Hijacked Server Traffic
Aug 10, 2007
Is it possible that someone on the same network as my server (shared hosted, freebds) could somehow cause my traffic to be diverted to a new url after visitors landed on my website?
I assume this person has access to my home PC also and is reading what I type here etc. Has the ability to allow domains and IP's and divert others on my server, IS in the position to know who to allow and deny (my affiliates, customers etc IP's are recorded etc)
IF this was possible, how would I be able to catch this person out?
Where would I look for evidence of this and what am I looking for?
I don't manage my DNS and asking my server host (my suspect hosts with them too) gets a reply like: I don't understand what your asking? Do you need webaliser stats?
How would someone be able to do what I'm guessing is happening: That people can land on my site.. however, this guy can than redirect them to his own paying page. If I set a link here to my site..he'd soon add its domain to "allowed" etc etc.
I'm thinking I need access to server access to my dns, login info and Last Modified details on those file. I don't have these. I don't know what I'd be looking at if I had them.. and my server tech hasn't offered to look at such things.
My interest is more than intellectual.
Until last weekend my 2 1/;2 year project that has grown in sales volume beyond my expectations. I had had no contact with this person for 8 months and in that time sales where consistent. I Had changed all accesses, IP etc etc. I used to host with him. Then moved hosts since I didn't trust him (same problem back then - sales fell to nothing but traffic grew) moved to my current host.. not long after find HE is now on that host too.. now after I have contact from him again, sales have gone flat without any explanation, even though traffic has increased! 1:300 has become 1:10000 and I have checked everything site side (I'm a webmaster for over 10 years)
I'll be ruined very shortly and I don't know what to do.
View 7 Replies
ADVERTISEMENT
Jun 12, 2008
My hosting provider has told me that my server has been "fully rooted" and the only way to fix it is a reinstallation from scratch. That is very frightening to me because it will take a lot of time to set-up again and this will cause major downtime.
Is there no other way to resolve the issue without reinstallation?
--------------- Quote from hosting provider ---------------
">> Does this mean that my passwords do not need to be changed?
Server is fully rooted, and will need to be reinstalled. Leaving the server online is a very, very serious risk for you. Let me show you some of the powers the hax0rs have at this time from their upload/hax0r script.
Php Safe-Mode Bypass (Read Files)
File:
eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):
Dir:
eg: /etc/
Search
- regexp
Upload
[ Read-Only ]
Make Dir
[ Read-Only ]
Make File
[ Read-Only ]
Go Dir
Go File
--[ x2300 Locus7Shell v. 1.0a beta Modded by #!physx^ | LOCUS7S | Generation time: 0.0396 ]-- "
View 14 Replies
View Related
Jul 31, 2009
I found out that there were some hidden iframe tags injected on my website. So I grepped and cleaned all html files. Am I supposed to change my ssh/sftp password as well? Is there anything else I'm supposed to do?
View 3 Replies
View Related
Aug 27, 2008
I've been handling the design and updates for a local private school for a few years now. They use HostOnce for hosting. Over 2 weeks ago I noticed that when I try to bring the site up in a browser I get a login prompt - [url]. I've submitted several help desk tickets to HostOnce with no response. Since school is starting, I recommended the school change hosting providers. So they bought hosting with GoDaddy who I also use. But now I need to transfer the domain name and I can't get a response from HostOnce. I send an email requesting that they initiate the domain transfer to GoDaddy every day with no response.
Besides a few email addresses and the help desk, there doesn't seem to be any way I can get in touch with anyone at HostOnce. What options do I have left? The school is currently stuck with a site that can't be accessed. The company seems to be in Australia but I've read the phone number listed for them does not work. I'm looking for a US phone number or something.
View 21 Replies
View Related
Apr 21, 2008
I have been with HostNine for almost a year now and have had reasonably decent service, until now.
They recently suspended one of my client's accounts. Understandable, the account had some very old PHP files on them. Let me preface this by stating that I am very sympathetic to hosts who have to deal with problem clients who have sites that slow down shared servers for everyone else on them.
I have tried my hardest to work with HostNine to get these files back and ensure that this account is not a problem on their server. I have never once asked for them to restore the account "as is", all have I have asked is that they backup the files and the database for me (I would do it myself, but they locked me out of the account), so that I can investigate the problem and do testing to ensure that it doesn't cause them problems again.
All in all, getting anyone to co-operate has been unsuccessful. Getting a hold of them has been a hassle (from the time I e-mailed them about the issue to the time I received my first response was a span of over 6 hours). Getting them to co-operate has been impossible. Their "Support Manager", Alex, in broken English has told me next to nothing, aside to accuse me of trying to "get around this" and that I would need to move the account to one of their dedicated plans. I have asked that the account simply be backed up, but have not received any response so far, as time ticks away and the client whose account this was becomes more and more frustrated as their files are effectively being "held hostage".
My last complaint is that they never notified myself, nor the client that they had suspended the account.
Has anyone else had problems with trying to get their files back after a host has locked you out of your account? What are my options? Does the hosting company technically "own" the files, simply because they are being hosted on their server?
View 14 Replies
View Related
May 4, 2015
I keep having certain domains being hijacked and mass emails being sent from them somehow. I've disabled mail within domain control panel for each domain and issue keeps occurring. I've limited # of emails as well to 2-5 per hour but now so many are trying to be sent from my server it is clogging up mail queue and I have to log into server via ssh and run postsuper -d ALL every day or two. It is very frustrating. The only way I can stop it is to disable domain in plesk panel but that is not an option.
What can I do to find the cause of this issue and stop it?
View 6 Replies
View Related
Nov 15, 2007
What traffic monitor would everyone recommend for sites that have as many as 5,000 to 10,000 hits an hour?
View 8 Replies
View Related
Aug 29, 2008
how many pageviews a server like this can handle a day?
Core 2 Duo 2.2 GHz
1024 MB RAM
160 GB 7200rpm SATA Hard Drive
Simple website with PHP and MySql, few graphics.
View 14 Replies
View Related
Jul 8, 2009
secure a windows server 2003 traffic.
I have one server with a small number of clients <10. The clients have dynamic IPs.
The server hosts a number of public facing websites, email, FTP and remote desktop.
What I want to do is make port 80 respond to all web requests but lock all other services down so that they only respond to my 10 clients. I was thinking some certificate or VPN solution but I've ruled VPN out as I don't have a firewall or VPN so would I be able to do this with IPSEC?
Is there quick utility that would do this or can you point me to a good example article?
View 10 Replies
View Related
May 9, 2008
We're expecting a large spike in traffic (40k visits in one day) soon. We’re running on a very powerful server with CentOS & cPanel.
Is there any specific configuration we can setup to prepare for the large visitor spike? The website is very database and PHP intensive. We want to avoid any downtime.
View 14 Replies
View Related
Sep 19, 2008
which processor for an high traffic server?
DELL Xeon 3065 or Intel Dual Core E 2140
View 6 Replies
View Related
Feb 26, 2007
I was wondering if it is possible to block traffic to and from a server with iptables.
Like for example a user transferring files with his ftp client to another server x.x.x.x (FXP)....
been trying with these rules here:
iptables -IINPUT -s x.x.x.x -j DROP
iptables -I OUTPUT -s x.x.x.x -j DROP
iptables -I FORWARD -s x.x.x.x -j DROP
But still the user can transfer to the server destination...
View 0 Replies
View Related
May 11, 2009
what the max number of hits is a quard core server with RAID disk system can handle, it is running on a Linux with separated MySQL server?
The host says there are no restrictions on the bandwith, but somehow it is strange we always only have MAX 300 users online (24/7/365) now I wonder if it just is that way or if some users might be denied access from time to time when they try to enter some of the websites hosted on the server ?
Maybe you know a monitoring service or something that can tell if this is an issue.
View 14 Replies
View Related
Jan 15, 2009
i have question which i'v serched for answer for it more than 3 days , may be more.. but i still can't catch it.
now if i have aWin EST server , and i have t remote desktop . i can creat accounts right?
well , if i need to manage the traffic for evry account, and give account whatever 500 GB trffic , another account with 500 GB , another with 300 GB , etc etc..
how can i know they have reched thier limite and they stop useig more from the server?
View 0 Replies
View Related
Apr 22, 2009
billing system to control the traffic between router and servers. I thing I need a billing system installed on server with webgui like those used by ISPs but I need it working with paypal and other payment gateways.
The other solution is to use radius server but I will need it working with payment gateways. Can you recommend me a good radiuns server with many options?
View 0 Replies
View Related
Aug 8, 2008
how you monitor the traffic of each individual VPS on your dedicated servers?
View 4 Replies
View Related
Apr 14, 2008
Is it actually possible to find Windows dedicated server with unlimited traffic (1Gb Pipe)and reliable 24/7 technical support? Cause I have searched and found out that if the traffic is unlimited the pipe is too small, and if the pipe is big enough traffic is limited and additional one costs a fortune.
View 7 Replies
View Related
Aug 24, 2008
I have a client with a site (wordpress blog) that gets 10,000 + hits a day. I need to find him a dedicated managed server so that his site runs smoothly and also has no outages. I just received a quote from another host for his Managed Dedicated Servers.
CPU1: Intel Xeon 5310 Clovertown (Quad Core)
CPU2: Intel Xeon 5310 Clovertown (Quad Core)
Total CPU Cores: Eight (8)
System RAM: 6144MB (6GB) DDR2 ECC Registered System RAM
Primary Hard Disk: 73GB Serial Attached SCSI (SAS) 15,000 RPM High-Performance Hard Disk
Second Hard Disk: 250GB SATA-II 7,200 RPM Hard Disk (nightly backup disk)
Data Transfer: 2000GB Premium Monthly Bandwidth (100Mbps uplinked port)
Operating System: CentOS Enterprise Linux 5 64-Bit (x86_64)
Control Panel License: cPanel / WHM + Fantastico Auto Installer$695 a month
He posts about 5-10 blogs a day too, so it's definitely a growing community website. He also has a forum with 6500 posts and 389 members.
Is this a reasonable price for a dedicated server? Would you recommend a different configuration of hardware that might make it cheaper? I would also like some examples of other sites on similar configurations if you have any, so that I can show my client what they use.
View 7 Replies
View Related
Mar 12, 2008
The server gets around 25k unique visitors per day, but one website in particular allows hotlinking and uses a lot of bandwidth. Last time I checked...according to whm apache status page, I was getting 180 requests per second. Not sure what time it was though. So it might be higher at a different time of the day.
Recently got mod_evasive installed, but I didn't want it to block out legitimate users. Currently it's set to this...
<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 5
DOSSiteCount 100
DOSPageInterval 2
DOSSiteInterval 2
DOSBlockingPeriod 10
DOSBlockingPeriod 600
</IfModule>
what a better configuration would be? When I run the log I already see it block out a bunch of IP's. I don't want to lose any visitors to this program, but I do get ddos a lot.
View 1 Replies
View Related
Aug 7, 2008
how to monitor the traffic usage of the VPS's on a dedicated server? We have OpenVZ & XEN VPS's
View 5 Replies
View Related
Sep 27, 2007
i have set email for some domain to catch all setting. After some time i have a lot of bounce, redirect and rected email to address. How come my email accounts are hijacked and what to do to prevent such things in case of catch all setting.
Here it is noteworthy catcth all used to attract a lot of spam.
View 3 Replies
View Related
Apr 8, 2009
How do i setup vpn server on windows 2003 so that client traffic go through the remote vpn server? Something like strongvpn.com service which change the client ip address.
I tried setting up, now client able to connect to the server using windows vpn. But once connected, internet cannot work. How to use the vpn server as gateway?
Server have only 1 network card.
Can windows xp act as vpn server for the same purpose?
View 1 Replies
View Related
Feb 28, 2008
My video sharing site has high traffic, alexa rate:3,000
My site has 2 servers to split the load. 2 servers share a mysql server. Using rrdns to load the balance.
Server A running mysql 5.0,lighttpd
Server B running lighttpd.
Server B connect to A's mysql database.
During peak time. B can not connect to A's mysql server. It says server not responding. But A still running fine.
When I check mysql log file.
/usr/libexec/mysqld: Forcing close of thread .....
And when run top, the load average is 20.
The spec of Server A
Intel(R) Xeon(TM) CPU 3.06GHz dual core.
2G Ram.
Here is the my.cnf
Quote:
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Default to using old password format for compatibility with mysql 3.x
# clients (those using the mysqlclient10 compatibility package).
old_passwords=1
max_connections = 1000
wait_timeout=60
connect_timeout=10
interactive_timeout=120
join_buffer_size=1M
query_cache_size=128M
query_cache_limit=2M
max_allowed_packet=16M
table_cache=1024
sort_buffer_size=2M
read_buffer_size=2M
My question, do I need another maching C to run lighttpd, and just keep mysql on A.
Or I can do some mysql optimization on A.
Also, if my site keeps going, can I have 1 mysql server and 5 http servers?
View 11 Replies
View Related
Jul 23, 2007
I'm working on launching this online store for a poster designer, and we're becoming more and more aware that we need a really robust and fast server. This site is looking at extremely high levels of activity whenever this designer posts a new poster. We're talking 1700 people surfing the store (downloading med-high resolution poster images) and 300 posters sold in 16 seconds kind of thing.
So, we need a really robust hosting, to work with PHP5 and MYSQL.
My previous go-to hosting provider was Lunarpages, but their customer service has gone down the crapper, and I've just about had it with them. My main questions are:
Should I be looking into getting a dedicated server, or are there hosting companies that can handle this kind of traffic on a shared server? I don't have experience administrating a server, so if we got a dedicated one we would have to pay the host to do at least some of the setup/administration, I would assume?
Dedicated server or not, what's a hosting company that has really good customer service, where we can be assured of getting somebody knowledgeable without having to wait on hold for 20 (or even 10) minutes?
View 10 Replies
View Related
Feb 23, 2007
how can I use to control or cap the traffic on a per server basis ? in other words, I have 15 servers in one cabinet, in this cabinet there is one switch to feed all 15 servers, the swith is a DELL 3448, one of the servers is eatingup almost all the traffic I have fro the cabinet itself, is there a way I can cap or limit traffic quota on a per port basis at the switch level? or what is the best way to manage this?
View 8 Replies
View Related
May 29, 2009
I'm up Games for Windows VPS servers with VMWare Server ESXi and wonders whether some option to control the traffic of each IP, I thought about using a "Cisco ASA 5500" but I do not know if it has this option:
Example:
IP 192.168.254.1 = 100GB monthly.
IP 192.168.254.2 = 50GB monthly.
Etc. ..
View 2 Replies
View Related
Mar 24, 2009
Imagine you want a set of servers (VPSs would be a cheaper choice, that is why I am posting here) that do not have much outbound traffic but download from other servers (more or less as spiders, but I am not trying to create a web index). Disk space or memory size are not important, but port speed and monthly transfer should be as high as possible. As inbound traffic is less frequently used, I wonder if any provider offer cheaper rates if traffic is like this.
I have been searching the forums and have not found too much about this topic (a quite related post named "I want to download the Internet" or something similar did not get a conclusion).
View 10 Replies
View Related
Jul 2, 2009
I am not sure if my dedicated server is being attacked or if it is legitimate traffic. I need help figuring out the difference and if it is an attack, how to prevent it, and if it is legitimate traffic, how to configure the server to handle the load.
My server information is below:
HardwareIntel Xeon 3220-Quad Core [2.4GHz
8GB DDR2
SATAII 500GB
SoftwareCentOS 5.3-32
Apache2
MySQL 5
PHP 5
When I do ps aux|grep httpd|wc -l I get the count of current connected clients of 259 which is always maxing out my MaxClients of 256. I had increased it to 512, and it maxed out, I had increased it to 1024 and it maxed out, and lastly I had setup to 2048 and it works, but slows the entire server down.
View 7 Replies
View Related
Jul 1, 2008
if anyone knew of anything that maybe could be done to limit this band-width stealing by AVG or are we just going to have to live with this?
[url]
View 4 Replies
View Related
Oct 28, 2008
Recently I noticed the load on one of my servers way beyound what I would expect it to be. I run multi processor servers and even during a backup the load is only around 1.5.
But lately I noticed peak loads that high under normal web traffic.
I know 1.5 is low on an multi processor server, but I am hoping to add much more to those machines and with sustained load that high it leaves no room for expansion. The servers are not cheap, so adding another server to the cluster can only be done if I make money from the last one I added.
I checked the traffic levels and they were very high. After further review I had some bots hitting sites at over 1200 pages a minute. Multiply that by a few hundred bots and clearly I could have a load issue. The potential is there to bring any server to its knees when delivering those volumes.
I created programing to watch connections and block the abusive bots. While logging I became aware of over 600 bots crawling my servers. Many bots from, Japan, China, Germany and so on and on, useless to my customers even if they are legit search indexes.
Another problem I see is that the bots are running from many ip addresses and hitting the same sites from multiple ips at the same time. Why would the need to do that?
Among other things I decided to validate googlebot, msn and yahoo with dns lookups so I could determine that they were actually their bots and not imposters. In 24 hours I found valid bots from the big three hitting one server from 1100 different ips.
Now we are looking at thousands of vaild bots and thousands more email harvesters and content theives.
As a host, the number of sites I can host on a server is greatly reduced by the bot traffic. My customers do not want to hear that their website was being crawled at 3,000 pages a minute and that is why they could not access it. Of course they will blame it on me.
I was able to filter the bots at a firewall level and drop connections based on reverse dns lookups and site crawl rates and my server sits around 0.05 most of the time even with hundreds of pages a minute being accessed.
I am wondering how the rest of you hosts deal with this problem. Do you leave it up to your hosting customers? Or do you have some type of filter to get rid of the bots.
When you have a few sites it is not really a problem, but as you grow it grows exponetially out of control.
View 14 Replies
View Related
Apr 8, 2008
i need co-location to 5 servers 5U 5 ip adresses 4 TB traffic month i can share the cage with others Price ? my budget is around
Its going to be used to an internet radio
400 700 euro month
View 8 Replies
View Related