Quote from: fourroses666 at Sep 07, 2012, 03:28 PMChange host
This is the single most stupid, un-researched, harmful, and naive comment I have read for quite some time.
Or perhaps I'm over-reacting, because it's because I have been tearing my hair out for a number of months and spent countless late nights trying to get to the heart of why my web server, which hosts about 10 sites, keeps getting compromised. When I say compromised, I mean, hackers have managed to basically take control of my OS, steal passwords, and use it to send hundreds of thousands of spam messages, thus almost getting my VPS shut down on a number of occasions.
I have been in the unenviable position of having to keep a whole number of websites running for my clients whilst my webserver has practically buckled under the sheer load of what I initially thought were denial of service attacks... either way they used about 1TB bandwidth in a month. My use before the server got compromised was hardly even a 20th of that amount!
Why?
Because of the exploit ... in Evogallery.
This evening I finally traced the exploit to the uploadify script in my web server logs:
POST /assets/modules/evogallery/js/uploadify/uploadify.php HTTP/1.1
The files that they posted to the root of the virtual directory in question were base 64 encoded files - yes, that's right: Remote Access Trojans.
So yes - the original poster's host, Boomerang, not only were right about that, but they should be commended for actually being proactive in their approach to their customers' security.
As for that one-line: "change host" - wow. What can I say?