JustgotVPS Hacked Or Shutdown

Aug 21, 2008

So justgotvps.com gives me a pageload error, and now when I go to any of my (many) domains that are hosted on JustGotVPS I get some "Close my sale for me" BS site?

I can't SSH/Telnet into my VPS anymore (connection refused). Did I just get scammed for 6 months worth of fees? Time to reverse the charges; I'm more pissed because I just got set up there and I don't have a recent backup with the new configuration...

View 14 Replies


ADVERTISEMENT

My Review About Justgotvps.com

Apr 15, 2008

I purchased the vps from justgotvps.com on first week of april. Initially it works well. support is good.

After a week time, frequent downtime and out of resource.
I enquired and found they are overselling the space and 120 vps in a server. oh my god.

It's not fair, they are limited the CPU, ram, email server and web server usage, with this config, we can't do anything, just a dust bin server.

I enquired about the company background and found.

justgotvps.com is registered on 2008-02-24 and will be expire in 2009-02-24. they are planning to run away with our money like buyavps.com. justgotvps and Zanadoo Hosting going to announce bankrupt.

John Rodriguez is basically a real estate agaent (Starlite Real Estate) and he don't know server management. They are running the server in the garage.

One man show and poor support. Disappointed by your service.

Justgotvps becomes Justdownvps. Frustrated and waste of time. refund my money immediately

Beware of justgotvps.com.

View 14 Replies View Related

Computer Shutdown Unexpected

May 1, 2009

I recently logged into my Windows Server 2003 OS Server via Remote Desktop and was met with a message/box saying Why did this computer shutdown. It had a dropdown field for a reason and then empty text fields for Problem ID and Comment.

What steps can I take to figure out what happened?

Server is a fresh install of Win Server 2003

View 1 Replies View Related

Server 2k3 Unexpected Shutdown

Jul 26, 2008

I have a very perplexing problem. Like clockwork, every 7 days I find my Windows 2003 server to be unresponsive. I use remote desktop to login to find that it has unexpectedly shutdown. The even code is 6008 and I researched it through the MS link and it says it can be cause by unplugging the power cord or manually rebooting the server through a switch. Is it possible the UPS at my host has my server on some sort of timer that automatically kills the power once a week? There aren't any scheduled tasks to reboot it, and this is a fresh install as far as I know.

View 3 Replies View Related

Hostmonster - Site Shutdown Because Its Busy

Jun 3, 2009

Wanted to share a bit (read vent a bit if you're cynical ).

Just got the following e-mail from hostmonster.

-----------
Dear Dale:

Your web hosting account for ibycus.com has been deactivated (reason: site causing performance problems).

Although your web site has been disabled, your data may still be available for up to 15 days, after which it will be deleted.

If you feel this deactivation is in error, please contact customer support as soon as possible.

Thank you,
Support

For support go to
Toll-Free: (866) 573-4678
-------------

Apparently, there are two files on my website that are being hit quite a bit, and causing the server to slow down. (I admit, its a busy site, and the files are very big).

The files aren't new there, and neither is the traffic, but the plug was pulled with no warning what so ever, and no offer of remediation on their part beyond refunding the remaining portion of my contract (I would hope so too!).

I can understand that they may not be able to continue to host my site due to the volume of traffic it generates, but they really could have handled this much better.

View 14 Replies View Related

Auto Shutdown When Load Is Too High? (SolarVPS)

Sep 5, 2008

I am a SolarVPS customer. So far, I have been really happy with their service - setup was very smooth, I had to contact support a couple of times at the start and they were really quick, and otherwise I've had simply no problems.

I was alerted yesterday to the fact that my site was down. I immediately logged into the box, and found that Apache and MySQL had stalled. I restarted them, and everything was ok. So then I started to look into the problem.

Then I noticed this in my logs:

Sep 3 23:07:26 myvps shutdown[26281]: shutting down for system halt
Sep 3 23:08:41 myvps exiting on signal 15
Sep 4 03:14:22 myvps syslogd 1.4.1#18: restart.

It seems that my VPS was shut down for 4 hours and then brought back up. My Apache and MySQL didn't come back up properly after the restart (ok, my fault here, a configuration issue), so I was down for about 17 hours.

Anyway, I didn't do this shutdown, and I don't think my box was hacked and someone else did it, because even if they did, by my reasoning, it wouldn't have been down for 4 hours.

So I wrote an email to SolarVPS. They got back to me really quickly, asking me to send my server ip's and my root password (I had initially only sent my customer number). I was not really happy sending my root password over email to them, so I just sent them the server IP's.

I then got an email back saying that it was standard procedure to send my root password to the over email, and that it was secure because their helpdesk is secure. I don't know how they are securing the email connection from me to their helpdesk though (of course, it isn't secure, because email is sent in plain text), so I still haven't sent them this. I don't need them to log into my server anyway, I can see that it went down, I just wanted to know if they had brought the machine down for a reason. The whole root password over email thing is not the problem anyway.

What concerned me is the rest of their response.

They told me that they had not brought the machine down on purpose. I sent them the log lines I pasted above, and their response was:

- shows that your VPS has been shut down, just like the owner of the VPS would have shut it down using "halt" command. This issue appears when the VPS is overloaded (RAM is almost 100% used, and CPU is upto 90-100%), and in this case Virtouzzo shuts the VPS down in order to avoid resources abuse on the entire node and not to affect the other VPS's.

This is the part that concerns me. As I understood it, the Virtualization software is there to keep you in a box, and restrict the amount of resources that a person can take up so it doesn't affect others. If my server is under heavy load, I can understand if it becomes slow, but I don't find it acceptable for it to be shut down for 4 hours!

Is this usual policy for VPS's? If this is the case, I guess I'm going to have to look for dedicated, because this is not acceptable to me. Although my server is rarely under high load, I don't want to have to worry that it might disappear for hours if it is.

It would be great to hear some opinions from people with more experience in this area than me. If true, this is definitely something people should mention as a disadvantage to VPS's.

View 7 Replies View Related

Soft Lockup - CPU Stuck For 10s [shutdown:10888]

Jun 5, 2009

My server just hang and whole hard drive was turn to read-only mode.

My KVM shows this
Soft Lockup - CPU#1 stuck for 10s [shutdown:10888]

I can't even google for such error. Anyone experience this before?

Check the attachment for screen shot..

View 1 Replies View Related

Plesk 11.x / Linux :: WD Preventing Shutdown / Reboot

Jun 5, 2014

PRODUCT, VERSION, MICROUPDATE, OPERATING SYSTEM, ARCHITECTURE
Plesk Panel 11.5.30#46
Centos 6.5
AuthenticAMD, AMD Opteron(TM) Processor 6272

PROBLEM DESCRIPTION

Upon a shutdown or reboot, the system shuts down sw-collectd. Further along, it will end wdcollect and the following will occur:

init: psa-wdcollect main process (pid) killed by KILL signal
init: psa-wdcollect main process ended, respawning
wdcollect[pid]: Language en-US is used for sending e-mail messages.
wdcollect[pid]: Failed to connect to database server during the startup. New attempts will be made if needed.
wdcollect[pid]: Server started

I believe this is preventing the un-mounting of drives which in the end freezes the shutdown process on:

Please stand by while rebooting the system...

After this occurs, I have to force the VM off and then boot again.

I have tried the following:[URL] .....

View 1 Replies View Related

Apache :: Connection Closed To Child With Standard Shutdown

Jun 11, 2015

I am also seeing similar issue "AH02001: Connection closed to child with standard shutdown "

Following are the version information

Server: Apache/2.4.6 (Unix) OpenSSL/1.0.2a

View 2 Replies View Related

Plesk 11.x / Windows :: MySQL Could Not Start After Unexpected Server Shutdown

Aug 29, 2013

After an unexpected server shutdown. We cant start mysql anymore.

Error: Could not complete the operation: defpackagemng failed: The process terminated unexpectedly. (Error code 1067) at Start service MySQL

View 4 Replies View Related

Plesk 11.x / Linux :: Shutdown Completely Spamassassin Service And Mailbox Statistic?

Sep 30, 2014

I'm suffer 2 major problem as below :

1.
how to turn off spamassassin completely ?

I've already stop the spamassassin service on Services Management but it's only valid one day. The next day, spam assassin service automatically start

2.
my customer mailbox statistic wrong. Even if their mailbox not full but when they send email. The quota said that their mailbox full. So they can't send/receive email.

Our action :
Manually, use command
/usr/local/psa/bin/sw-engine-pleskrun /usr/local/psa/admin/plib/DailyMaintainance/script.php -f execute-statistics

View 14 Replies View Related

Plesk - Shutdown Via Plesk, Now Server Can't Beh Turned On

Aug 7, 2007

I just shut down my server, via Plesk's CP.

Now SSH and Plesk doesn't seem to be working.

What can I do?

Would I have to ask my host to do a hard reboot?

View 6 Replies View Related

Hacked VPS

Apr 3, 2008

I am renting a 384mb Plesk VPS, have 1 client website on it, and it was hacked. Someone set up a new user with root access and was attacking other networks including dictionary attacks. My host has cleaned up the mess. I suspect access was gained thru a weak password choice or thru a Wordpress hack.

The client website ran a php/mysql survey script sometimes with 20-25 simultaneous users, and about 5-10% were unable to complete the survey due to screen freeze up or time outs. I'm trying to get to the bottom of these errors and know that some of the problems were client side but could the attacks also have affected connectivity & website performance?

View 2 Replies View Related

Hacked Or Not

Aug 5, 2009

2 days ago i noticed my cpanel hardisk usage was a lot more then it should be, after looking around i found out my inbox was 400mb (82143)emails!! i don't use any of the cpanel email because i have them set to forwarding. all the emails are spam and i discovered a few emails using my domain (that i did not create) that are valid and when i email them it reaches this cpanel inbox

So how bad is it? have i been completely comprised or is someone managed to get some type of spaming access only?

View 5 Replies View Related

Been Hacked

Feb 5, 2008

I have a server with about 100 domains on it in Plesk. I have about 10 or so clients that pay me a pittance to host their site and the rest are various domains that have been parked.

About a week ago we received a "too many connections" error when accessing Plesk. This is our server and it sits at The Planet (formerly EV1). I cranked up the mx connections to 1,100 or so following some web tutorial but I'm really a complete idiot when it comes to this server stuff. (I'm more of a php / html kind of guy).

I check out logs and it appears that someone has been trying to access a bunch of celebrity images that shouldn't exist on our server. It's clearly spam of some kind. I can't seem to actually find these images on my server anywhere, but I've got a feeling that foul play has been involved.

View 7 Replies View Related

I Got Hacked

Feb 4, 2007

Well, this is rather weird. I cant tell if this is a server error, or a hack.

Basically the contents of the thumbnail directories for videos, games and pictures were deleted, at 3pm today (according to the ftp time stamp). All those folders were chmodded 777, to allow PHP to upload the images into them.

View 14 Replies View Related

Hacked

Jul 23, 2007

My cpanel server has an intruder who brought all the sites down. I did my best to harden the server a year or so ago, but...

I got an email from one of my scripts:

SUBJECT: [hackcheck] kill has a uid 0 account

IMPORTANT: Do not ignore this email.
This message is to inform you that the account kill has user id 0 (root privs).
This could mean that your system was compromised (OwN3D). To be safe you should verify that your system has not been compromised.

To say the least, the server was compromised. I cannot find the user "0" or "kill" in WHM, but under "Wheel Group Users" "kill" is listed under "Add a user to the wheel group."

Any help or insight would be appreciated! Anyone proficient at hardening servers and exorcising hackers?

I uploaded the latest chkrootkit and ran it. The results say it's clean.

View 14 Replies View Related

Am I Hacked And Anything I Can Do

Feb 13, 2007

Am I hacked by somebody?

Any thing I can do to stop this (for example by hiring server management company)???


Here's the info that RKHunter provided:

/sbin/modinfo [ NA ]
/sbin/insmod [ NA ]
/sbin/depmod [ NA

Rootkit 'RH-Sharpe's rootkit'... [ Warning! ]

--------------------------------------------------------------------------------
Found parts of this rootkit/trojan by checking the default files and directories
Please inspect the available files, by running this check with the parameter
--createlogfile and check the log file (current file: /dev/null).
--------------------------------------------------------------------------------

Checking users with UID '0' (root)... [ Warning! (some users in root group) ]
info: adm:0

And here's the info I've found after investigation:

-bash-2.05b# pwd
/usr/local/games
-bash-2.05b# ls -lah
total 332K
drwxr-xr-x 3 root root 4.0K Feb 5 15:59 .
drwxr-xr-x 15 root root 4.0K Feb 12 19:32 ..
drwxr-xr-x 3 1555 1555 4.0K Feb 2 12:58 .fl
-rwxr-xr-x 1 root root 263K Feb 2 12:51 ettercap
-rwxr-xr-x 1 root root 17K Feb 2 12:51 parse
-rw-r--r-- 1 root root 119 Feb 2 12:51 pid
-rw-r--r-- 1 root root 27K Feb 3 17:44 x
-bash-2.05b#

View 5 Replies View Related

Am I Hacked

May 22, 2007

i daily check my error log files to see if something was wrong , checkout what i found

the first one is probably trying to hack my site to get to my ads and changing it to them i think
[error] [client 195.23.16.24] File does not exist: /var/www/html/a1b2c3d4e5f6g7h8i9
[error] [client 195.23.16.24] script '/var/www/html/adxmlrpc.php' not found or unable to stat
[error] [client 195.23.16.24] File does not exist: /var/www/html/adserver
[error] [client 195.23.16.24] File does not exist: /var/www/html/phpAdsNew
[error] [client 195.23.16.24] File does not exist: /var/www/html/phpadsnew
[error] [client 195.23.16.24] File does not exist: /var/www/html/phpads
[error] [client 195.23.16.24] File does not exist: /var/www/html/Ads
[error] [client 195.23.16.24] File does not exist: /var/www/html/ads

this 1 I dont know

[error] [client 71.190.229.120] File does not exist: /var/www/html/_vti_bin
[error] [client 71.190.229.120] File does not exist: /var/www/html/MSOffice
[error] [client 69.181.195.171] File does not exist: /var/www/html/_vti_bin
[error] [client 69.181.195.171] File does not exist: /var/www/html/MSOffice
[error] [client 69.181.195.171] File does not exist: /var/www/html/MSOffice

This 1 is kinda keep me scared i dont know what it is either

[Mon May 21 16:11:00 2007] [error] [client 129.29.227.4] Invalid URI in request T 5.1; U; en)
[Tue May 22 15:59:09 2007] [error] [client 129.29.227.4] Invalid URI in request f705120b3663bb; yab_logined=0; yab_uid=0; yab_last_click=1179781859
[Tue May 22 16:09:15 2007] [error] [client 129.29.227.4] Invalid URI in request d14379f705120b3663bb; yab_logined=0; yab_uid=0; yab_last_click=1179867547
[Tue May 22 16:09:20 2007] [error] [client 129.29.227.4] Invalid URI in request d14379f705120b3663bb; yab_logined=0; yab_uid=0; yab_last_click=1179867547
[Tue May 22 16:09:24 2007] [error] [client 129.29.227.4] Invalid URI in request -gzip, identity, *;q=0
[Tue May 22 16:09:25 2007] [error] [client 129.29.227.4] Invalid URI in request -gzip, identity, *;q=0
[Tue May 22 16:09:25 2007] [error] [client 129.29.227.4] Invalid URI in request -gzip, identity, *;q=0
[Tue May 22 16:09:26 2007] [error] [client 129.29.227.4] Invalid URI in request -gzip, identity, *;q=0
[Tue May 22 16:09:26 2007] [error] [client 129.29.227.4] Invalid URI in request -gzip, identity, *;q=0
[Tue May 22 16:09:28 2007] [error] [client 129.29.227.4] Invalid URI in request -gzip, identity, *;q=0
[Tue May 22 16:09:29 2007] [error] [client 129.29.227.4] Invalid URI in request -gzip, identity, *;q=0
[Tue May 22 16:29:29 2007] [error] [client 129.29.227.4] Invalid URI in request f705120b3663bb; yab_logined=0; yab_uid=0; yab_last_click=1179868171
[Tue May 22 16:30:23 2007] [error] [client 129.29.227.4] Invalid URI in request d14379f705120b3663bb; yab_logined=0; yab_uid=0; yab_last_click=1179869368
[Tue May 22 16:30:26 2007] [error] [client 129.29.227.4] Invalid URI in request -gzip, identity, *;q=0
[Tue May 22 16:30:28 2007] [error] [client 129.29.227.4] Invalid URI in request -gzip, identity, *;q=0

View 3 Replies View Related

Hacked

Sep 10, 2007

my server hacked

24 cat /proc/cpuinfo
25 ls
26 cd /var/tmp
27 ps x
28 ls
29 mkdir .www
30 cat /proc/cpuinfo
31 cat /etc/issue
32 mkdir .ww
33 cd .ww

36 download alexscan.tar.gz
37 tar xvfz alexscan.tar.gz
38 tar xvf alexscan.tar.gz
39 cd Vek
40 ls
41 ./Vek 210
42 ls
43 cd ..
44 ./ss
45 ls
46 cd ..
47 cd .ww
48 download joker.tgz
49 tar xvfz joker.tgz
50 download flood-udp.tar
52 tar xvfz flood-udp.tar
53 tar xvf flood-udp.tar
54 perl udp.pl 72.8.131.39 0 0
55 perl udp.pl 89.42.72.6 0 0
56 perl udp.pl 83.42.64.149 0 0
57 passwd
58 ls
59 cd joker
60 ls
61 chmod +x *
62 ./x 23.12

View 14 Replies View Related

Hacked? Or Not

May 9, 2007

I have a new server and I have hardened it with csf+lfd. It's about 65/70 in the cfs score.

This morning, I noted that lfd log sent me an email saying there is a SSH login via 207.210.233.128 on 10th May 2007. I am not sure whether it was a successful login or not?

Here is the output:
=================
Time: Thu May 10 01:31:52 2007IP: 207.210.233.128 (Unknown)Account: rootMethod: password authentication
========================

I know for sure that I did not login my SSH yesterday.

However, when I logged in SSH this morning, it says in telnet that my last login was from my own home computer's IP, so from that it looks like no one else has logged in SSH since last time I logged in myself.

Was my server intruded or was lfd just playing up?

View 2 Replies View Related

I've Been Hacked

May 11, 2007

Go to this page:

[url]

how I can find out what page they have changed? It is a php file with loads of includes etc. Not sure where to look! Or could it be a redirect or something?

View 2 Replies View Related

VPS Getting Hacked

Apr 12, 2007

I have a VPS running cpanel/whm on CentOS.

Everyday someone keeps coming in and deleting all my accounts. I do have them saved, but I cannot figure out how they are doing it.

I have followed the tips on the forum for locking down VPS. We have restriced SSH logins to our IP, we have checked all directories for ones that are 777 and changed them, we have moved the server to a different IP address.

View 14 Replies View Related

Website Hacked

Jul 27, 2007

So I'm interviewing with a company and when I typed in the URL to their website, I was met with a nasty surprise: a "hacked by so and so" message! However, after looking closer, I see that I had accidentally appended a period (".") to the end of the domain name, for example: http://www.example.com./

When I removed the period, the site appeared as normal. I don't know anything about the server other than it's IIS. Is there anything I can suggest to them when I go in to interview? I'd like to point this out to them; it may even help my chances at landing the job! (It's not related to networking, though.)

View 0 Replies View Related

WHMCS Hacked

Nov 23, 2008

Now, first of all... I'm not sure if this is a problem with WHMCS or some other piece of software with a security hole, but I thought I should post here.

Our WHMCS got hacked earlier today and the hacker sent out a to be honest, unacceptable email to all clients, I won't go into detail but lets just say it directly insulted them.

Now apart from ruining our reputation and client relationships, I am now completely paranoid that it will happen again. I'd also like to know how it happened in the first place. The hacker signed up for a hosting account, and then sent the email. I have no idea how he/she did it, but when I look at the admin log in WHMCS, it shows the username "hacked" as logging in (see image).http://img378.imageshack.us/img378/2560/hackedmh9.png

Just a warning to everyone out there. His IP address was 86.132.228.82.

View 11 Replies View Related

SITE WAS HACKED!

Jul 27, 2008

A client's site was hacked last week and spyware or some kind of trojan was put on it. I found some files that didn't belong in the images folder and proceeded to delete them, however, when I submitted the site back to Google for review, the report came back saying there was still malware on the site. They didn't provide me with the location of the spyware, so what can I do to find it and delete it?

View 6 Replies View Related

We Were Hacked, Where Do We Start.

Jan 27, 2009

we have a vps server and someone did what I would call a calling card attack, thankfully.

It is a stock kubuntu os with stock apache. Root passwords for everything have been changed to our own

Somehow they logged into kubuntu as root and changed the htpasswd in usr/passwords (changed to protect the password).

Then since they changed the htpasswd they were able to log into phpmyadmin and changed the admin password in the database.

I'm pretty sure I know who did it and he is teaching us a lesson which I respect but he will not comunicate with us.

We have hourly snapshots of our vps and we need to know how they are getting in. See my sig and click on the hotspot login.

Looking at the sudoers there is the Defaults line that we suspect as a means to get in.

We have a great php etc... app but it is either Apache or kubuntu that they can get in.

I would like to learn about what needs to be done about security but where do I start?

Can someone help me look for something that would allow the attack?

I'm a php guy and it is not a mysql injection attack nor is it an xss attack.

I am not a kubuntu / server security guy and now need your advice.

View 7 Replies View Related

Web Hosts Being Hacked Using PHP?

May 22, 2008

Out of the three websites that were hacked the hacker left a get.php file in the root and i decided to see what it was and i ran it. To my shock and horror it gave me all the different types of people hosted on the server and it also gave me their database passwords etc...

Now each time i ran it, it gave me different results of different users on the server each time with a long never ending list. I just couldnt believe my eyes a simple short written php script showed me a lot.

Now im not a PHP guru but this is quite serious and ive notified my web host showing them my findings. I was quite astonished it showed me passwords in peoples configs.

Now my question is... is this something new or old and that my web hosts forgot to look into that area...? I mean its a php script thats all.

View 8 Replies View Related

My Site Has Been Hacked

Oct 1, 2007

One of my clients has just sent me a bounced email to an address she had never heard of. This made me suspect my server had been hacked and was being used for a scam.

Sure enough, I found a file in one of my folders, that was related to a Bank of America scam.

I have since put a password on this folder. But does anyone have any advice on how to secure the site to prevent this happening again? It is a shopping cart and the 'rogue' file was in the admin area of the shopping cart.

View 10 Replies View Related

My Server Seems Be Hacked

Mar 17, 2007

SOme one has claimed that he has penetrated my server and has gathered some kind of information via shell access, I have disabled the possible ways of shell access for the users via twaek settings, and php.ini

- How I can check he has made any backdoor for himself or not?
and I have made a trojan check via Scan for Trojan Horses in WHM, and it has found about 200 possible trojans.

- How I can remove them?

View 14 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved