I have some websites with different support, contact, ... forms. I have set the forms to record the subscriber IP, need to know when the IP begins with 10, it means a person submitted the form from inside the server? If so, what is the appropriate defense? If no, what it means? I know many experts are present here, please in addition to selling and introducing your service,
Does, by chance, a SteadCom representative visit this forum?
The problem: I can't receive a new password to the client area (no email is sent from SteadCom after I use 'forgot password' feature), the VDS I had is I suppose suspended and I have no means neither to access the user cpanel to pay/renew, nor to use live talk with support - the link on the site does nothing.
just wonder if anyone ran into this problem. We were collocating our server with a "certain" provider and decided to move it elsewhere due to their lack of service. Everything was going OK even the outrageous termination fee and the shipping fee that we had to pay. However, after the host received the payment they went completely silent on us ignoring all of our emails and phone calls. I've spoken with our lawyer who estimated the legal actions against them could cost us thousands of dollars. The physical cost of the server was about $2,000 so I'm not sure if legal action would be worth it. Anyone has any suggestions on what else we can try to get our server back.
I cant seem to get in touch with either support/sales on Myriad. Anyone have an alternative email/IM contact for them? Anyone else having trouble contacting them?
i did all of that , and when i restarted http it said : [root@host www]# service httpd restart Syntax error on line 51 of /usr/local/apache/conf/httpd.conf: Invalid command 'Options=IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch', perhaps misspelled or defined by a module not included in the server configuration
so you all know my problem now ! and i think alot of you have the same problem , so i wish we all try to find any solution for this and knows the best way to protect pel on the server .
a site i manage for a client is being hacked every couple of days, its not the actual site but the hosts server thats getting attacked, all sites on that server, well actually all thier servers.
They have made no attempt to sort this problem, i report it they look at the site and say "site loads fine for us" which it does.
All index files are having a base64 encode line written after the <body> tag, this adds hundreds of spam links which are hidden with display:none; they also add .html to application types in htaccess for php to run in these files too.
Problem is, i am moving the site to another host but cannot change the nameservers to the new host's untill the client returns from a holiday, so i must keep the site up on the insecure host for now.
I am removing the spam code almost daily, is there anyway i can stop this attack happening for the time being, the host does nothing.
As well all know there has been a hypervm exploit which may have taken down fsckvps and other hosts have been having attacks. If possible install any program that will warn you of a connection to your server and or provide input on what it may or may not be.
I myself Just had a blank php format file uploaded to a clients vps and It tried accessing other vps servers. As far as I know the ip was rapidly changing and untraceable (this may or may not be from the exploit), If anyone else is having hypervm attacks or server attacks please post here so instead of working within our own company's we are working as a group of over 10 thousand+ wht members to solve this issue ourselves.
i have a server and these days my server is hacking by the hacker the problem is, chmod 777, there are many dir's with the chmod 777 and hacker is uploading files and creating folders under the folder which is created with chmod 777, now i just want to know how i can block the hacker, and is there any way to allow the scripts which in my server and not allow any other scripts to upload files in my server
my referals logs that I keep on a website, I have come accross the following this morning, Is this some one who is trying to gain access to the server etc.
[url] [url] [url] [url] [url]
I have the Ip addresses that they have come from and it resolves to a Russian (I Think) website.
Im just looking through all the folders on the server now and no data has been comprimised as far as I can see and im going to use the query strings in order to block access and also deny access via ip address.
Alot of VB forums have hacking every day In fact All hackers couldn't hack databases or files
They only edit one template in style like header or forumhome So Uploading style again resolve the problem But How can I disallow them to to edit templates
I keep reading all these devastating posts about people's machines being compromised. Are most of these hacks due to weak passwords of administrators or clients which end up getting bruted, or are there known exploits for cpanel/plesk/apache etc? I am setting up an apache-only server with a really secure password, but I am wondering if it could still be breached using an exploit.
I had done a program in early 2006 for a site in php-mysql. At the time of doing the code, The code written was not so standard and it contained uninitialized variables used for include file paths (eventhough values are assigned to it before using) and the "sess" folder was created within the website folder. Also the parameters for the SQL query were not escaped, but everything was working fine.
And now i was informed that the insecure code in my program caused the server crash and i have to pay the penalty for the same. Can anyone let me know whether the below code / keeping the session variables within a folder inside the /www/ will make the sites hosted on the server where this program runs to stop/crash for ever ?
------------------------------------------------------------------ function update_region($id,$regname,$regcom) { $query = "UPDATE taxregion_mast SET taxregion_name = '". $regname."', region_comments = '". $regcom."' WHERE region_id =" .$id; mysql_query($query);
Is security really that critical? If so, why are some of the largest software companies providing such a bad example for the rest of the industry? Why would someone want to target my website? Why is security often overlooked?
These are all common questions that arise on a daily basis within the online industry.
The rest of this article will provide some detailed answers, along with practical examples and true scenarios.
I've spoken with numerous hackers over the past short while. I can't count the number of times I've heard the line "Ignorant site owners deserve to be hacked". In my opinion, that's like claiming that cars without alarms deserve to be stolen, or homes without alarm systems deserve to be burglarized. It's not just wrong - it's illegal.
Security risks and vulnerabilities affect the entire online industry. When a single website is hacked, there are usually multiple other victims. This is most commonly seen with widely distributed software. A potential attacker has the ability to install the software on a test environment, locate the vulnerabilities, then attack random victims even before anyone else is aware of the potential exploits. Once a vulnerability is located, the attacker simply needs to search for other environments using the same software, and within minutes there are hundreds, often thousands of potential victims.
Typically, in the race to market, software providers are encouraged to release their products as soon as the applications are usable. Critical development procedures are often overlooked or intentionally bypassed. One such miss is an application vulnerability assessment. Although the product may be usable, the effects of a vulnerable application could be severe.
Sadly, nobody is "off limits" when it comes to hacking. Most hackers feel safe committing online crime, since the online industry has evolved much faster than the security industry. Many applications are not created with the intent to recognize hacking attempts. Some hackers view their actions as a competition - Who can attack the most valuable website? Who can exploit the most user databases? In many cases, these attacks are bragged about within the hacker's immediate network. The competitive nature of these hacking groups has become so severe, there have been reports of attacks between competing organizations.
You might ask, "If I use industry standards, won't my environment be secure?". The short answer: no, but it helps. Hackers are not restricted by industry standards. Most security companies only implement new standards once at least one victim is reported. This often gives hackers plenty of time to locate other vulnerable environments, and before long, the number of victims can increase rapidly. Hackers are some of the most innovative individuals within the online industry. The most logical way to combat them is to use similar methodology for security purposes.
Our VPS is being hit several times a day with hacking attempts. We have been actively monitoring error logs and can see the failed attempts. I was just wondering if there is a better way to track such attempts or another system log that wold provide additional info on these attacks? or maybe some 3rd party logging scripts?
apparently a mod_deflate patch has been available for apache 1.3.37 for some time but since I rely on cpanel as a huge time/knowledge saver, I'd like to hack it into buildapache/easyapache so it's an option just as easy as mod_gzip is (with a simple checkbox)
after poking around I learned that all the magic happens in /home/cpapachebuild/buildapache I've studied how mod_gzip is activated/installed but some steps are beyond me
mod_deflate for 1.3.37 is here [url]the critical files inside are of course mod_deflate.patch and mod_deflate.c
so I assume stick those files into a directory under buildapache, but where do I hack in the patch and build steps?
One of my customer's domain name's index page is hacked with the pharmacy kind of URLs all over on the homepage. Anyone has idea about this? You can see the URL at [url]
one of my client account has just been hacked with c.100 exploit. This method injects 1 php file that acts like fully featured file manager. This hacker use my client account to place multiple scam & phissing sites
now i'm wondering if this kind of exploit hacking have a way to counter them as my friend that there aren't any proved method untill now :-/
This is the php file i've recovered: <<url removed>>
I have been getting a lot of hacking attempts from this server:
server.softjin.com
They have offices in the U.S. as well as India, Japan, Singapore. I have reported them to [url] and if you are in the U.S. and have proof of hacking attempts from this company, please post them here -
I am currently looking to compile a list of complaints so I can send another complaint report to ic3.gov
I have FreeBsd with Cpanel.someone is running attacking perl script from my server.Below is information about that script but it shows / path in command lsof -p 30251 | grep cwd.
PID USERNAME PRI NICE SIZE RES STATE TIME WCPU CPU COMMAND 29018 root 96 0 35968K 30528K select 0:03 2.71% 2.69% perl
newinst# lsof -p 30251 | grep cwd lsof: WARNING: compiled for FreeBSD release 5.5-STABLE; this is 5.3-RELEASE. perl 29018 root cwd VDIR 4,12 1024 2 /
I have a problem with a hacker from China. He keeps uploading 4 files to my server:
mail.php mysql.info.php footer.txt header.txt
He did this with 4 different accounts so far.
I have mod security installed with the ruleset from gotroot.com but it doesn't help. Now my questions:
1. Where can I download the mod security core ruleset (is it helpful anyway ?) I already found this page [url] but I do not see a "download here" link anywhere... I found the link that points to [url] but then I do not see the mod sec ruleset anywhere...
2. The rules on gotroot.com have not been updated for a long time. Are they still useful ? What do you think ?
3. Any other sources for good mod sec rules that may resolve my issues with PHP exploits.
I'm using a brand new Virtuozzo VPS, with (512mb) SLM memory managment, that standing to some "experts" would be a great way to manage memory, a great virtualization solution, and such.
This VE, supposedly, is hosted on excellent hardware (sas-scsi raid i/o, etc), so should have great performances, especially considering i don't run any control panel, i just run apache2+mysql5 (no email system or else), and i manage everything by myself (and i'm really experienced).
I'm experiencing on the contrary much worse performances than my previous 256mb XEN vps.
Sometimes you hear (virtuozzo fanboys i guess) about XEN slowness problems instead, because xen - supposedly - hasn't got a proper disk/io scheduler BUT provides individual custom swap space, so a customer could create a 5GB swap space and disrupt host machine performances by clogging the VPS, swapping a lot, causing insane i/o wait, etc... I've read a lot of topics about this "debate" in the past.
So you would expekt Virtuozzo having a wonderful cpu and disk i/o scheduler, instead.
You can read on Virtuozzo Website the following Claim : "Complete Isolation - VEs are secure and have full functional, fault and performance isolation."
On the contrary i'm having a lot of issues, supposedly coming from "bad neighbours", like idiots not being able to handle security of their vps, spammers, and so on, on my new virtuozzo VE ...
Everytime someone crashes his own VE on the same host machine, like causing a 100.0 load, even my VE goes offline with 400% i/o wait ...
My hosting provider (which i won't name at all, anyway) is doing an excellent job trying to minimize my inconveniences, really: but - in general - i'm beginning to wonder wheter this insane behaviour is "common" for a virtuozzo solution.
In short, I'm wondering - and i'd like an expert opinion on this - HOW THE HECK could this be possible ??
Isn't Virtuozzo supposed to have a I/O and CPU scheduler ? How in the earth can a single abuser loading insanely his VE affect all the other customers VEs ?
Can a host-server running Virtuozzo, be monopolized (100%cpu and insane i/o wait) by a single abusing VE ?
If this is true, i really don't understand where Virtuozzo advantage would be. Neither i understand the "complete performance isolation" claim by SwSoft.