or so prior to the attack because my partner did and he moaned that they were changing it without letting anyone know in advance. Then eveerything suddenly came up with Turkish sites. Why oh why did they leave the ftp on whilst all of this was going on though – I just dont get it. Let me know if you hear anything more.
I think WordPress are pretty annoyed!
April 14th, 2010 at 12:35 pm
I had the same thing happen. Namesco are useless. I didn’t even have WordPress on this site (yet – thankfully!) – just an html file.
Useless, useless company.
April 14th, 2010 at 12:42 pm
I couldn’t agree more. WordPress are I think suggesting its Namescos fault for poor security. But what really gets me is Namesco’s awful communication.
April 14th, 2010 at 2:06 pm
Hi Gill,
Thanks for that. I can access phpMyAdmin now with no problems directly. Still not had any communication from Namesco regarding my earlier emails. I’m guessing I won’t be the only one they will be having to reply to!
April 14th, 2010 at 2:31 pm
They will be so stressed – did you see my link to the WordPress comment on the whole fiasco, interesting points they made. Oh well lets hope they all learn from this.
April 14th, 2010 at 6:32 pm
Hi Gill,
Yes, I read your link. Namesco advising that an “unusual pattern had developed on a very small number of websites hosted on our Linux shared cluster” but that they dealt with this issue. Watch this space, as you quite rightly say!
April 14th, 2010 at 6:47 pm
They said the same last time this happened but from the number of visits my blog has had today plus the number of tweets about Namesco I do not think this is the case, it certainly wasn’t just a few last time.
It might be that it is only on the shared hosting part of the server and not the dedicated part of the server because a company I know has a dedicated server space on Namesco did not appear to be affected. Even so it still means their security was not up to scratch somewhere along the line.
June 2nd, 2010 at 9:58 pm
If you’re using hosts as awful as namesco, then expect for things like this to happen.
July 2nd, 2010 at 3:54 pm
Yes we have recently discovered (2 July) that two of our sites have been hacked again. We only discovered it when a contact told us that our home page was appearing on a black list of compromised sites.
Why don’t Namesco warn users about this? They must know when they haver been attacked, or is it continual?
July 7th, 2010 at 10:18 pm
Hi what was this list of compromised sites, it would be useful if we could check our own sites out if Namesco carry on not letting anyone know. Do you have a link for the black list your contact gave you?