Sorry for the long post, but I need some feedback.
One of the main reasons that I went from a windows dedicated server to a VPS was because I had several attacks on my server that cost lots of time and money. The only reason to these attacks was that it has to be a root kit in one of the programs I used on my server.
I have used SolarVPS for over 6 months now, and have used most of the same software I used on my dedicated server. I have not had any attacks or somebody gaining access to my VPS.
Last week I got a new Windows VPS from JaguarPC. I installed the same software as always (I will list the software later) and day two of my new VPS somebody had full access, had created a new admin user, installed Utorrent, downloaded and uploaded over 10 GB of movies and music before I discovered the security issue.
Beside my normal software I had downloaded a free downloadmanager, so I could download my plesk backup files faster than on a single download connection. That was the only other software beside my normal software.
But I never used that download manager on my dedicated server, but the same thing happened there also. A user got full access, created a new admin user for remote desktop, etc. I also use different password for the different VPS/DS/hosting plans, but some parts of the main level password is the same. Last time the user was names support, this time the user was named Dave
I change password often, this year I have changed my password 4-5 times. I have different password for different levels on my VPS/servers. On password for Admin, one for Plesk, one for FTP access to my sites, one for e-mail, one for MySQL etc etc.
I have changed OS at home from XP to Vista, and have only installed 100% secure programs at my home computer. I have not installed one free program or any cracks, warez etc. I also use different antivirus and anti spyware software at home. So the problem can most likely not be at my home computers.
My current software I use on my VPSís are: (I have some more, but that was the software I used on new VPS)
WinRar 3.61 from [url] Bandwidth monitor Pro from [url] Weblog Expert 4.1 from [url] And the only software I donít use on my VPS at SolarVPS: Free Download Manager from [url]
The strange thing is that last time, over 6-7 months ago when I had all the problems with my dedicated server, I traced the IP the hackers had used to login to my DS to Germany.
This time on my new VPS the person has to be from Germany or on country they speak German. The mp3s and the movies where almost all in German.
My plan for the future:
I think I will buy a new VPS plan to test my software. Install one and one software, and see when somebody get access to my VPS. I have to use a provider that offer free OS reloads, so I can reload the OS after I have tested one and one of my programs. Do anybody know about any companies that allow me to get free OS reloads and provide a Windows 2003 server?
Or will the backup function in VZPP work as OS reload if I take a backup of my new clean VPS and then install software. If it is a rootkit, and I restore, will the rootkit go away? If yes, I can use all providers with VZPP.
And do I have to tell the company what I have planned to do? A rootkit on my VPS will not affect other VPS, so they can get the same rootkit, or the main server?
how can i do a search for all files (probs using regex) of files consisting purely of numbers?
for e.g. find:
53243.php 24353.php 24098.php
(always have 5 numbers).
seems one of my accounts has had some script run which generated a bunch of these in various subfolders, and the php file basically does a callback to www3.rssnews.ws and www3.xmldata.info, which seem to be some sort of spyware servers.
SSH language, just know the commands that i use often.
my hoster, as he said did upgrade 2 days ago, [had an upgrade to apache 2], and some SSH command that i use before this, now don't work
for example, i had php script, which i run from ssh
which don't work now ... got an error:
Code: -bash: php: command not found so my question is how to find php right path ?
Code: $ whereis php output:
Code: php: /usr/src/php-5.2.0/php5.spec /usr/src/php-5.2.0/php.ini-dist /usr/src/php-5.2.0/php.ini-recommended /usr/src/php-5.2.0/php.gif /usr/local/bin/php /usr/local/lib/php.ini /usr/local/lib/php as i understand, path is /usr/local/lib/php
I'm trying to transfer a cms from 1 site to another and I don't know the full ftp path.. I'm looking for the "/public_html/username/blank/blank/sitefolder" or something similar.. How do I figure this out?
I'm installing a script that's suppose to act as a payment gateway/store. The script requires the virtual path to the secured directory holding the products and everything I've tried doesn't work! It should be something like /home/username/public_html/secured where username is replaced with my username. I'm hosting with godaddy and have tried just about everything on this page: help.godaddyDOTCOM/article.php?article_id=1360 without any luck. Any ideas or experience with this? I'm on the economy plan with godaddy.
I had a program (APF, actually) install its executable file in /usr/local/sbin/, so I went to add that directory to my PATH variable in .bashrc. I'm able to type commands to executables just fine in other directories, but for some reason I keep getting "command not found errors" from bash when I type in the name of the executable (apf), even when starting/restarting new instances of the shell. Here's my current PATH variable in .bashrc - have I overlooked something? # Customize the path directory PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/sbin:~/bin: