Comments on: Aftermath: Results of a Hacker Attack

By: Geoff

Geoff — Thu, 03 Sep 2009 20:46:52 +0000

I found your article whilst searching for the IP that made a similar attack on one of my sites in early August. My attacks started after installing FileZilla.

92.114.126.25 (a games server in Romania) appears in my FTP logs 5 times. I’ve seen the same IP in the log of another site that has been destroyed by a similar attack. Complaints to abuse at the service provider have not produced a response.

By: Roland

Roland — Tue, 01 Sep 2009 09:03:13 +0000

Hello Chris,

Several of my sites got infected by this attack, too. We were puzzled at first because sites on two different hosting accounts were hacked in exactly the same way. I didn’t immediately think that one of my office PCs would be the problem.

In the end we did isolate the cause of the infection – a laptop used to administer all the sites involved – and rebuilt it.

Interesting to read someone else’s experience on this – having two servers running concurrently at the time of the attack was an unfortunate coincidence for you!

Regards,

Roland

By: Anthony Cea

Anthony Cea — Sat, 29 Aug 2009 13:58:15 +0000

So you are saying that your local PC was hijacked with malware and they got your server passwords from that situation ?

I guess you need to run SpyBot Search & Destroy more, I was forced to go back to it recently since my AV software was not stopping all the threats that you pick up simply from surfing the web now days.