i do. i'ts seem it's no more popup, just direct link.

i used this password this week, and it doesn't stopped them from hacking my site:

1359AabC04FgHH34
now i changed it again, but i put something simpler, since it doesn't make any difference.

and what's with keeping low profile, it's useless, they already found my url! and i have no spyware or spybot on my machine, i'm 100 % clean. in fact i never caught anything since i installed microsoft anti-spyware about 3 months ago. it does a freakin good job and i recommend it to everyone.

so finally it seem i was right, and the problem are not the password. but the problem is still there, and it's very annoying.

i was wondering; amelen, you said that paid accounts had securiy features that free accounts did not have because of the amount of free account, but couldn't you just give this kind of security to "infected" accounts for a while, so that the hacker give up, and then  withdraw it?

As we said before, this is limited to a few specific sites that are being specifically targeted with scripts that pretty much guess the password until they get it. Being a free hosting service, there is not a lot we can do (ie: can't limit each login to a certain ip, or offer any security features because they don't work in such a wide/open user environment). I don't know a good way to explain it, but in paid hosting, each member has allocated resources and has their own user and group created on a server. This works fine in an enivronment with 300-500 users on a server, but not a lot more. With free hosting, with over 100,000 members, we would need hundreads of servers just to maintain the free service (from which we are even now not making any money). The initial cost alone associated with getting that many servers would be in the millions --- so if anyone wants to donate a few million dollars, i will personally spend the several months of switching everyone to a more secure platform. Until that happens, the only way to offer free hosting on such a massive scale is the way it is being done now, and if sites are targeted for brute force password access attacks, there is really nothing that we can do.

As before, this seems to be limited to under half of a percent of the accounts and at this time there is absoltly nothing that can be done in the free hosting environment. If your account needs more security, you will have to upgrade to paid hosting or try to find another service.

Also as before, there is absolutly nothing that we can do.. I have personally spent over 200 hours trying to figure this out and make it better... I have even spent $2,000 on a consulting company to come in and look at the machines.... but unfortunatly we just have to wait for the hackers to give up.. if you fix your sites quickly enough, they will waste time and get nothing and give up.

I don't think it helps anything, but php is being upgraded to latest version: 4.4.0.

i chmoded my index.html, main.html and mainENG.html. let's see what it give...

index.html, main.html and mainENG.html have been spared, but all my other page have benn hacked....look like you were right, so everyone have to chmod their html pages to read-only. i hope this measure will keep the hacker away for good. thanks a lot amelen

Make files readable but not writable.. this further confirms my theory that this is being done with an exploit of php scripts in user accounts..

My account also was hacked on September 19.  This hadn't been the first time either.  After re-uploading all of my PHP files (the only files that were affected), I changed my account password and ensured that no writable access was set other than the owner.  Mind you also that my new password is not easily guessable, nor was it shared to anyone.  I also use Spybot S&D, Spysweeper and Norton Internet Security and Anti-Virus, frequently updated and running.  To my disappointment, minutes after attempting to access my Web site and the main site with no success, my account was hacked for the second time with pornographic links.  Amelen, please explain if you can any further.