Ipower, (Ipower on Facebook, because their other support is useless) has lost it. They just disallowed all comments on Facebook because they have another security breach, and AGAIN allowed malware in all of our sites! And this is after another attack 3 days ago!
Three days ago someone on Twitter told me I had been hacked. There was a popup on all my blogs asking for fake info. WordPress already had threads going on this, and this one has good WordPress solutions. Turns out everyone who got this malware attack uses Ipower as their host! Ipower did nothing and sent no notices in response to the popups and malware attack, instead referring us to the WordPress forums for how to fix it! They took no responsibility and THEY DIDN’T CHANGE ONE THING in Ipower. As far as I know, this was the WORST security breach Ipower has ever had, yet they did…nothing. (Except they did wipe out some blogs in their incompetence, as you’ll see on that thread.)
The solutions were:
- Download and install the Search and Replace plugin from WordPress. The code was easy to spot (and you can find it on the thread) because it began and ended with “script”, and was on the bottom of every single post, if you had the HTML view checked. The Plugin warns that it actually connects directly to your database MySql, but that is exactly what you want, in this case.
- Download and install WP Firewall plugin from WordPress. Easy to setup, looked secure.
- Change all passwords to Ipower and your WP blogs. (I had done this just a week earlier, so very very annoying.) I use Strong Password Generator.
- Hope and pray. Because we never got an explanation from Ipower on why it happened, or if they did anything to prevent it from happening again.
I also found a really great malware checker that you can use for any site you visit, Sitecheck. All of my blogs are secure and safe. :)
Today, we were all attacked again. No popups this time, just malicious code in every post – millions of posts. I would guess a good 50% of Ipowers clients have WordPress. Ipower announced nothing and ignored it, and again someone else let me know this was going on. Finally WordPress took a stand this time, and said, talking about Ipower’s Facebook page:
This statement is hose pucky, mind you, since the only reason THAT could happen is bad server security.
They shut the thread down!! I’ve never seen WP do that, even when they have problems, like the upgrade to 3.0. They take it like a hero. So I think the logic is clear: it is only happening to WP sites with Ipower, and so Ipower is the culprit.
Now, in that WP thread someone also reported the problem on a Joomla site. I don’t even know what that is. But it says Joomla is open source, so = no money. Ipower has the money and techs and the ethical obligation to keep our hard work, stretching over years for many people like me, safe!
UPDATE: Just found a Joomla thread that says it’s Ipower, too, and is connected with the MySql databases.
So wordpress itself, after our own internal investigation, and many manhours spent trying to identify and fix the problem, says? it IS ALL IPOWERS FAULT!!! Nothing to do with Wordpess. We had to change all passwords, download and install WP Firewall (on top of our own) download and install the plugin Search and Replace and use that to remove the code (both times it did an excellent job), and STILL IPOWER WILL NOT ACCEPT RESPONSIBILITY for their security breach!
In other words, it can KEEP happening unless Ipower changes their denial, attitude, and security. They have always claimed they have no responsibility for anything that happens on WordPress, EVEN THOUGH THE ENTIRE PLATFORM is on their servers, of course, as well as the DBs. They aren’t even trained on anything about WP, so unless the tech person you talk with (if you’re lucky) knows WP him or her self, they pretend IT’S ALL YOUR FAULT.
Not only that, some bloggers lost entire pages and sites!! Here’s what Ipower posted:
Our removal of any scripts from compromised sites is as a courtesy only, and we cannot guarantee this removal will lead to the renewed full and complete accessibility of your site.
It’s a courtesy. OMG. They allow the hackers in, and can’t even apologize to us! Sure, mistakes happen, and scummy hackers are still out there. But Ipower did NOT admit it was their mistake, and didn’t correct it, and now it’s here again!? They are an unethical lying business. Too bad. They’re as bad as Godaddy, who pretended he was a big man by shooting an elephant.
Time to find a new host.
If anyone knows anything more about this problem, please share.
FOLLOW-UP: More on Ipower security failure.
computer landscape image via yale