Hacks get H4X0R3D

Over the years, GBXM got a bit messy. I’ve tried cleaning it up, but after deciding to shut it down earlier this year, I stopped caring and gave up. (I was gonna pull the plug at the end of 2017.)

Eight months later, I’m firing up the presses and getting back to work, I turn the emails back on and publish something new. The first piece of new content since February.

And that’s when I get the malware alert from DreamHost. #facepalm

I don’t know why those files were publicly editable. I certainly didn’t configure them.

I audit admin users.
I change all admin passwords.
I change the DreamHost password.
I change all the MySQL DB user passwords.

And now I can’t FTP in.
I’ve tried every user I have.
I’ve tried FTP and FTPS.
I’ve tried all my clients.

Now the site is broken and won’t load.
And I can’t remove the malware, either.

15 hours later, message from support is essentially, “You are teh suck, no0b. Try again.”

At least I got the emails turned back off again.

(sigh)

Leave a Reply

Your email address will not be published. Required fields are marked *