Hello everybody, it looks like several people have reported having their web page replaced or code injected from somebody claiming to be NobodyCoder.  Doing my research, it looks like this person did this to a lot of web sites back in June - including the Oregon University web site - and looks to be back at it.

What Does it Look Like?

Here is an example of what you might see:


Is This a Lunarpages Only Problem?

No, it would appear this person, NobodyCoder, is attacking a great number of web hosts and web sites from all around the Web.  I just want to make sure we stay pro-active with anybody who might have gotten this hack here so we can get them back on the right track faster.

What do You Recommend?

Run a combination of an installed anti-virus program, an anti-spyware or anti-malware program and an online anti-virus program on your PC.  We have several free suggestions for these listed here:

• Free Anti-Virus and Anti-Malware Programs

Change your password, change your password, change your password!  Next, change your hosting account password, and the passwords for any scripts you have installed (such as WordPress or Joomla) for any account that has "admin" access.  You should avoid using dictionary words, don't use personal information, and avoid common sequences.

Make sure your scripts you have installed are up to date!  Make sure every script you have installed on your hosting account is up to date.  Also, never leave an un-used script laying around on your hosting plan.  If you are no longer using a script, it should be removed.  Not doing so can leave you open to attack.

Solutions and Fixes?

So far, a lot of these have been taken care of by deleting/looking for the file(s) he has inserted into the public_html folder in your hosting account.  Check out default.*, home.*, index.*, main.*  (with the * representing various file extensions, such as .htm, .html, .php, .asp, etc).

As I get more information, or find it online I'll be sure to update this post here...