Exploited Site!! Help

[sulis]

Today, I was really shocked, all my post from August 6th till today is gone.. and it affected all my blogs..

I have contact the support and got the reply that my cpanel account/blog account/mysql account has bad and insecure password (not sure which one of it).. it mention that I have used (123456) password which is vulnerable.. I obviously didn't use such lame combination, but maybe it did not strong enough.

My question, is it possible that this unsecured password can result some data get lost or broken?

Is it means that there someone has breach my account and make fun of it and just deleted some database for certain date and do it over and over again with another blog?

FYI, before this issue happen, my database is unreachable twice this week and it solved it self after couple of hours.. could it be a sign that there's an error on the database..?

I am very newbie about this thing and desperate to seek help from anybody that can explain to me about this EXPLOITED WEBSITE issue..

Any help will do..

Hello,

An unreachable database can happen for a variety of reasons.

1) Very, Very, Very high Load on the server (Very, very, very rare)
2) /var filling up quickly because of a website landing on Stumbleupon and that persons web logs getting slammed with data entries (possible cause, not too common, though)
3) Too many persistent MySQL connections coming from your user (the most likely cause)

When it comes to your exploited website, there are countless reasons as to why this had happened.

I remember working on your support ticket, and the password provided was definitely insecure -- could have been broken in a matter of moments with some Mod6 math.

Now, that being said, that may not even be the root cause of the exploit.

There are many different types -- To break your password would require quite a few computers attempting to try as our servers blacklist IP addresses if they fail an X amount of times concurrently in under an X amount of time.

It's veyr likely that there was a vulnerability in wordpress that someone has exploited.

Regardless of which version you are running -- if it's the most recent version or not -- people will find a way to break into it. Especially since Wordpress is everywhere. Absolutely everywhere.

That, and it's web based and uses POST and GET information ,but that's another story.

The best way to keep your site secure is to use a secure password, keep your scripts as up to date as possible, and to make sure that no one has access to the files except for you.

Thanks,
Matthew Rosenblatt

[sulis]

Just curious... is there anyone here experience the same problem like me? especially for user who host their website at node56 / IP 75.125.143.18

PS: thanks you Matt for the explanation