On Saturday, 12 April 2014 at 09:36:42 UTC, Kagamin wrote:
> On Saturday, 12 April 2014 at 06:38:16 UTC, Andrej Mitrovic wrote:
>> Unbelievable. 40$ to delete a file.
>
> Sounds like the virus opposes naive deletion. One should first need to find its guard. Well, anyway, such things require security specialist, so they cost money.
>
> Mike should delete everything from the current site. Hope that will stop further distribution of the virus.

I think the question should be asked, "How did that file got there?"

Was there a security hole in the blog software?

Was the password guessed, sniffed or stolen?
(There exists Windows malware that steals saved FTP/SCP passwords...)

Until the security hole is closed for good, the file may reappear again.

I would suggest looking at the file's modification time, and checking the HTTP / FTP access logs for suspicious activity around that time.

On Sunday, 13 April 2014 at 11:44:50 UTC, Mike Parker wrote:
> On 4/13/2014 6:39 AM, Nick Sabalausky wrote:
>> On 4/11/2014 9:10 AM, Mike Parker wrote:
>>>
>>> Because of this experience, I've decided it's time to move away from
>>> shared hosting. I'm going to transfer everything over to a VPS (either
>>> with Digital Ocean or Linode) so that I can always have shell access.
>>
>> If you do go with Digital Ocean, I'd be interested in hearing how it
>> works out. Their $5/mo option might be a good way out next time I have a
>> client who's trying to use a shared PHP-oriented host. If you don't want
>> to post here my email is nick1 (and the email's domain name is
>> semitwist.com).
>>
>
> I wound up going with Linode. I had used them before when I needed a short-term VPS and already had an account.

Sorry for arriving late in this thread, but if you need hosting for D-related projects, I'd be glad to offer some on my server. You get a limited Linux user with full shell access, and your choice of httpd.

On Monday, 14 April 2014 at 03:13:31 UTC, Vladimir Panteleev wrote:

>
> I think the question should be asked, "How did that file got there?"
>
> Was there a security hole in the blog software?
>
> Was the password guessed, sniffed or stolen?
> (There exists Windows malware that steals saved FTP/SCP passwords...)
>
> Until the security hole is closed for good, the file may reappear again.

On shared hosting, situations like this (in my experience) follow a check list. You remove any infected files and malware from your directories, update the passwords, reinstall or update the software and, if the problem persists, tech support will dig into it to find the holes.

In seven years of running the site, I had previously only had one script injection problem which came down to a bug in Wordpress and was fixed in the next update. Never had a malware problem before, but given that these guys instructed me to delete it ( a no-brainer) or risk suspension of my account, I would not expect them to charge me $40 when it proves impossible for me to remove.

>
> I would suggest looking at the file's modification time, and checking the HTTP / FTP access logs for suspicious activity around that time.

One can wish. The file time is Jan 1, 1970 8:59. It's zero bytes and has full permissions. Its name is a jumbled mess (blocks and symbols). The only clue I had was the modification times of the mysterious php files (all of which also showed up as 0 bytes) and the infected html files, but I don't know if they're related to the malware or something completely different.

>> I wound up going with Linode. I had used them before when I needed a short-term VPS and already had an account.
>
> Sorry for arriving late in this thread, but if you need hosting for D-related projects, I'd be glad to offer some on my server. You get a limited Linux user with full shell access, and your choice of httpd.

Thanks for the offer. I'd take you up on it, but now that I've broken away from shared hosting I plan to make use of the resources on this VPS for more than just D stuff.

On 13 Apr 2014 1:45 PM, "Mike Parker" <aldacron@gmail.com> wrote:
>
> On 4/13/2014 6:39 AM, Nick Sabalausky wrote:
>>
>> On 4/11/2014 9:10 AM, Mike Parker wrote:
>>>
>>>
>>> Because of this experience, I've decided it's time to move away from shared hosting. I'm going to transfer everything over to a VPS (either with Digital Ocean or Linode) so that I can always have shell access.
>>
>>
>> If you do go with Digital Ocean, I'd be interested in hearing how it works out. Their $5/mo option might be a good way out next time I have a client who's trying to use a shared PHP-oriented host. If you don't want to post here my email is nick1 (and the email's domain name is semitwist.com).
>>
>
> I wound up going with Linode. I had used them before when I needed a
short-term VPS and already had an account.
I've been using digitalocean and I quite like them.

Unfortunately I haven't had any problems so I could say how they handle
that.
I use them for work and for quick trials.