Exploit: “Hacked By Badi” – Explanation and Steps to Remove

Posted on by
Reply

After getting reports today about WordPress installs getting hacked on the server I did some investigating and found that this may be a server wide hacking, meaning potentially all WordPress installs may have been defaced on the server.

The exploit was mostly likely caused by a vulnerability in Apache having to due with symlinks.

If you were effected by this, I have wrote the following article to help you: http://vlexofree.com/wiki/Exploit:_Hacked_by_badi

I have also recompiled apache/php with a patch to prevent the exploit (although the patch may cause issues of its own) and globally changed everyone’s “wp-conf.php” to “600″ permissions.

The exploit did not compromise your overall WordPress install or your passwords. The only changes made by the exploit are to the wordpress database in the following locations: the wordpress title, charset, and widgets. It only takes a few steps to fix, but it is a bit annoying to have to do it.

Server Reboot: April 24th 2013

Posted on by
Reply

If anyone noticed (hopefully you didn’t since the downtime was only about 5 minutes), the server was rebooted at around 12:30am PDT today.

First I’ll start off with the bad news…. which is that the server’s uptime has gone from 176 days of being continually online, back down to 0 days. Looking at the graph below it is a sad sight indeed. :(

Uptime graph

If you look at the far right you can see the emptiness of the drop to 0 days.

But! With all good things comes consequences. Which leads me to the Good News!

The reboot was not pointless, but required so we could boot into an updated kernel that fixed multiple security issues, address several hundred bugs, and added numerous enhancements. Exciting, right?

PHP’s configuration file updated for PHP 5.4

Posted on by
Reply

I thought I would let everyone know that I have just replaced cPanel’s old PHP configuration file with one designed for PHP 5.4. This should lead to some performance improvements for PHP scripts.

If you’re having any issues with you scripts that weren’t there before, be sure to post your issue in the VlexoFree Support Forum.

Note: My next project, once I have time, is to update to Apache 2.4 and resolve any issues that might cause.

VlexoFree, back on Bing

Posted on by
Reply

This story starts about 5 months ago, in October, with me trying to do a search for “VlexoFree” on Bing. The result was troubling as there were no results for vlexofree.com or any vlexofree subdomains. I’m not sure when this started but I do know VlexoFree was listed on microsoft’s search engine when I first started VlexoFree.

Anyways, it took me 5 months of emailing Microsoft Support back and forth to find out what the issue was and for them to fix it. But I am happy to announce that as of today VlexoFree.com and all of its subdomains are now being re-indexed by Bing and will start appearing in searches today.

Eli L.
VlexoFree Owner, System Administrator

Personal 300? You mean Personal 500?

Posted on by
Reply

Happy new year everyone! There haven’t been many changes to VlexoFree for a while which might make it seem like VlexoFree is slowing down or dying.. I’ve come here to say that this is far from the truth!

To start off this year I’m getting rid of the Personal 300 plan and changing it to the Personal 500 plan. This means everyone on who is currently on the Personal 300 plan will be getting an upgrade from 300 megabytes of space to 512 megabytes of space.

As I assess our current plans there might be more changes like this in the future!

Eli L.
VlexoFree Owner, System Administrator

Recent Downtime Announcement – Sept 29 to Oct 1

Posted on by
Reply

Here is the explanation for this weekend’s downtime that you’ve all probably have noticed.

On September 29th at around 6am (GMT -8:00) the server went offline for what was supposed to be a simple hard drive replacement due to a few SMART errors showing hard drive wear. Unfortunately due to a miscommunication between me and the upstream provider, the contents of the old drive were not transfered over to the new drive. The time between that and October 1st the downtime was due to waiting for responses from upstream and hiring a 3rd party to transfer all the data to the new hard drive. At 3pm (GMT -8:00) on October 1st all the data was transfered successfully to the new hardrive and all problems were successfully resolved.

There was no dataloss due to the drive transfer and in all, there was about 57 hours of downtime.

In regard to emails sent to your VlexoFree hosted email accounts; if you had emails sent to you during the downtime you will most likely start to receive them within the day as the sending host retries their mail queue.

Sorry for the unacceptably long downtime caused by this and the inconveniences it may have caused you. Hopefully this will not happen again.

Eli L.
VlexoFree Owner, System Administrator

Minor redesign of VlexoFree.com

Posted on by
Reply

If you haven’t seen the VlexoFree website lately you might want to take a quick look!

We have done away with the mainly unused “sidebar” that was used on some of the pages on the site and our home page is completely redesigned to have a better “flow” as well as have a better table of our plans for connivence for new visiters. Lastly, the VlexoFree blog has a new theme that makes it much easier to read!

Some smaller changes include a different and more readable font, an addition to the color scheme, and overall smaller page sizes for faster loading.

Reminder: Make backups!

Posted on by
Reply

This is just a friendly reminder to all VlexoFree members to make sure you’re making frequent backups of your website.

We do not keep backups of any members’ accounts off the server so, to minimize the chances of your website or files being lost, please remember to frequently generate a full backup of your account then download that backup and store it on your computer (or anywhere else you would like that is not on this server).

To do this just follow these steps:

  1. Login to cPanel and go to the “Files” Box
  2. Click on the “Backup Wizard” image then click on “Backup”
  3. Do a “Full Backup”.
  4. Wait for the backup to complete
  5. Once the backup is done, download the backup to your computer.
Once you have downloaded the backup to your computer I would recommend you delete the backup file on your VlexoFree account to free up space on your account so you dont go over your space quota.

Server issues – May 17th

Posted on by
Reply

For the first time in a while the server has had some major downtime.

Basically at 7:30am PST the server’s internet connection went offline and unfortunately I was asleep until about 10:30. So, when I woke up to see the server down I contacted upstream support and they replaced a faulty ethernet cable on the server.

About 3 hours downtime total; and I’m very sorry for any inconvenience.

-Eli L