Comments on: MediaTemple hacked, and how to fix it

By: tony

tony — Fri, 14 May 2010 16:14:28 +0000

You may be aware, but one of the things MT did to try and mitigate the problem was to reset the database passwords for all of their users, unless they had been reset manually.

By: JHaslam

JHaslam — Fri, 14 May 2010 16:07:02 +0000

We had this happen to us as well. We couldn’t see the files you mentioned, but our .htaccess file had been hacked. Hopefully we have this fixed by changing user names and passwords for the access to our files. If not, then it is time to move elsewhere.

By: tony

tony — Fri, 12 Feb 2010 11:48:46 +0000

Glad to be of help Peter!

By: Drupal website hacked – hosted by Heart Internet

Drupal website hacked – hosted by Heart Internet — Fri, 12 Feb 2010 06:15:00 +0000

[...] if you didn’t already know: Google is your friend. It was mine too as a search produced this post by Tony Geer that explained everything. Reading it I discovered that sure enough, my .htaccess file had been [...]

By: Peter Hobley

Peter Hobley — Fri, 12 Feb 2010 05:48:26 +0000

Phew, thanks for this. I had a Drupal site go down in mysterious circumstances – just got a blank white screen. Replaced my index.php file and it worked yet the links were being directed to allvideo. Found your explanation and it makes sense – I’m guessing the code in the index file screwed up the Drupal system so it totally broke. That was fortunate because it meant nobody could get redirected by the dodgy .htaccess file.

Thanks again. Will be changing up all passwords.

By: Tony

Tony — Sun, 29 Nov 2009 15:14:29 +0000

I just got that email myself a few days ago and I had to go change my passwords. Really don’t know why they seem to be shooting themselves in the foot.

Maybe sometime we’ll get the full story.

By: Lisa

Lisa — Sun, 29 Nov 2009 14:39:39 +0000

I actually got emails from MT regarding the problem but it didn’t come close to explaining what was going on and how serious. Pretty much this:
“This is an automated notice informing you that our system has reset your Server Administrator FTP/SSH password due to suspicious activity observed on your (gs) Grid-Service. Our systems have taken measures to protect your service from any possible future exploits.”
Another reason to move away from them since I have more trouble with MT than any other hosting firm.

By: tony

tony — Sat, 21 Nov 2009 18:30:02 +0000

Yes it’s really disappointing that it was handled this way, I really can’t figure out why they haven’t alerted their customers. I’m sure some of them are affected right now and aren’t even aware of it.

Thanks for commenting.

By: Matthew Hunt

Matthew Hunt — Sat, 21 Nov 2009 18:25:02 +0000

A client of mine last week was also hacked. The exact same way. And guess who his hosting provider was? You guess it, Media Temple. ‘even though they haven’t contacted customers to tell them anything at all. ” You got that right. I’m lucky I don’t use Media Temple and no other clients of mine do either. “even static, flat HTML files were all being affected. ” I can confirm that as well. I had to correct 10 websites. It was a long night.