Has anyone else had this, i've had it twice now in the past few months. First on a Zen Cart domain and now on a CMS site. Different domains but both on the same Just Host account.

The first time support did check that it hadn't been via my FTP so must've been uploaded by the software on the site (or forced). Now they just want to cancel my account without letting me get any data from it!

I haven't been able to find any info on the web about this.

Not happy, nothing critical on the domains but it's going to be a real pain to get back, and will have to have all the domains pushed, another reason to keep domain registration separate from hosting!

Hi,

I would contact Just Host again, as it seems rather odd that two seperate PHP software have been hacked in the same way in a short space of time, I would say its down to the security on one of Just Host's servers rather than the PHP software itself.

If they fail to come back with anything useful, I would consider switching to another hosting provider.

Just goes to show you what certain hosts are really like, doesn't it?

You have backups though, don't you?

I know it's not much use now but a few causes of random crap on accounts are:

- Insecure software
- Bad passwords
- Stolen passwords
- Using same passwords for multiple things (eg, cPanel pass same as MySQL pass as script compromise = account compromise)
- Non-suPHP server with an exploit running somewhere else on the server
- Poor file/folder permisisons

They refused to reopen the account and thats basically all they said! I suppose from their view they are thinking the same hack has occurred twice on my account within 2 months.

What is more strange is that neither site was in use, first one had a half finished zen cart project on which had been put on the backburner and the other was a domian I registered then changed my mind about so just had a few default installs of CMS software on for trial, not even indexed in google.

They have given me a full backup and are going to push all the domains free of charge to my personal enom account. My main concern is images linked to eBay.

In some ways it's a blessing in disguise, I have a seperate reseller hosting account with another host which my currently active sites are using and the only reason I didn't move the sites on JustHost was laziness it didn't seem worth the hassle for £60/year.

Just unzipping the backup but the file had already been removed so I can't see what was in it.

This was their highly technical response in the first email this morning.

As you probably aware, here at Just Host we proactively monitor all our servers
to ensure that our clients websites are loading as fast as possible at all
times. During this routine monitoring we have found that you host hacker scripts that take place in attack to host 82.243.20.181

What really surprises is me is I can't find any information about this online, I also would've liked to have a nosey in the PHP file.

I'll certainly be on the side of keeping domain reg and hosting separate in future! I have been recently actually, these were all older domains.

They have told me it wasn't uploaded via my cPanel or FTP so that wasn't compromised, it could've been folder permissions as I hadn't taken any extra steps to secure the software on these domains as they weren't in use. I did have another Zen store on the account which remained fine, although inactive now it was secured when it was active.

I guess another lesson is not to leave unnecessary files accessible online.

There is a commonly exploited bug in old versions of ZenCart which lets attackers do Nasty Things so unless you had a recent version, you'd be vulnerable to that one for example. Mind you there's lots of bugs and probably lots of undiscovered ones too - recently an exploit came out for e107 which was rather serious in that attackers could run any code they liked. I had a nice Sunday evening cleaning up accounts after that one.

did justhost actually suspend your account? I'm with justhost and got hacked on zencart and they were so unhelpful. They wouldn't allow me access to the domain unless they wiped all the files off so I couldn't find how it happened.

Well it happened first time about 2 months ago on a domain running Zen Cart 1.3.8 basic install/template. Support sent me a polite email saying what the issue was and that they had to temporarily suspend my account, asked me to provide my IP so they could enable access for my IP to fix it. I just deleted everything on the domain as it was on my PC anyway. They confirmed the file wasn't uploaded via my cPanel/FTP.

This time though it was on a different domain and not Zen Cart, snotty email from Billing saying I host hacking scripts and my account was suspended, I said I would fix it or they could again delete all data on that domain but they said they wouldn't be giving me access to the account again.

I think someone must've been trawling the server, the one yesterday wasn't even indexed, either that or it happened a couple of months ago and wasn't noticed, the file was dropped deep in the file structure, not in an uploads area.

I don't know what it did, I will run a search later on all the files in the backup to check there was no other code injection pointing at the file.

I can kind of understand Just Host response in some ways, the fact neither domain contained an active website and it was the same hack, I don't know other hosts policies. I would've thought it would've affected other accounts too and i'm surprised I can't find any info about the file.

I realised quickly there decision was final and to their credit and as I said in your thread the other week their communication was good, they provided a full backup for me to download within about 30 mins of requesting and after I have downloaded that and unzipped it all I asked for the domains to be pushed to my enom account which was also done very quickly.

I am back online with the most important domain which hosts my eBay templates and images, the others not so important. Still it was more hassle than paying the £60/year. On my reseller hosting I will set domains up on separate accounts.