On 4/11 at 5:30pm, my server's root was compromised and someone had a field day on my server. Surprisingly with the level of access they had, the person very quietly ran a script (I've yet to find the file, but saw reference to it in another forum about this) that updated every single .html, .htm, and *index.php file in the homes directory. I can't even count how many files were edited -- atleast 100-200 files I've had to manually change thus far.
That said, I wanted to warn everyone about this. My google results were slim on this subject. What I find really surprising is that Avast! is the only anti-virus software to warn me of the possible malware being opened. I use either at home or at my office Avast!, BitDefender 2008, Symantec Corporate Antivirus, and McAfee corporate Antivirus. I just installed Avast! yesterday just for "peace of mind" and I'm damned glad that I did because it immediately popped up about HTML:iframe-gen malware on my websites.
I have enabled e-mail sending whenever someone logs into the root account on my server -- which I believe I received the tutorial from here in the How-To section -- and I did receive an e-mail for the person logging into the root account via SSH, but the IP address and hostname was left blank. Does anyone know why the IP and hostname would be blank? That doesn't mean they were console, does it?
Here is the HTML code that was inserted into all of my .htm, .html, and *index.php files:
For some reason one of my customers email accounts seems to have been hacked. My admin account continues to say that the customer has reach over the 30 emails per hour limit. This is the email error:
following customers' domains, mailboxes and subscriptions are reached their limits for outgoing emails for the period:>From Dec/13/2014 05:47. To Dec/ 13/ 2014 06:47
Subscriptions customerdomain.com, the limit is 100 messages per hour 336 attempt(s) to exceed limits from Dec/13/2014 04:31 to Dec/13/2014 05:47
So far it has sent over 5,000 attempted in the past few hours. The customer used gmail to send from domain before, so I've changed their gmail email password. I've also changed the main email password, and the plesk username and password login for the customer. It still continues
I have question about the bandwidth. I have a VPS with 1000gb of bandwidth. How does it count actually. 500gb up & 500gb down or 1000gb up & 1000gb down or what? Is it the same with the shared hosting? I think I don't really need that much of bandwidth.
I got an alert from cpanel that a user had sent out 100s of emails and they were NOT being blocked, ofcourse to discover it was spam...without question, i deleted the account, thankfully i know who the site belongs too, and ofcourse im sure they didnot send spam,:..
1) Is it within common practice to delete someones account once such is noticed occuring on their account?..with or without notice
2) How can the server block such mass emails from being sent out? ( I have recently advised some of our clients to use newsletter services to send out mass mails if they have to send to 100+ plus people)
3) I found the script that sent out the spam emails..it was a file called sky.php i deleted but i never got a warning that such a file had been uploaded to that account...
I've recently taken over the hosting of a large site and forum, and I want to use some for of statistics software of service so that I can determine how many unique visitors and pageviews the site and forum get (which can then be used when dealing with advertisers).
I've been using Webalizer for years, but it's not been updated in over 5 years, so it's out. I then stumbled on Awstats, which works great, but... it doesn't calculate the pageviews correctly.
At the present moment Awstats claims to have tracked approx. 2 million pageviews for the (vBulletin) forum. However, when I scroll down I notice that on number #1 in the "Pages URL Top 10" is image.php, which is used for avatars and is not a page!
Now it appears Awstats has two ways of dealing with this: the "SkipFiles" option and the "NotPageList" option. The first (SkipFiles) drops whole URLs from the stats, which isn't what I want: I just don't want them to be counted as pages.
The second (NotPageList) only accepts file extentions, not script names. This again isn't what I want: hits on showthread.php should still be counted as pages, only hits on image.php shouldn't be.
The site has a similar problem where I don't want scripts like stylesheet.php, rss.php and xml.php from being counted as pages.
My question: does anyone know a solution for this problem? Maybe a hack to allow "NotPageList" to accept script names and/or ULRs?
Alternatively: does anyone know another statistics package that's about on par or better than Awstats that can do this (and that works on Linux/Unix with logs generated by lighttpd+php-fastcgi) and that is not too expensive (max $200)?
Google Analytics isn't suitable for me (even though it would probably work well) because the site goes over 5 million pageviews/month and I don't have a Adwords account.
I've asked sales a few times but they don't seem to know...what counts as a "website?" In PPA as a test we set up two subscriptions and one mail-only secondary domain on one of them. The Services/Websites tab lists all three, but only two are marked as Website under Hosting Type while the third is marked No Hosting. Does that count as two websites for license purposes, or three?
I'm trying to plan for multiple domains, subdomains, etc.
I have serious problems with ".cgi" with malicious code, with that the person who has these files to send spam through my server without any kind of block, could block this type of send SPAM with files ".cgi"?
CentOS 5.2 - 64bits
Exemplo of file executed: /usr/bin/perl /home/username/public_html/cgi-bin/erri/coms.cgi
We are testing a module that we think may improve stability on our webservers. The module limits the number of concurrent connections allowed from any particular ip address.
What I need an opinion on is what error message the server should return when it is refusing because of the limit.
The module currently returns a 503 error, that's what the module's author set it to do. 503 is a temporary error, which is good, but it implies that the problem is with the server, which seems somewhat inaccurate to me.
I was thinking a 409 would be good, with text saying that the request conflicts with the per visitor connection limit for the requested resource. Ideally the browser would display the message and people would know to reconfigure software or wait for existing connections to complete before resubmitting the request.
One of my co-workers here says that at least people understand the "server busy" error and they won't understand the "conflict" message.
Someone else says most of these errors will come from folks using http 1.0 and the 409 doesn't exist at that level of the protocol, so they won't get anything more than a generic "error!" type of message.
I have a customer who is hosting a website on a dedicated server. The server is a high spec server with Intel Core 2 DUO E8400 processor, 4 GB DDR2 ECC RAM and a SATA Hard Drive. He is running only a single website which has a data entry section. The problem is that a few scripts when run consume 99% of the CPU. In fact, there is a particular script which even if run alone consumes 99% CPU. The code retrieves some records from the database by running an SQL query. The code is never executed. I have checked the sql query in the code and it runs fine if executed in SQL Query Analyzer. I know the problem is somewhere in the code, but cannot find the exact cause. Is there a tool to debug the asp code and find out may be the issue with the code? I have tried the Debug Diagnostics utility,
I am currently developing a web application on a WAMP server. Once complete my client will have some in-house "programmers" make changes to the code as they are needed.
My client wants to track all changes made to the source files (ie- who made the change, when it was made, what files were modified, and what specific lines were added/removed/modified). Also, the program must run on the server and not the programmers computers.
I've searched high and low and only found a couple programs that scratch the surface of what they want.
I have just moved to a VPS server from my shared hosting server and I am suddenly finding it tough to code equally well by just using the vim command. I have become more used to the CPanel code editor probably.
Can anyone suggest a nice tool for the same. I have installed webmin, but its code editor just sucks.
i have a vps account and am trying to setup my website i installed php 4 from a control panel where it auto installed php and there is mysql and i installed all of them but when i upload my script and go to install or go to the index of my site it shows the php code and does not execute.
my permissions are right on i also made a testphp file and used this code <?php phpinfo(); ?> and still nothing just shows the php code when you browse to the file i even went further i installed from the control panel another program called phpmyadmin and when i log in it does the same thing just shows php code so what the hell is going on you think i need to contact my host provider for this issue i sent an email out but waiting for a responce
My server was just upgraded to FC6 and now I do not have pico for a editor. I found nano but there is problems. Screen does not refresh correctly and when I type in charaters sometimes extra charaters show up.
Are there any other screen editors built in to FC6 (not vi)
A friend of mine that has a proxy site on my server just realized that his site is giving some very weird error and he said he has not made any changes to the site in a while as he's been pre-occupied with other things...
--removed--.com has sent an incorrect or unexpected message. Error Code: -12263