Sorry for the long post, but I need some feedback.
One of the main reasons that I went from a windows dedicated server to a VPS was because I had several attacks on my server that cost lots of time and money. The only reason to these attacks was that it has to be a root kit in one of the programs I used on my server.
I have used SolarVPS for over 6 months now, and have used most of the same software I used on my dedicated server. I have not had any attacks or somebody gaining access to my VPS.
Last week I got a new Windows VPS from JaguarPC. I installed the same software as always (I will list the software later) and day two of my new VPS somebody had full access, had created a new admin user, installed Utorrent, downloaded and uploaded over 10 GB of movies and music before I discovered the security issue.
Beside my normal software I had downloaded a free downloadmanager, so I could download my plesk backup files faster than on a single download connection. That was the only other software beside my normal software.
But I never used that download manager on my dedicated server, but the same thing happened there also. A user got full access, created a new admin user for remote desktop, etc. I also use different password for the different VPS/DS/hosting plans, but some parts of the main level password is the same. Last time the user was names support, this time the user was named Dave
I change password often, this year I have changed my password 4-5 times. I have different password for different levels on my VPS/servers. On password for Admin, one for Plesk, one for FTP access to my sites, one for e-mail, one for MySQL etc etc.
I have changed OS at home from XP to Vista, and have only installed 100% secure programs at my home computer. I have not installed one free program or any cracks, warez etc. I also use different antivirus and anti spyware software at home. So the problem can most likely not be at my home computers.
My current software I use on my VPSís are: (I have some more, but that was the software I used on new VPS)
WinRar 3.61 from [url] Bandwidth monitor Pro from [url] Weblog Expert 4.1 from [url] And the only software I donít use on my VPS at SolarVPS: Free Download Manager from [url]
The strange thing is that last time, over 6-7 months ago when I had all the problems with my dedicated server, I traced the IP the hackers had used to login to my DS to Germany.
This time on my new VPS the person has to be from Germany or on country they speak German. The mp3s and the movies where almost all in German.
My plan for the future:
I think I will buy a new VPS plan to test my software. Install one and one software, and see when somebody get access to my VPS. I have to use a provider that offer free OS reloads, so I can reload the OS after I have tested one and one of my programs. Do anybody know about any companies that allow me to get free OS reloads and provide a Windows 2003 server?
Or will the backup function in VZPP work as OS reload if I take a backup of my new clean VPS and then install software. If it is a rootkit, and I restore, will the rootkit go away? If yes, I can use all providers with VZPP.
And do I have to tell the company what I have planned to do? A rootkit on my VPS will not affect other VPS, so they can get the same rootkit, or the main server?
how can i do a search for all files (probs using regex) of files consisting purely of numbers?
for e.g. find:
53243.php 24353.php 24098.php
(always have 5 numbers).
seems one of my accounts has had some script run which generated a bunch of these in various subfolders, and the php file basically does a callback to www3.rssnews.ws and www3.xmldata.info, which seem to be some sort of spyware servers.
Code: root@host [/tmp]# df Filesystem 1K-blocks Used Available Use% Mounted on /dev/sda5 10153988 406444 9223428 5% / /dev/sda8 1019208 900620 65980 94% /tmp how is that possible ls -hl shows thats the space used is 92kb while df shows 65980 94% for /tmp
/var seems to be almost full but the server has only been up a couple of days. Note that the only file that seems large is /named/chroot/proc/kcore but that is not really supposed to take any disk space ... it obviously is. Does anybody know what I should do to free up space here?
Once ago you people solved my problem, now once again i am here to get some suggestion from you since i could not find anyone else for help.
I have another server (Which is not under Your Management subscription), its /tmp DRIVE is 100% full.
I have 2 scripts which are same as "RapidShare.de or megaupload" FREE FILE HoSTING scripts... they use space in /tmp my /tmp is 496 Mb.
Because its full 100% so files are no more uploadable via scripts. So my scripts are not funsctioning at the moment.
So i thought to get a suggestion from you people
is that possible to increase the size of /tmp ? like to 20 GB etc or if NOT than could you please tell how to empty /tmp folder (coz i think all files in /tmp used by SCRIPTS are USELESS after the USER uploads or downloads the data.) so could you please suggest..
my /var is full any idea what to delete root@host [/var]# du -sh * 12K account 16K aquota.user 13M cache 188M cpanel 28K db 32K empty 8.0K games 73M lib 8.0K local 32K lock 35M log 16K lost+found 4.0K mail 7.5G named 8.0K nis 8.0K opt 4.0K portsentry 8.0K preserve 92K profiles 12K quota.user 8.0K racoon 900K run 6.5M spool 8.7M tmp 24K yp root@host [/var]# --- even i can move named folder if some one guide how to move and change the path in conf because i dont no the location of conf files etc
I have 10 GB partition and we have mount /var direcotry and now it has been full 97% what can i do and how to manage it and i have no other option because no other space is available to create new partition and mount there.
We have 2X 250 GB HDD on server home is on HDD 1 and usage is 73G now in backup process we receive message from server that backup ( hdd 2 )is %100 full! while total home usage is 73 G and below is PART of ls -l report in ssh, report show incorrect 4046 usage for all! drwxr-x--- 26 root wwwbzzz 4096 Oct 26 06:46 wwwbzzz/ drwxr-x--- 26 root xmg86hin 4096 Oct 26 06:34 xmg86hin/ drwxr-x--- 26 root yil67ymi 4096 Oct 26 08:13 yil67ymi/ drwxr-x--- 26 root yrcsama 4096 Oct 26 04:43 yrcsama/ drwxr-x--- 26 root zaytginpar 4096 Oct 26 06:34 zaytginpar/ drwxr-x--- 26 root zyhgo 4096 Oct 26 06:34 zyhgo/ drwxr-x--- 26 root z878erc 4096 Oct 26 08:13 z878erc/ drwxr-x--- 26 root zihgfratn 4096 Oct 26 06:34 zihgfratn/
to start putting some more machines into Chicago. Currently we are only using leased machines there, so I haven't had to deal with any Chicago based colo yet.
The scenario that I'm faced with is that SteadFast only has room for current customers, and unfortunately we aren't one yet.
I have the opportunity to put my machines into the Looking Glass/Layer3 DC, at what I believe to be a fairly reasonable price ($110 / 3Mbps per 1u) with a company who I've been doing business with now for a while. Does anyone have experience in working with that center?
For those of you deal with with DC's in Chicago, who would you recommend I look at as an alternative? I have come up with names like: FDCServers; Server Central; CHI Networks; Fast Servers; GigeEnet. But based on what I'm reading, I don't really come away with a good indication of who is second in the pecking order with SteadFast.
how do i get all the current dns values for a domain name? i have tried using 'dig domain any' and get varied results. the first time it is as if i ran 'dig domain a' I then run 'dig domain mx' and see the mx records. an issue of 'any' then shows the mx records so far i have to run dig with every record type. what is another way to get all the dns values for a domain name?
when i check apache status, i see one domain send many request to server, for example: domain.com 10.20.30.40 domain.com 10.20.30.40 domain.com 10.20.30.40 domain.com 10.20.30.40 domain.com 10.20.30.40 - - - how can i prevent this problem? this problem tease me and my server, because induce apache to work unremitting. Ram Usage is: 65%!