My Website Hacked

Hello all,

From past two days i was getting threats from many non muslims that they can take my website down in few hours. .

due to few islamic posts titled "Islam is the fastest growing religion" There was a comment war in that post .. and threads to me and my mate of getting website hacked...

This morning when i woke up i see the website down, my host (blue host) told me that this is a Ddos attack and we cannot allow you to host this site on our servers ...

I was using Wordpress 3.0 and what can i do to make it live again ?

[quote=", post:, topic:"]

my host (blue host) told me that this is a Ddos attack and we cannot allow you to host this site on our servers …
[/quote]

WTF! They are not able to provide Ddos protection and saying that we can’t host? ask them to give you full refund of all the payments you made to them.

I have made order to godaddy dedicated server .. after 38 hours still i cant get my server ..once i am shifted i will ask them full refund

In the web hosting industry there is no room for error, Specially when your running your website which generates income. With one mistake of a host you can lose thousands. As MZC connect with them and ask them to fully refund you. Also make call to there toll free number in USA from your skype and talk to there sales team.

The host is a third rate one if they can't protect their servers from DDoS attacks and refuse to host your site. Screw them. Get a refund and change your host.

Were you maintaining backups?

[quote=", post:, topic:"]

Hello all,

From past two days i was getting threats from many non muslims that they can take my website down in few hours. .

due to few islamic posts titled “Islam is the fastest growing religion” There was a comment war in that post … and threads to me and my mate of getting website hacked…

This morning when i woke up i see the website down, my host (blue host) told me that this is a Ddos attack and we cannot allow you to host this site on our servers …

I was using Wordpress 3.0 and what can i do to make it live again ?

[/quote]

Was this first ddos ? . If its first one and they are saying this without much effort then it sure sucks of them.

When a host will tell you we can’t host you ? , its when they see one ddos , control/mitigate it to some extent , block some ip/ip-ranges , the next day or after few days , there is another one they try more , control it some what, and then again it continues and they spend some good hours fixing it and its still continuing.

This is the situation when a host tells you they can’t host you. As software firewalls etc, can’t coup much with severe ddos attacks , it require hardware firewalls which are quite expensive.

If your situation was the one explained above, then you will face same situation at many other hosts too. So before getting a server from new host, ask them how they would handle your site/server when it will face a ddos, try to get as much detail as you can. If you need any help/suggestion you can pass the host reply to me.

As far as G0daddy is concerned , I am not sure if I would recommend them to you. They are going down hill due to their financial situation and otherwise too I don’t feel its a very good but would agree not very bad either. As you have ordered the server already, so try to get info from them on ddos handling if you have not done that already.

As far as WP is concerend 3.0 is latest, but still audit your account, go through files and make sure its all clean and you don’t have any extra files than WP files in there. If you need any help with that , let me know and I can check it for you.

And lastly if you are expecting further threats and ddos on your site, then try to get with some specific hosts that provide ddos protection, they recieve traffic on different servers and then filter it and redirect to your site, or it can be addon as well, that keeping server at X company and getting ddos filtering from Y company, which will guide you on setup and your traffic on server X will reach after filtering from Y company , so you will not need to worry about any ddos at X company’s server.

@Asad: bluehost is a very third class hosting, i also mentioned this in my other post on wp ..

I was already about to change the host but this attack made every thing wrong ..

Well i have access to my cpanel at bluehost and downloaded a backup @ my local PC .. now i have purchased a Dedi from securedservers.com with plesk panel ... configuring it now ..

It was an attack of minor level , -1000 n (according to bluehost) and now they have kicked my site from their server because they cannot prevent Ddos attacks ..

@Riz: I ordered godaddy but still i cannot get the server setup so i cancelled the order .. at securedservers.com they guarantee me the low level attacks will be prevented but for high level i need a server monitoring which costs around 30USD /mo

[quote=", post:, topic:"]

The host is a third rate one if they can’t protect their servers from DDoS attacks and refuse to host your site. Screw them. Get a refund and change your host.

Were you maintaining backups?

[/quote]

They agree to Pay me back full refund from the very first day i started hosted with them …

Scan your computer for any viruses, threats, keyloggers and trojans and change all your control panel and wordpress passwords, if they still alive then there is a chance that your site will be hacked again.

paying host are the best

[quote=", post:, topic:"]

paying host are the best
[/quote]

What’s paying host? or did you meant Paid Hosting, if yes then we are actually talking about them. :-s

Generally I have never understood website hacking. The owner and in many cases the host is supposed to have a backup and that can be hosted instantly, at same server or some other?

Well to all those who have Islamic content: "Please go to a secured host"

Hello,

I used their live chat and asked question about ddos. Here is chat log:

[quote=", post:, topic:"]

Dan: [3:35:23 AM] Welcome to our real-time sales chat. How can I help you today?

FIRST TIME SALE..: [3:35:44 AM] Hello, Is your hosting ddos protected?

Dan: [3:36:02 AM] we do have various DDoS protective measures in place

[/quote]

I believe the norm for Shared hosting is that if a specific website is being targeted, and not the server, they will take down that particular account.

Unless it was a DDoS, it most likely was due to some unpatched/outdated software on the server, which in the case of dedicated hosting is partially the admin's job.