• Mike Parker (15/15) Apr 11 2014 Google has cleared the dblog.aldacron.net domain from the blacklist, so
• Nick Sabalausky (10/25) Apr 11 2014 Yea, shared hosting can be a pain. TBH, all my biggest web server
• simendsjo (5/10) Apr 11 2014 Been using Linode for ~3 years, but a couple of months ago my node had a...
• Nick Sabalausky (2/12) Apr 11 2014 Yea. *I've* caused far more downtime to my linode server than linode has...
• Mike Parker (11/11) Apr 11 2014 Seems I spoke too soon. Tech support has yet to remove the file,
• Andrej Mitrovic (2/6) Apr 11 2014 Unbelievable. 40$ to delete a file.
• Nick Sabalausky (3/9) Apr 12 2014 Sounds about on par with some of the the crazy shit I've seen shared
• Kagamin (6/7) Apr 12 2014 Sounds like the virus opposes naive deletion. One should first
• Vladimir Panteleev (12/20) Apr 13 2014 I think the question should be asked, "How did that file got
• Mike Parker (19/30) Apr 13 2014 On shared hosting, situations like this (in my experience) follow
• Nick Sabalausky (6/9) Apr 12 2014 If you do go with Digital Ocean, I'd be interested in hearing how it
• Mike Parker (3/13) Apr 13 2014 I wound up going with Linode. I had used them before when I needed a
• Vladimir Panteleev (5/26) Apr 13 2014 Sorry for arriving late in this thread, but if you need hosting
• Mike Parker (3/9) Apr 13 2014 Thanks for the offer. I'd take you up on it, but now that I've
• Rory McGuire (6/23) Apr 14 2014 short-term VPS and already had an account.

Mike Parker <aldacron gmail.com> writes:

Google has cleared the dblog.aldacron.net domain from the blacklist, so 
it's safe to visit The One With D and the Derelict forums again.

Ultimately, I had to root everything out myself. Tech support was 
friendly enough, but very little help (they advised me that I needed to 
find the problem, which is what I asked for help with in the first 
place). It turns out there was a hidden executable which was completely 
invisible to my ftp client. I was able to see it only through the CPanel 
File Manager, but I was unable to delete it. Every attempt succeeded, 
only for the file to come back again. But once I eliminated all sorts of 
php files and fixed a number of static html files that had been 
modified, the problem went away even if the executable did not. Tech 
support did, finally, tell me they would remove the offending file.

Because of this experience, I've decided it's time to move away from 
shared hosting. I'm going to transfer everything over to a VPS (either 
with Digital Ocean or Linode) so that I can always have shell access.

Nick Sabalausky <SeeWebsiteToContactMe semitwist.com> writes:

On 4/11/2014 9:10 AM, Mike Parker wrote:
 Google has cleared the dblog.aldacron.net domain from the blacklist, so
 it's safe to visit The One With D and the Derelict forums again.

 Ultimately, I had to root everything out myself. Tech support was
 friendly enough, but very little help (they advised me that I needed to
 find the problem, which is what I asked for help with in the first
 place). It turns out there was a hidden executable which was completely
 invisible to my ftp client. I was able to see it only through the CPanel
 File Manager, but I was unable to delete it. Every attempt succeeded,
 only for the file to come back again. But once I eliminated all sorts of
 php files and fixed a number of static html files that had been
 modified, the problem went away even if the executable did not. Tech
 support did, finally, tell me they would remove the offending file.

Ouch! At least it's all sorted out.

 Because of this experience, I've decided it's time to move away from
 shared hosting. I'm going to transfer everything over to a VPS (either
 with Digital Ocean or Linode) so that I can always have shell access.

Yea, shared hosting can be a pain. TBH, all my biggest web server 
problems have always been directly related to one shared host or 
another. I got fed up and switched to VPS a few years and haven't looked 
back. I haven't looked closely at the other VPS companies, but in my 
experience you can't go wrong with Linode. They're amazing. I'm 
ultra-critical of freaking everything, and yet I don't have a single, 
even minor, complaint about Linode. (But then I'm a control freak, so 
VPS is a natural fit for me anyway, so "FWIW".)

simendsjo <simendsjo gmail.com> writes:

On 04/11/2014 03:41 PM, Nick Sabalausky wrote:
(...)
  I haven't looked closely at the other VPS companies, but in my
 experience you can't go wrong with Linode. They're amazing. I'm
 ultra-critical of freaking everything, and yet I don't have a single,
 even minor, complaint about Linode. (But then I'm a control freak, so
 VPS is a natural fit for me anyway, so "FWIW".)

Been using Linode for ~3 years, but a couple of months ago my node had a 
HW problem and was down for a couple of minutes. In other words - Linode 
is pretty good.

Nick Sabalausky <SeeWebsiteToContactMe semitwist.com> writes:

On 4/11/2014 10:01 AM, simendsjo wrote:
 On 04/11/2014 03:41 PM, Nick Sabalausky wrote:
 (...)
  I haven't looked closely at the other VPS companies, but in my
 experience you can't go wrong with Linode. They're amazing. I'm
 ultra-critical of freaking everything, and yet I don't have a single,
 even minor, complaint about Linode. (But then I'm a control freak, so
 VPS is a natural fit for me anyway, so "FWIW".)

 Been using Linode for ~3 years, but a couple of months ago my node had a
 HW problem and was down for a couple of minutes. In other words - Linode
 is pretty good.

Yea. *I've* caused far more downtime to my linode server than linode has :)

"Mike Parker" <aldacron gmail.com> writes:

Seems I spoke too soon. Tech support has yet to remove the file, 
the problem is back, and the site has been blacklisted again. 
What's more, it seems that the support guy who offered to delete 
the file overstepped his authority. Because now I get this from 
them:

"If you need assistance cleaning your account and fixing the 
security holes for you site, we offer a low cost service option 
called Managed Shared Hosting. For the service fee of $39.95, we 
can create a work order to investigate and fix your issue."

Screw these guys. Looks like I'll have to get the VPS set up and 
transfer the domain before I can get off the blacklist for good.

Andrej Mitrovic <andrej.mitrovich gmail.com> writes:

On 4/12/14, Mike Parker <aldacron gmail.com> wrote:
 "If you need assistance cleaning your account and fixing the
 security holes for you site, we offer a low cost service option
 called Managed Shared Hosting. For the service fee of $39.95, we
 can create a work order to investigate and fix your issue."

Unbelievable. 40$ to delete a file.

Nick Sabalausky <SeeWebsiteToContactMe semitwist.com> writes:

On 4/12/2014 2:38 AM, Andrej Mitrovic wrote:
 On 4/12/14, Mike Parker <aldacron gmail.com> wrote:
 "If you need assistance cleaning your account and fixing the
 security holes for you site, we offer a low cost service option
 called Managed Shared Hosting. For the service fee of $39.95, we
 can create a work order to investigate and fix your issue."

 Unbelievable. 40$ to delete a file.

Sounds about on par with some of the the crazy shit I've seen shared 
hosts do.

"Kagamin" <spam here.lot> writes:

On Saturday, 12 April 2014 at 06:38:16 UTC, Andrej Mitrovic wrote:
 Unbelievable. 40$ to delete a file.

Sounds like the virus opposes naive deletion. One should first 
need to find its guard. Well, anyway, such things require 
security specialist, so they cost money.

Mike should delete everything from the current site. Hope that 
will stop further distribution of the virus.

"Vladimir Panteleev" <vladimir thecybershadow.net> writes:

On Saturday, 12 April 2014 at 09:36:42 UTC, Kagamin wrote:
 On Saturday, 12 April 2014 at 06:38:16 UTC, Andrej Mitrovic 
 wrote:
 Unbelievable. 40$ to delete a file.

 Sounds like the virus opposes naive deletion. One should first 
 need to find its guard. Well, anyway, such things require 
 security specialist, so they cost money.

 Mike should delete everything from the current site. Hope that 
 will stop further distribution of the virus.

I think the question should be asked, "How did that file got 
there?"

Was there a security hole in the blog software?

Was the password guessed, sniffed or stolen?
(There exists Windows malware that steals saved FTP/SCP 
passwords...)

Until the security hole is closed for good, the file may reappear 
again.

I would suggest looking at the file's modification time, and 
checking the HTTP / FTP access logs for suspicious activity 
around that time.

"Mike Parker" <aldacron gmail.com> writes:

On Monday, 14 April 2014 at 03:13:31 UTC, Vladimir Panteleev 
wrote:

 I think the question should be asked, "How did that file got 
 there?"

 Was there a security hole in the blog software?

 Was the password guessed, sniffed or stolen?
 (There exists Windows malware that steals saved FTP/SCP 
 passwords...)

 Until the security hole is closed for good, the file may 
 reappear again.

On shared hosting, situations like this (in my experience) follow 
a check list. You remove any infected files and malware from your 
directories, update the passwords, reinstall or update the 
software and, if the problem persists, tech support will dig into 
it to find the holes.

In seven years of running the site, I had previously only had one 
script injection problem which came down to a bug in Wordpress 
and was fixed in the next update. Never had a malware problem 
before, but given that these guys instructed me to delete it ( a 
no-brainer) or risk suspension of my account, I would not expect 
them to charge me $40 when it proves impossible for me to remove.

 I would suggest looking at the file's modification time, and 
 checking the HTTP / FTP access logs for suspicious activity 
 around that time.

One can wish. The file time is Jan 1, 1970 8:59. It's zero bytes 
and has full permissions. Its name is a jumbled mess (blocks and 
symbols). The only clue I had was the modification times of the 
mysterious php files (all of which also showed up as 0 bytes) and 
the infected html files, but I don't know if they're related to 
the malware or something completely different.

Nick Sabalausky <SeeWebsiteToContactMe semitwist.com> writes:

On 4/11/2014 9:10 AM, Mike Parker wrote:
 Because of this experience, I've decided it's time to move away from
 shared hosting. I'm going to transfer everything over to a VPS (either
 with Digital Ocean or Linode) so that I can always have shell access.

If you do go with Digital Ocean, I'd be interested in hearing how it 
works out. Their $5/mo option might be a good way out next time I have a 
client who's trying to use a shared PHP-oriented host. If you don't want 
to post here my email is nick1 (and the email's domain name is 
semitwist.com).

Mike Parker <aldacron gmail.com> writes:

On 4/13/2014 6:39 AM, Nick Sabalausky wrote:
 On 4/11/2014 9:10 AM, Mike Parker wrote:
 Because of this experience, I've decided it's time to move away from
 shared hosting. I'm going to transfer everything over to a VPS (either
 with Digital Ocean or Linode) so that I can always have shell access.

 If you do go with Digital Ocean, I'd be interested in hearing how it
 works out. Their $5/mo option might be a good way out next time I have a
 client who's trying to use a shared PHP-oriented host. If you don't want
 to post here my email is nick1 (and the email's domain name is
 semitwist.com).

I wound up going with Linode. I had used them before when I needed a 
short-term VPS and already had an account.

"Vladimir Panteleev" <vladimir thecybershadow.net> writes:

On Sunday, 13 April 2014 at 11:44:50 UTC, Mike Parker wrote:
 On 4/13/2014 6:39 AM, Nick Sabalausky wrote:
 On 4/11/2014 9:10 AM, Mike Parker wrote:
 Because of this experience, I've decided it's time to move 
 away from
 shared hosting. I'm going to transfer everything over to a 
 VPS (either
 with Digital Ocean or Linode) so that I can always have shell 
 access.

 If you do go with Digital Ocean, I'd be interested in hearing 
 how it
 works out. Their $5/mo option might be a good way out next 
 time I have a
 client who's trying to use a shared PHP-oriented host. If you 
 don't want
 to post here my email is nick1 (and the email's domain name is
 semitwist.com).

 I wound up going with Linode. I had used them before when I 
 needed a short-term VPS and already had an account.

Sorry for arriving late in this thread, but if you need hosting 
for D-related projects, I'd be glad to offer some on my server. 
You get a limited Linux user with full shell access, and your 
choice of httpd.

"Mike Parker" <aldacron gmail.com> writes:

 I wound up going with Linode. I had used them before when I 
 needed a short-term VPS and already had an account.

 Sorry for arriving late in this thread, but if you need hosting 
 for D-related projects, I'd be glad to offer some on my server. 
 You get a limited Linux user with full shell access, and your 
 choice of httpd.

Thanks for the offer. I'd take you up on it, but now that I've 
broken away from shared hosting I plan to make use of the 
resources on this VPS for more than just D stuff.

Rory McGuire <rjmcguire gmail.com> writes:

On 13 Apr 2014 1:45 PM, "Mike Parker" <aldacron gmail.com> wrote:
 On 4/13/2014 6:39 AM, Nick Sabalausky wrote:
 On 4/11/2014 9:10 AM, Mike Parker wrote:
 Because of this experience, I've decided it's time to move away from
 shared hosting. I'm going to transfer everything over to a VPS (either
 with Digital Ocean or Linode) so that I can always have shell access.


 If you do go with Digital Ocean, I'd be interested in hearing how it
 works out. Their $5/mo option might be a good way out next time I have a
 client who's trying to use a shared PHP-oriented host. If you don't want
 to post here my email is nick1 (and the email's domain name is
 semitwist.com).

 I wound up going with Linode. I had used them before when I needed a

short-term VPS and already had an account.
I've been using digitalocean and I quite like them.

Unfortunately I haven't had any problems so I could say how they handle
that.
I use them for work and for quick trials.