Compromised Account At Gnax.net

Sep 17, 2007

Ok...posting this here to hopefully get someone's attention at gnax.net.

I've written their abuse@gnax.net and engineer@gnax.net multiple times and even called into their support line and spoke with Stephen (or Steven). No one there seems to care.

They have a group of Vietnamese hackers on their network that are launching attacks from several of their servers. They also have a google phising site on one of the servers.

Spoke with Stephen at Gnax support and his answer was that it wasn't his job and I needed to send a e-mail to abuse. After telling him that I'd done that multiple times he basically said oh well that he didn't know what to do.

Seems like the admins of gnax.net are either very irresponsible, stupid or just ignorant.

Here are the URL's.

[url]

[url]

Just replace the 1's with t's and you can see for yourself. The fwooshnet.com attempts to download a trojan to your system so if you don't know what your doing don't visit either URL.

Hopefully admins from Gnax watch this forum.

View 6 Replies


ADVERTISEMENT

Email Account Compromised: Tools For Analysing

May 27, 2008

whose has 5 email accounts and several computers Windows and Mac.

Some spam has been sent out to people in his address book. I received one and have the email headers.

What tools are there for identifying which account/machine has been compromised?

View 3 Replies View Related

GNAX/Netdepot

Oct 19, 2009

Last night, server went down. I noticed, opened a ticket, and within 15 minutes had a response. By 20 minutes after the initial ticket, the server was back with a new power supply. While I was creating the ticket, I noticed it had been exactly 7 months since I had to open the last ticket.

15/20 minute response - not bad for after 11 at night on a Sunday night. 7 months without needing to open a ticket isn't bad either.

View 11 Replies View Related

DedNow Or GNAX

Dec 3, 2008

Currently we host with SoftLayer but are looking for other reliable providers also.
Which of the following do you recommend:
GNAX or DedNow

View 12 Replies View Related

Possible Compromised Server

Mar 8, 2008

I can resolve this situation I have.

I sent a server I have with a provider to have a RAM upgrade yesterday at 15:33 UTC, and ever since then I have had no access to my server.

SSH has been changed back to port 22, from a random high port.
root password has changed
RSA key has changed too.

I can see 3 possable reasons for this:

1) It's a different server plugged into the rack/router or a stolen IP

2) My provider "kindly" formatted and reinstalled my OS.

3) I have a compromised server, I very much doubt this as the server was offline.

I informed my provider about 18 hours ago that I had a "possable compromised server" and since then I have been given the run around as to what is happening.

For the last couple hours or so I have been trying to get them on live chat, which shows as online, but no-one answers. Thats another pet hate of mine.

I also have a couple tickets open asking for an update as they are not answering my origional ticket with updates.

Am I just being impaitent wanting a resolution to this in less than 18 hours or am I correct to complain?

View 8 Replies View Related

Info On Gnax' VPS

Oct 31, 2008

The glorified NetDepot (Gnax) has finally launched it's VPS services with a cool promo: only one buck for the first two months!! cPanel & all IPs you want for low prices, LxAdmin portal (you can install and reinstall a lot of OSs). Does anyone there tried this product? I'm interested in a honest report...

View 5 Replies View Related

GNAX/Atlanta

Feb 7, 2007

GNAX themselves have been great and they are still working on this problem with us. We are having a problem getting passive ftp to work correctly on all of our servers at this location. We do not have this problem with any of our other data centers using the same server configurations/images/settings and have multiple servers at GNAX all sharing the same problem, which seems to reasonably say there's something at the datacenter itself that's causing this problem. Ftp connections fail when trying to login using the password or fail when trying to enter passive mode. If the connection does not use passive ftp, then it works fine. Passive ftp will work sometimes at this location, but it’s rare and it doesn’t work for long. Has anyone had any similar experience or may know what the problem might be?

View 8 Replies View Related

Is My Server Compromised

Oct 6, 2007

I am trying to determine if i am hacked, here is details:

I just got a message from softlayer support: ABUSE - 66.228.xxx,xxx - HACKING/MALICIOUS ACTIVITY - IMMEDIATE ACTION REQUIRED. with some log like this:
Quote:

Connection attempt to TCP IP.IP.IP.34:80
>from 66.228.xxx.xxx:41212 flags:0x02 Sep 28 14:05:55 PDT kernel:

Also, I did a rkhunter scan and found:

Quote:

cat /var/log/rkhunter.log | grep Warning
[18:26:29] /usr/bin/GET [ Warning ]
[18:26:29] Warning: The command '/usr/bin/GET' has been replaced by a script: /usr/bin/GET: perl script text executable
[18:26:29] /usr/bin/groups [ Warning ]
[18:26:29] Warning: The command '/usr/bin/groups' has been replaced by a script: /usr/bin/groups: Bourne shell script text executable
[18:26:30] /usr/bin/ldd [ Warning ]
[18:26:30] Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne shell script text executable
[18:26:35] /usr/bin/whatis [ Warning ]
[18:26:35] Warning: The command '/usr/bin/whatis' has been replaced by a script: /usr/bin/whatis: Bourne shell script text executable
[18:26:36] /sbin/ifdown [ Warning ]
[18:26:36] Warning: The command '/sbin/ifdown' has been replaced by a script: /sbin/ifdown: Bourne-Again shell script text executable
[18:26:36] /sbin/ifup [ Warning ]
[18:26:36] Warning: The command '/sbin/ifup' has been replaced by a script: /sbin/ifup: Bourne-Again shell script text executable

[18:27:43] Checking '/etc/xinetd.d/ftp_psa' for enabled services [ Warning ]
[18:27:44] Checking '/etc/xinetd.d/poppassd_psa' for enabled services [ Warning ]
[18:27:44] Checking '/etc/xinetd.d/smtp_psa' for enabled services [ Warning ]
[18:27:44] Checking '/etc/xinetd.d/smtps_psa' for enabled services [ Warning ]
[18:27:44] Checking for enabled xinetd services [ Warning ]
[18:27:44] Warning: Found enabled xinetd service: /etc/xinetd.d/ftp_psa
[18:27:44] Warning: Found enabled xinetd service: /etc/xinetd.d/poppassd_psa
[18:27:44] Warning: Found enabled xinetd service: /etc/xinetd.d/smtp_psa
[18:27:44] Warning: Found enabled xinetd service: /etc/xinetd.d/smtps_psa

[18:27:59] Checking for hidden files and directories [ Warning ]
[18:27:59] Warning: Hidden file found: /usr/share/man/man1/..1.gz: gzip compressed data, from Unix, max compression

[18:27:34] Checking running processes for deleted files [ Warning ]
[18:27:34] Warning: The following processes are using deleted files:
[18:27:34] Process: /usr/libexec/mysqld PID: 4773 File: /tmp/ib2RpbEj
[18:27:34] Process: /usr/sbin/httpd PID: 8449 File: /tmp/.apc.PGGxew
[18:27:34] Process: /usr/sbin/httpd PID: 8452 File: /tmp/.apc.PGGxew
[18:27:34] Process: /usr/sbin/httpd PID: 12102 File: /tmp/.apc.PGGxew
[18:27:34] Process: /usr/sbin/httpd PID: 12950 File: /tmp/.apc.PGGxew
[18:27:34] Process: /usr/sbin/httpd PID: 13044 File: /tmp/.apc.PGGxew
[18:27:34] Process: /usr/sbin/httpd PID: 13046 File: /tmp/.apc.PGGxew

So does that mean my server was compromised?

View 6 Replies View Related

How To Track Down A Compromised Php Script

Oct 29, 2009

I have a few shred hosting servers I run. One of them keeps getting listed on CBL. It is very frustrating. Does anyone have an tools, tips, or tricks on finding the compromised?

So far I have confirmed that a script is using PHP to send mail out bypassing the MTA. It is faking the HELO and impersonating a well known ISP.

I used a combination of tshark and netstat. tshark can show me the HELO and EHLO. When I see the wrong entry I cross check that with netstat to see what. So Netstat only shows that it was PHP not the script path.

Here are the commands I'm running:

Code:
nohup netstat -c -p -n -e | grep -i ":25" > /var/log/monitor/netstat-smtp.log &

nohup tshark -f "port 25 and src host XX.XX.XX.XX" > /var/log/monitor/tshark-smtp.log &
Then I grep for what I'm looking for:

grep -i "HELO" /var/log/monitor/tshark-smtp.log

Is there a way to get Netstat to show the script path or complete command that is establishing the connection? Currently these scripts are eating up memory to a point that other process or getting killed off.

I also tried to force all mail through the MTA, but When I enable SMTP_BLOCK in my firewall config I get and error:

*WARNING* Cannot use SMTP_BLOCK on this VPS as the Monolithic kernel does not support the iptables module ipt_owner - SMTP_BLOCK disabled.

If there is a better way I'm game. Maybe some IDS that can tell me more of what is going on with the server?

View 14 Replies View Related

Gnax/NetDepot Or Burst.net

Jan 12, 2009

what better DC Gnax/NetDepot or Burst.net ?

View 12 Replies View Related

Web Hosting Where Security Cannot Be Compromised

Dec 15, 2008

I have read many helpful feedbacks regarding choosing a reliable web host. Most of the concerns are centered around costs. However, I am more particular about the relative security of my website in addition to other perks such as space, speed and bandwidth. I rate my concerns on a 1-10 scale:

Security 9/10
Bandwidth 7.5/10
Disk space 6/10
E-mails, backups, etc: 8/10
Cost: 7/10

View 10 Replies View Related

Linux Server Compromised

Jun 6, 2007

Linux Fedora 5

I just got a letter from my dedicated host stating we had just been compromised. These servers just were set up last week! And there is nothing on them yet. The only thing I have done is modified the /etc/hosts file via SSH.

My servers are not even public yet. Can SSH'ing in from an unsecured wireless network make me vulnerable?

What do you guys think? Best way not to let this happen again?

Oh this is great :-| He's still logged in!

[root@server~]# who
root pts/0 2007-06-06 07:12 (xxx)
test pts/2 2007-06-06 03:08 (81.89.10.92)

View 14 Replies View Related

Starting With NetDepot/GNAX

Apr 23, 2007

I finally decided to go with NetDepot! I'd like to record here my experiences, in case anyone interested. I hope that after setup is complete, this thread will be no-news and boring.

So just for the record, I chose this config:
AMD Athlon 64 3800
RAM: 1GB
HDD: 250GB SATA II + 250GB SATA II (raid 1)
OS: Debian Stable (They don't offer it at the web site, but Jordan@gnax was kind to offer it to me --
Control Panel: none
Backup: none

I used "whtfreehd" coupon to get the second drive for free. Also, a good thing that actual prices are lower than advertised! (70/mo vs. 75/mo) -- I hope that's not an error.

So at bottom line it costs $266 setup + $70/mo. In a year, this will total to $1,106, which is well within $100/mo budget.

I've paid late on Sunday, and now I'm waiting for the server setup. Let's see how long it will take.

A note to non-U.S. citizens: they seem to have strict policy on which credit cards are accepted. I'm Russian, and my Visa Business was not accepted, so I had to use PayPal.

View 9 Replies View Related

Review Of AtlantaNAP/GNAX

Mar 8, 2007

I am a client of GNAX since 2003, in 2004 I began with colocation with them.

The service has always been good.

Connectivity: Now they utilize 4 suppliers (Telia, GlobalCrossing, Savvis and BTN) by BGP and RouteScience by Avaya, never I have had serious problems of the conectivity with them, the maintenances that have had have always been notified and resolved with the maximum brevity, I can assure that the network is excellent.

Facilities: Before they were found in 55 Marietta st. , I am not an expert in facilities, but I know that all was correct, never I have seen none objection neither nobody that had it. At present they have their own building, in White St. here the things are a lot more large and fresh

Security: Great control security by professional cameras, registration check-in / check-out of personnel, and security guard the 24 hours, access by cards to colo area / tech rooms etc

Support OnSite: Fast support, pleasant and very attentive techs, and above all, well and efficient support. You can obtain the support attention to the 4PM or to the 4AM, they are there to every hour.

I do not put a scoring in each section by if does not seem real, but my judgment would be 9/10 or 10/10 in all. My business there is Atlantanap being at more than 20.000km of our offices, some motive should have

choosing atlantanap and you will choose well, you can test them with part of your business and soon will think the same as I.

View 14 Replies View Related

Server Compromised (ensim_sshd), What To Do

Aug 22, 2007

I receive reports from my DC that my server is launching some hacking / malicious activity. This is the log that they provide:

Quote:

>
> Aug 20 12:34:35 ensim sshd[30628]: Did not receive identification
> string from MY.SERVER.IP
>
> Aug 20 12:44:23 ensim sshd[444]: Failed password for admin from
> MY.SERVER.IP port 57896 ssh2
>
> Aug 20 12:44:23 ensim sshd[444]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:26 ensim sshd[445]: Failed password for root from
> MY.SERVER.IP port 58029 ssh2
>
> Aug 20 12:44:26 ensim sshd[445]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:28 ensim sshd[446]: Failed password for root from
> MY.SERVER.IP port 58141 ssh2
>
> Aug 20 12:44:28 ensim sshd[446]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:31 ensim sshd[449]: Failed password for root from
> MY.SERVER.IP port 58276 ssh2
>
> Aug 20 12:44:31 ensim sshd[449]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:33 ensim sshd[450]: Failed password for root from
> MY.SERVER.IP port 58421 ssh2
>
> Aug 20 12:44:33 ensim sshd[450]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:36 ensim sshd[453]: Failed password for root from
> MY.SERVER.IP port 58565 ssh2
>
> Aug 20 12:44:36 ensim sshd[453]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:38 ensim sshd[455]: Failed password for root from
> MY.SERVER.IP port 58672 ssh2
>
> Aug 20 12:44:38 ensim sshd[455]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:41 ensim sshd[456]: Failed password for root from
> MY.SERVER.IP port 58787 ssh2
>
> Aug 20 12:44:41 ensim sshd[456]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:43 ensim sshd[457]: Failed password for root from
> MY.SERVER.IP port 58961 ssh2
>
> Aug 20 12:44:43 ensim sshd[457]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:46 ensim sshd[458]: Failed password for root from
> MY.SERVER.IP port 59132 ssh2
>
> Aug 20 12:44:46 ensim sshd[458]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:48 ensim sshd[459]: Failed password for root from
> MY.SERVER.IP port 59348 ssh2
>
> Aug 20 12:44:48 ensim sshd[459]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:51 ensim sshd[465]: Failed password for root from
> MY.SERVER.IP port 59495 ssh2
>
> Aug 20 12:44:51 ensim sshd[465]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:53 ensim sshd[466]: Failed password for admin from
> MY.SERVER.IP port 59622 ssh2
>
> Aug 20 12:44:53 ensim sshd[466]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:56 ensim sshd[467]: Failed password for admin from
> MY.SERVER.IP port 59803 ssh2
>
> Aug 20 12:44:56 ensim sshd[467]: Received disconnect from
> MY.SERVER.IP: 11:

View 2 Replies View Related

GORACK Or GNAX? Or Other Cheap Colo

Jul 10, 2009

We need colo in 2 or 3 different locations within the USA.. we're going to be growing to over 3-4 cabinets in each location within the next 18 months.

We're looking for rates (including power and everything) for less than $800/rack.

We're also looking for a semi-small company who is willing to be quite flexible with our service (as we are a service provider) and we will need remote hands etc..

First question:

What do you think of GORACK, I was unable to find any reviews on them, which could either be a real good thing, or a real bad thing.

Second question:

What do you think of GNAX Dallas?

Third question:

Is there any other companies you would recommend to me?

View 14 Replies View Related

Gnax IP Address Range On Dnsbl-3

Mar 30, 2009

Some of our client emails are being blocked and it appears that the whole GNAX range of more than 103680 IP addresses was blocked.

Quote:

As you should know now: It is not you, it is your complete provider which got UCEPROTECT-Level 3 listed.

Your IP xxx.xxx.xxx.xxx was NOT part of a spamrun, but you are the one that has freely chosen your provider.

By tolerating or ignoring that your provider doesn't care about spammers you are indirectly also supporting the global spam with your money.
Seen from this point of view, you really shouldn't wonder about the consequences.

What I want to know is how often do it happens that a datacenter have all it's IP addresses being blocked?

I contacted Gnax about this but their response was merely that they will take steps and the whole range will eventually be delisted. (Obviously the immediate removal fee of $200 something is too much for them)

Ironically merely a few hours AFTER I contacted them I got a "warning" about spam send from one of our clients.

The date of the email was a few weeks AGO and We already long ago warned our LEGIMATE client that such emails are not allowed and the account will be terminated if it happens again. (In other words WE immediately acted against potential spam while Gnax not and then have the nerve to warn US after WE informed them of the blacklisting)

On the one hand I understand that it can be difficult for a very large provider and uceprotect.net seems a bit harse to block ALL IP addresses due to 0.238 % spam ip addresses.

View 11 Replies View Related

Netdepot/GNAX 1 Year Review

Jun 9, 2009

GNAX/Netdepot 1 Year Review

I posted a review at six months and thought I'd update now that it's been a year. My dad ordered a server, which I run for him, after reading good reviews here at WHT. The site to verify that the server is at GNAX is [url]

My six month review can be found here:

[url]

That thread talks about the Pre-Sales and Upgrading process. Since I haven't had anymore Pre-Sales or Upgrading since then, there's nothing new to add.

Support: Their support has been excellent every time I've needed it. In that first six months I needed it quite a few times, and they were always quick to answer and professional. Since then, I haven't needed support as often. There haven't been any issues on their end at all, and I've learned a bit so I haven't messed up DNS, etc. as often, but when I have needed them, they've been quick to answer.

Uptime: As far as I can remember there haven't been any issues of downtime in the last six months. I could be wrong, or have missed something, but none that I've noticed.

Speed: Sites load quickly, uploading is fast.

Sometime in the next week or two, I plan to order a second server and definitely plan to order it from Netdepot.

View 6 Replies View Related

Imhosted Vs GNAX - Users Can't Get To Site

Apr 21, 2008

I have a site hosted with Imhosted.

6 days ago, three users, one from Denmark, one from the UK and one from California - all reported connectivity trouble. I asked for tracert's from all three.

Two of them fail at 209.51.131.250 ( the California and Denmark one ) and one fails at 209.51.131.234

Both are GNAX servers.

I contacted Imhosted - and for 6 days they have ducked, dived, denied, and given me totally inappropriate stock replies ( such as asking me to check my IP address - when the actual affected IP addresses have already been supplied numerous times). They tried to fob me off saying it was an ISP issue ( two continents, at exactly the same time - yeah, right )

Imhosted have SAID, on two occasions, that they've contacted GNAX to have them fix the issue. So far, the problem remains for all three users.

Fortunately, we have a dedicated server of our own already, and we will be moving to it in the next few weeks. But meanwhile - what the hell can I do to rattle some sense into Imhosted and/or GNAX to get these poor guys back onto the site?

I've had three years of hell with Imhosted. Useless support, dreadful performance, unusable email, PHP and SQL issues - all in all, a dreadful experience.

View 8 Replies View Related

Server Compromised – Steps For Recovery

Apr 12, 2008

one of the worst things (in hosting) has happened. I received a notice this morning from lfd (configserver) that someone had logged into my server as root and it wasn’t me.

Unfortunately I didn’t notice it until eight hours later so I have no idea (yet) what happened during that period. Thankfully I don’t have any really critical data on the system that could have been stolen.

I’m in the process of restoring from a full system backup right now. After that’s done I’m going to look to see what the differences are between the files from the backup and that on the comprised drive. I’m not sure if I’ll get anything useful from the diff but hopefully I’ll find a clue as to how they got root access.

Then of course I need to get my server back up. However, I don’t want to do this until I’ve taken some steps to identify how the individual got in and take some additional preventative steps.

Here’s what I am planning on doing:

1) Check to make sure all exposed services are patched and look at some security sites to see if there are any known vulnerabilities for these services. Anyone know which sites are good to look at?

2) Change firewall to only allow ssh access from a couple specific IP addresses.

3) Disable root ssh access so I have to login via a different account and perform sudos, etc.

4)?

I’ll also look for a good server-hardening guide to see if there are some obvious things I forgot to secure.

Do any of you find folks have any other suggestions or resources that I should check out?

View 11 Replies View Related

Colo Rate Increases, Gnax . Others

Jul 18, 2008

Thanks to rising costs of energy we have received notices from GNAX that they are raising costs of power and colo space. Has anyone else seen similar notices from other colo's already ?

I know we have seen power rates increase the last few months in our homes, we talked about that here in another thread. It was envitable that colo facilities followed suit. How does this affect the other colos and providers?

View 14 Replies View Related

WHMCS Breach - Some 3.5.1 Downloads Were Compromised

Jan 8, 2008

I just received a fairly scary WHMCS notice, you can view the details here:

<<please don't paste the file names, there are accounts that may have these on them>>

What are your thoughts on the entire situation? Personally, I'm a tad fearful (luckily, I hadn't upgraded to the next version yet as I was letting the other users play beta-testers) given the fact that there wasn't any versioning / modification 'notification' system in place on their end.

I'm fearing further updates. In essence, my concern is that the WHMCS development team isn't entirely certain how they were backdoored or to what scale they were backdoored.

Are their own billing systems & servers hosted in the same environment, were our billing details also released? etc. I want to know the scale of the attack.

View 14 Replies View Related

GNAX/Netdepot - 6 Month Review

Dec 26, 2008

It's been six months since signing up with Netdepot/GNAX, so I wanted to offer a review. I signed up with Netdepot after reading good reviews here. For the record, the server belongs to my dad, and I mostly run it. The site to verify that it's hosted with GNAX is [url]

Pre-Sales: My dad spoke with Jeff, who patiently walked through any questions he had about which server he would need, settling on the Q9300 with 2 gigs of ram.
Initial setup: The initial setup was completed in right around 24 hours. Everything was working well, and we had root.

Upgrading: We added a second hard drive, and two more gigs of ram. We requested a date for the upgrade to occur, and promptly at midnight on that date, they upgraded. Quick response to the request, quickly upgraded, no issues.

Support: GNAX/Netdepot support has been excellent, each time I've tested. Most of the time, there is a response within 15 minutes, and a solution soon after. In the first month, I messed up several times with the DNS, and had to open tickets to have someone fix the settings I messed up. There is a charge for Admin time, if it isn't an issue on their end, but I would expect that with an unmanaged server, and it was worth it since their techs were good about explaining what the issue was, so I learned a bit in that first month as well. I've been impressed and looking back through my tickets, I'm impressed all over again. It doesn't seem to matter if it's 3 in the morning, on the weekend, or during business hours, the response is quick, courteous and helpful.

Uptime: I think there were a couple of times that there were ddos attacks on one of their routers and so intermittent downtime, but for the most part, the server has been up and running well.

Speed: I'm editing to add this. I forgot to mention speed, because I take it for granted, but FTPing always seems to go quickly, the sites load quickly, and I have yet to notice any time of anything slowing down.

I'd like to thank the support at GNAX as well as Jeff, for six months of excellent service.

View 8 Replies View Related

Netdepot / Gnax 1 Month Review

Jul 3, 2008

Setup 8/10
I purchased 2 servers on the 30th of May 2008. I took advantage of their 99% off first month sale. I received login info 3 days later although I was told it would be setup within 24 hours, I can understand they were busy due to their sale, so I waited patiently.

Sales 6/10
I need a new harddrive added which is critical for my website. 24th of June I requested for a SCSI harddrive to be added. 2 days later I got a reply saying if a SAS disk is fine, to which I replied yes and asked for the size. Another 24 hours past and a reply stated it would be 36GB for $50 a month and $50 setup. After some more inquiring and paying the bill I have no harddrive, its been 8 days since I opened the ticket and 8 days of slowness for my websites users because of this. If this were Softlayer it would be done and dusted within 48 hours at the most.

Also, their live chat has not been active for weeks, or at least whenever I visit their website its always offline. I have also tried their phone number a couple of times with no luck.

Support 6/10
On the 25th of June I requested a reboot at 8:33AM and at 10:22 AM I got a reply and they rebooted. This is 2 hours of downtime. Only later did they tell me they can setup a remote reboot for free, so luckily I don't have to use their slow support for any reboots.

Network 6/10
I did a basic speed test (the server is on a 100mbit port) for various file locations around the world, here is an example:

Quote:

#[root@localhost ~]# wget http://www.hivelocity.net/10meg.file
--14:48:19-- http://www.hivelocity.net/10meg.file
Resolving www.hivelocity.net... 69.46.24.178
Connecting to www.hivelocity.net|69.46.24.178|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 10547200 (10M) [application/octet-stream]
Saving to: `10meg.file'

100%[=======================================>] 10,547,200 462K/s in 28s

14:48:47 (373 KB/s) - `10meg.file' saved [10547200/10547200]

Most results came back with around 500kbps in the USA, pretty poor but not complete crap. Certainly seen better networks.

Final comment - Nothing special
If they improved their support and sales response times, they would be a great company. I still await my harddrive upgrade after 8 days of waiting. I certainly won't be buying more servers with them.

View 14 Replies View Related

Windows Server Password Compromised

Jun 27, 2007

My windows server 2003 server password has been changed. My host tells me they must reload the entire OS in order to fix it..

Is there no way they can go in and rescue my server? Would save me alot of work.

View 6 Replies View Related

Server Compromised, Where To Get A Good Sysadmin

Jul 4, 2007

So one of the sites on our box was compromised earlier today.

We've shut it down for now and contacted our sysadmin to help research the problem. Not sure if he will be able to really help much as he's only done updates and such in the past.

Any idea of quality sysadmins who might be able to investigate the box and the site?

View 4 Replies View Related

Compromised Windows 2003 Server

Mar 19, 2007

I have been trying to troubleshoot our Windows 2003 server for weeks, but have made no lead way. The following are the steps they take to breach the server.

“They” are able to create an account. Some used usernames they have created are: sysadmin, adm, mssqladm.

It is very odd, looking in the event viewer, they just appear to create accounts out of the blue, they don’t even login or attempt to login or anything, all the sudden it says, New Account Created.

“They” then change the password of the account they just created.

Then “They” assign themselves the following group permissions, ‘Users’, and ‘Administrators’. ** SHAKING MY HEAD ** How the bloody hell do they assign themselves Administrator rights?

Then the do a few different actions depending, often times they disabled the windows firewall, and change open ports, other times they simply just logoff, other times, they have placed Trojans horses and other malware in their temporary internet folder under their use folderr.

This has been a cat and mouse game for weeks, I catch the new account, and immediately delete it, and check the firewall and enable if needed, then run a full system scan with AVG and Prevx. Sometmies AVG finds Trojans and malware, other times its clears.

I have racked my brain, checked all running processes with google, and they are seem legit. I have updated everything in windows via windows update, we are running windows 2003 server SP2. I have looked at the users and groups and everything seems secure.

Do you have guys have any idea what is going on? I have feeling something is running internally, which is allowing them to create the accounts.

Is there a tool that tracks all currently running processes, and allows you to go look at the logs to see what exactly was running at a certain time?

View 10 Replies View Related

Plesk IIS WP User & Compromised Server

Feb 24, 2007

My server (using plesk 8.1 on windows 2003 server) has been compromised with some sort of rootkit and I'm investigating vulnerabilities. This server hosts some of my asp.net applications and I have to grant Modify Permission to IIS WP (iwam_plesk) user on Some subfolders (under Httpdocs folder for each domain). Is it a security problem? if yes, how else can I allow asp.net applications to write to, say, an Access db?

View 2 Replies View Related

GNAX Colo: Gold Vs. Silver Networks

Jun 10, 2008

I want to get peoples opinions that HAVE USED or DO USE GNAX and their network.

What is the main difference between their networks, which one are you on, and have you tried the other, etc. I want to get some real feedback here. From what I can tell, the gold just appears to be bigger name connections that are charging alot more money for their backbone. The silver has nearly as many connections as the gold it appears.

View 14 Replies View Related

1and1.com User Database Compromised, Sites Hacked

Jun 19, 2008

Even worse, they didn't even notice until I called. If you're a 1and1.com customer I recommend you change your username and password now!

I included some log snippets to help you make sure your account hasn't been compromised.

1and1.com hacked

View 6 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved