Add new comment

As I mentioned in my earlier post, 'Got infected and reported as attack page', all of my index.html and index.php where appended with an evil javascript that eventually made my website as 'Reported Attach Page'. I did identify these files, through shell script using grep, and clean 'em up manually. Though it took some time, I was happy to complete the long postponed task. However, the issue has come back the very next day.

When I contacted HostPC support, they said that it's because of directory permissions and XSS hacks through Word Press. The next thing I did is to update Word Press, change all the directory / file permissions and once again manually delete the script tags from all the infected pages. This time the issue didn't come back.

Joseph from Host PC support team suggested that folder permissions 777 set by installer is not secure and I shouldn't be using it. Well that's acceptable response but, I am interested to know "what folder permission are secure that would still let me upload the images from Word Press". This is where Host PC started to frustrate me. Even after 5 days, I never got a proper response and in all of the responses say "I cannot use 777" and never replied to "what permissions are secure for uploading images through Word Press".

When I suggested a blog post on Changing File Permissions, I got a rude response from Joseph - "I don't care what their instructions say", (for full conversation - Host PC support team frustrates me). That's when I decided to leave Host PC as it never worked out with support team and I got a response approx once in 20 hrs, spanning 5 days.

I never had issue with Host PC prior to this, but on this scenario I have decided close the business with these guys on no resolution. Will get back soon with new Host Provider

- Shyam K. Arjarapu