HostPapa Hosting Still Sucks: Now Extorts Customers

A few years back I blogged about HostPapa getting hit with a widespread hack that they lied to their customers about, and instead tried to blame on a non-existent WordPress security issue. More than just WordPress sites were affected, so obviously it was not that. It was most likely a cpanel bug that other hosting companies actually let their customers know about, and while they never did admit wrong eventually the sites stopped getting hit, so odds are they just quietly fixed it behind the scenes. However, since lying to your customers is bad form even if you eventually fix the problem, ever since then I have done my best to warn people against hosting with them. There are a ton of decent hosts out there at reasonable prices (my recommendation as always is Hostgator), so in this day and age there is no reason for anyone to go with (or stay with) one that gives crappy service.

A couple of days ago a woman named Kristina Birkhof (@sexypartyanimal) contacted me about helping her dehack her website, highclassbadass.com, since I clean hacked WordPress installations professionally. She said that HostPapa told her

Read more

New WordPress Backdoor Style Discovered – Hackers Think They Are Sneaky

I was cleaning a client’s site today that had been hacked, when I discovered a new backdoor implementation that I had never seen before. This one is a perfect example of why automated scans are often not sufficient when cleaning up a hacked WordPress installation. You can see the full file here: 99bde887d.php.

The file was dropped into the theme that the client is using, and is coded to mimic a core WordPress file, using some of the same function names and coding conventions that WordPress itself uses. It is designed so that most people opening it and actually looking at the code would still not notice that it was anything malicious. I have seen enough back doors though that even creative ones will often stand out to me. It is definitely not something that would be picked up with any of the existing scripted scans out there. While of course someone can update their plugins or scripts to include specific strings to look for that this file contains,

Read more