HostGator Being Targeted By Australian Phishing Scam
Jun 2, 2009
I know Brent from HostGator reads here so thought I share this, If you are an Australian you are more than likely getting phishing emails supposedly from Commonwealth Bank (Australia's largest bank). I get about 20 a day to all my email addresses, here's one I got today:
We recorded a payment request from "HostGator -www.hostgator.com- Reseller Web Hosting"
to enable the charge of $74.95 on your account.
Because the order was made from an African internet address, we put an Exception Payment on
transaction id #POS PAYM7284 motivated by our Geographical Tracking System.
THE PAYMENT IS PENDING FOR THE MOMENT.
If you made this transaction or if you just authorize this payment, please ignore or remove this email
message. The transaction will be shown on your monthly statement as "HostGator - Reseller Web Hosting".
If you didn't make this payment and would like to decline the $74.95 billing to your card, please follow
the link below to cancel the payment :
Cancel this payment (transaction id #POS PAYM7284)
NOTE: Because email is not a secure form of communication, please do not reply to this email.
I want post here about RapidVPS hosting, they host all scam and phishy sites like Hyip. What is Hyip? Here-> [url]
My proof:
ablehyip. com/hyip/ (IP:208.84.144.131) globalmarketsol. org (IP:66.35.79.68) forexco. us/index.php?a=home (IP:66.35.79.37) xlinvestment. us (IP:66.35.79.29) topprofitworld. net (IP:66.35.79.94) real-onlineforex. com (IP:66.35.79.118) fx-88. com (IP:208.84.150.149) marvelpartners. us (IP:66.35.79.68) and so on too many hyip scams, very big list.
All provided IP addresses are rigistered with OrgName: Infinitum Technologies Inc. (RapidVPS) OrgID: INFIN-27 Address: 873 Grand Regency Pte. Address: Suite 201 City: Altamonte Springs StateProv: FL PostalCode: 32714 Country: US
All IP addresses are provided for network: Organization-Org-Name:NVHSERVER Inc network: Organization-Name:Ha Nguyen network: Description-Usage:Internet Service Provider
I have contacted with RapidVPS admin and this guy (name is Rick) never answer my reports, just ignore me, ban me, I'm sure he is owner of all this scam.
I have created account on the RapidVPS forum, and Rick ban me for my first post about hyip scam on their servers, here is proof: [url]
If you wanna ask about this issue, contact Rick directly: rickb@rapidvps.c0m
Guys what you think about this issue or maybe it's normal for all US hosters?
Please your comments.
Thanks for this post reading and your time.
Here is more info about hyip scam: fbi.gov/majcases/fraud/fraudschemes.htm#ponzi sec.gov/answers/ponzi.htm
One of my clients believes someone is trying to get revenge on him. His email box is being filled with bounced messages (around 6-8 per minute) primarily from one location.
Looking at the headers it's difficult to tell whether there is a script on his site that is being used for mass emailing but it doesn't seem like it since a good deal of WHM doesn't show it and many of the return messages are lucy1@domain.com, lucy2@domain.com, etc. so they are autogenerated.
What do you guys do to check which shared account is doing mass sends? This guy insists that no scripts on his domain are doing the sending and that it's routed to his email address, e.g. revenge. WHM doesn't always specify (it seems) which account is actually doing the sending (mailnull). Any way to separate this better? Also, if he's right, what do you do about it? Right now he's got all the bounces going to his junk mail.
I have servers located in the U.S that we manage for all our customers, i am able to send over some hard drives for my servers that i have pre-purchased over here in Australia how ever i dont want to send the hard drives over there unless they will work in my servers.
What i am wanting to find out is there a difference between Hard drives that are bought in Australia and hard drives that are purchased in the U.S? due to the power differences? if i send these HDD's over will they work in my servers?
Also what about servers, if i send over some built servers from Australia to be placed in my racks, will these work? or not possible because of the power differences?
if anyone could give me a heads up on this one i will be so pleased and will offer a months free shared hosting account.
Updating: selinux-policy-targeted-3.7.19-260.el6.noarch 128/373 libsemanage.semanage_direct_commit: WARNING: genhomedircon is disabled. See /etc/selinux/semanage.conf if you need to enable it. /etc/selinux/targeted/contexts/files/file_contexts: Invalid argument libsemanage.semanage_install_active: setfiles returned error code 1. semodule: Failed!Click to expand...
Been through the forums here trying to find some recommendations for a good Dedicated Host based in Australia (preferably around Brisbane).
My search hasn't been too fruitful. I hear great things about Segpub but while they're an Australian company there servers are actually located in the US. Still I suppose their support would be on Australian time and from what I understand they host via Rackspace.
So basically, I'm looking for recommendations from people who have actually been with the hosts they're recommending for some time.
We are a UK based company but run several sites (currently 5) in Australia with a hosting reseller. We have a 5 host package and are looking to expand as we need to add new sites.
The current hosting seems to be a bit clunky and we have experienced a bit of down time now and again. One of the main issues is that we currently register au domains with a different company who only let you manage one domain at a time rather than having an account with all your domains in there like the UK.
Can anyone recommend a high quality Australian web host that allows you to purchase / manage domains as well?
if any of you know any reputable data centers located in Australia. It does not matter what part of Australia, just that its located in that country. I'd appreciate your feedback or links.
I wanted to know who has the best service and location for Australian customers. I currently have a Cali server but require something a little cheaper.
Most of our customers are in Australia and so a top end reseller plan with fast server to Australia would be wonderful.
I was wondering what people in Australia use with regards to data centers. Do you go local in Australia or are overseas data centers just as good, with regards to speed?
If local what do you guys use?
If overseas, where do you get the fastest bandwidth to Australia, etc.
with my server i ran in to big issue with phishing sites. i have secured my server with firewall, and many other security things. but still i can see some times some one place phishing site. serverbeach suspend my server few times. i know this is not doing by users by there selfs. but however its coming in to the server. in secure side now i have to only go thorugh sites and check all writable directories.
is there any way to monitor the phishing activities? may be its some kind of scripts some one running inside the server?
I currently run a dedicated server and for the past 2 month or so have been attacked by some hackers or so. Meaning that on my sites every other day there is a folder of a phishing site. It is either paypal, ebay, exc phishing site and I know that I did not upload it there. I have tried almost anything to stop that, but it just keeps happening, my server company suggested to do os reload, but I am not sure as that will cost me $100. Was anyone faced with a problem like this that can give few suggestions? I use cpanel server.
have a number of vps servers with USA based VPS hosts, very happy with these companies but as they are USA based load time could be improved with AU based server. Also search engine considerations as well fictate we need to offer AU based hsoting. So now looking to setup future accounts a little closer to home with australian based vps hosting
Does anyone know of a really good, fast, reliable affordable vps host offering cpanel/whm vps hosting in a top notch australian data centre.
hoping to pay arounf $100 per month, with room to grow when we have more clients on the server...
This is the average package we are on with us based hosts so looking for something as close as possible to this...
$89 Monthly $0 Setup 2 GB Burst RAM 512 MB Guaranteed RAM 20 GB Storage 500 GB Monthly Transfer 4 IP Addresses Unlimited Domains Unlimited User Accounts Cpanel/WHM
Minimum Server Specs Dual Xeon 3 GHz or Better 8 GB Registered ECC RAM U320 SCSI HD in Hardware RAID 10 Zero Downtime During Drive Failure Hot-Swap Drives and Fans Replaceable on the Fly Dual Gigabit Network Interfaces
If anyone can point me in the direction of some reputable companies id be very happy!
Yes i have searched the forum but cant really find mention of good australian based vps hosts.
I'm not that techy I'd like to ask why this person downloaded the file below before uploading some phishing webpages on my account ? I've changed my password numerious times from different computers and even from mobile phone just to check if the person can still get in. But again it is no use the person were able to upload phishing pages.
Right now I deleted all other scripts on the account and remain some htmls. Folder were also set to 644 no 777, while waiting if the person can still upload his phishing pages please help me why he downloaded the file above. I've check the file on my account and I cannot see Login.php. By the way I have a root login and only two accounts were a constant phishing victims.
I spotted a user on my site with the hostname: gator832.hostgator.com This particular visitor identified themselves as a "visitor", with the user agent: Mozilla/4.8 [en] (Windows NT 6.0; U)
Upon typing the user's IP into google, a boatload of "phishing" / "bad bots" logs come up.
My question: Can I identify visitors like this via automation? i.e.: fake users. People who masquerade themselves as a human, while they're really a bot. (I only noticed this potentially 'bad' user because I was viewing my visitor log in real-time. -I was on at the very moment they were-)
In previous experience, not every user with the "host" phrase in their hostname are bad users, so sniffing those bits wouldn't do anything useful.
Gmail has a feature to detect email phishing and it marks them with a red header alert saying "Warning" This message may not be from whom......", I believe this red alert has nothing to do with spf record of that email, so how does it detect it as phishing email?
We have spf record and I sent an email from another server, when I received that emai the spf record was "softfail" but it does not have that red alert.
We have received the complain from paypal that one of the domains were phishing. How to track it down? How to find out the method that how they uploaded? I checked /tmp file and couldn't find anything. I check access_log file for wget and couldnt find anyting.
I am running a hosting service. Recently a user put a phishing site on the server, pretending to be an eBay signup page and soliciting passwords. I had all kind of truble with this, because eBay complained to my server company.
I would like to ask if you know any solution what would block such sites automatically?
It could search for some predefined texts on the page (such as "sign in to eBay") and block the page if they are found. I wasn't able to find anything in Apache documentation.
I don't know about security on servers much, and we're setting up our new server. I have the techs doing the install stuff, but I would love to know what to install security wise. My current list:
Firewall - good free one? Antivirus - good free one?
rootkit, some way of stopping it (anti-rootkit?)
Also, is there some sort of script which searches all cPanel accounts/files for phishing sites or spam sites etc? I swear I've seen one before, in firewall form?
Oh the server setup is going to be:
php5-CGI, fCGI, mySQL 5, apache 2.2.x, centOS, ruby on rails, django, ioncube, other php libraries, mod_rewrite, I think thats everything. (cPanel).
One day, you noticed that someone remotely connectted your computer and an application sends spam/phishing emails bu using your IP. What do you do?
Of course, I stopped the program and blocked remote connection for a while and changed my password... I any way, i have to connect my computer remotely... What do you advice?
By the way, i have more than 1000 email accounts on my computer. Hacker left me a gift, but I don't need them))
I run a Free web hosting service on my server with XPanel script installed. It has around 47K accounts in all. Recently i started getting mails from e-bay, banks and many other institutions regarding the Phishing sites operating from my server for cheating their customers / members. Though i removed them but i have to do it manually and after getting mails from them.
Now that i dont want any more such site to run from my hosting site, What are the options available for me in order to check all accounts automatically and remove any such site on its own? As there are 47K accounts and 100+ new signups each day, it is not possible to check all accounts manually.
I want any script / addon which can check all possible Phishing / Spamming / Spurious / Fraud sites and intimate me/ delete them upon request. Any person using such services? I need your guidance + support.
Looking for some fast and effective answers from experts here.
I are running an Plesk 11.5 on a Ubuntu 12.04 machine. Since days i have problems where i see scripts of phishing sites and mailer scripts installed in the httpdocs directory of various domain.
How I can prevent that people outsiders install this scripts on the server? Where is the bug that allows this?
Just a question about hosting your site in the same country where your main targeted visitors is located. It is my belief that I should host my sites in the same country where I the targeted visitors are. Am I correct in saying this??
So.. US Focus Site should be hosted in the US Canadian Focus Site should be hosted in Canada And UK Focus Site would be hosted in the UK??????
From Me to Support I noticed that my inodes are set abnormally low to 200,000 we just upgraded to VPS plan per lunars request at we are at 160,000 on second day of operation on new vps server. From Sarwan singh Jassi to siteadmin(ME) When you reach 200,000 inodes you will need to upgrade to dedicated plan However and Email from the sales guy states the following. We do not force upgrades do to inodes, we just increase your inodes as you need them. Server crashes occur all the time about 1-3 times a month. Do not use lunar
They also run the old 90's upgrade scam, they claim your script utilize high resources for php, mysql.
Their claim
CPU%: 3.15 MEM%: 1.70 MySQL: 0.9 Top Process %CPU 50.0 /usr/bin/php Top Process %CPU 48.0 /usr/bin/php Top Process %CPU 44.0 /usr/bin/php
After fighting with these people telling them that their server is configured incorrectly because we have load tested each and every script and that these scripts are used on 1000's of sites and the traffic we have does NOT warrent the useage they claim we went a head and upgraded per their recommendation.
So we get a brand new vps plan(see complaint above) and on the VPS server our usages look totally normal with proves they don't know what they are doing.
Directly from Pesky Plesk on the second day of getting our upgrade
CPU%: 0.15 MEM%: 0.19 MySQL: 0.2 Top Process %CPU 17.0 /usr/bin/php Top Process %CPU 19.0 /usr/bin/php Top Process %CPU 15.0 /usr/bin/php
They are scammer, we sign up with them and they ask us to submit credit card detail which we do.
Guess what , they use our credit card to purchase server for their own use, we contact them and they ask us to charge back if we wish, I think as they are now no longer need for the server
They are a scammer Scammer and poor DC will suffer a lost becasue I will chargeback all the charges for the server
May I Know is there any way to report this company (I am not in US) cause they must be punish for this issue
I'll tell you my story right now. I got the VPS and they charged me $60. The page didn't even look like a paypal page and I didn't know when I went through the order process that I have been charged. They accepted my payment even though they had the radio button that said first month a dollar. They even didn't have cpanel installed at first! They gave me the email and I had to contact them to install cpanel! They have this stupid contrat thing and they will take you to a collection agency for failure of the billing system that they have. It says DO NOT MAKE PAYMENT! but how can you tell? They are a complete total scam! The vps firewall was dropped for no reason during the morning. I asked why and they left the chat. They have good VPS if you got the extra $59 to cover the beginning.
EuroVPS company received the payment for VPS server and does not give me the settings finding different reasons for that and does not want to refund my money. ORDER #EV20380S Date 28-Mar-2009
That was 11 April when I last received e-mail from them saying that Accounts department would consider possibility of refunding the money to my paypal account.
