My Server Has Been Hijacked
Jun 12, 2008
My hosting provider has told me that my server has been "fully rooted" and the only way to fix it is a reinstallation from scratch. That is very frightening to me because it will take a lot of time to set-up again and this will cause major downtime.
Is there no other way to resolve the issue without reinstallation?
--------------- Quote from hosting provider ---------------
">> Does this mean that my passwords do not need to be changed?
Server is fully rooted, and will need to be reinstalled. Leaving the server online is a very, very serious risk for you. Let me show you some of the powers the hax0rs have at this time from their upload/hax0r script.
Php Safe-Mode Bypass (Read Files)
File:
eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):
Dir:
eg: /etc/
Search
- regexp
Upload
[ Read-Only ]
Make Dir
[ Read-Only ]
Make File
[ Read-Only ]
Go Dir
Go File
--[ x2300 Locus7Shell v. 1.0a beta Modded by #!physx^ | LOCUS7S | Generation time: 0.0396 ]-- "
View 14 Replies
ADVERTISEMENT
Aug 10, 2007
Is it possible that someone on the same network as my server (shared hosted, freebds) could somehow cause my traffic to be diverted to a new url after visitors landed on my website?
I assume this person has access to my home PC also and is reading what I type here etc. Has the ability to allow domains and IP's and divert others on my server, IS in the position to know who to allow and deny (my affiliates, customers etc IP's are recorded etc)
IF this was possible, how would I be able to catch this person out?
Where would I look for evidence of this and what am I looking for?
I don't manage my DNS and asking my server host (my suspect hosts with them too) gets a reply like: I don't understand what your asking? Do you need webaliser stats?
How would someone be able to do what I'm guessing is happening: That people can land on my site.. however, this guy can than redirect them to his own paying page. If I set a link here to my site..he'd soon add its domain to "allowed" etc etc.
I'm thinking I need access to server access to my dns, login info and Last Modified details on those file. I don't have these. I don't know what I'd be looking at if I had them.. and my server tech hasn't offered to look at such things.
My interest is more than intellectual.
Until last weekend my 2 1/;2 year project that has grown in sales volume beyond my expectations. I had had no contact with this person for 8 months and in that time sales where consistent. I Had changed all accesses, IP etc etc. I used to host with him. Then moved hosts since I didn't trust him (same problem back then - sales fell to nothing but traffic grew) moved to my current host.. not long after find HE is now on that host too.. now after I have contact from him again, sales have gone flat without any explanation, even though traffic has increased! 1:300 has become 1:10000 and I have checked everything site side (I'm a webmaster for over 10 years)
I'll be ruined very shortly and I don't know what to do.
View 7 Replies
View Related
Jul 31, 2009
I found out that there were some hidden iframe tags injected on my website. So I grepped and cleaned all html files. Am I supposed to change my ssh/sftp password as well? Is there anything else I'm supposed to do?
View 3 Replies
View Related
Aug 27, 2008
I've been handling the design and updates for a local private school for a few years now. They use HostOnce for hosting. Over 2 weeks ago I noticed that when I try to bring the site up in a browser I get a login prompt - [url]. I've submitted several help desk tickets to HostOnce with no response. Since school is starting, I recommended the school change hosting providers. So they bought hosting with GoDaddy who I also use. But now I need to transfer the domain name and I can't get a response from HostOnce. I send an email requesting that they initiate the domain transfer to GoDaddy every day with no response.
Besides a few email addresses and the help desk, there doesn't seem to be any way I can get in touch with anyone at HostOnce. What options do I have left? The school is currently stuck with a site that can't be accessed. The company seems to be in Australia but I've read the phone number listed for them does not work. I'm looking for a US phone number or something.
View 21 Replies
View Related
Apr 21, 2008
I have been with HostNine for almost a year now and have had reasonably decent service, until now.
They recently suspended one of my client's accounts. Understandable, the account had some very old PHP files on them. Let me preface this by stating that I am very sympathetic to hosts who have to deal with problem clients who have sites that slow down shared servers for everyone else on them.
I have tried my hardest to work with HostNine to get these files back and ensure that this account is not a problem on their server. I have never once asked for them to restore the account "as is", all have I have asked is that they backup the files and the database for me (I would do it myself, but they locked me out of the account), so that I can investigate the problem and do testing to ensure that it doesn't cause them problems again.
All in all, getting anyone to co-operate has been unsuccessful. Getting a hold of them has been a hassle (from the time I e-mailed them about the issue to the time I received my first response was a span of over 6 hours). Getting them to co-operate has been impossible. Their "Support Manager", Alex, in broken English has told me next to nothing, aside to accuse me of trying to "get around this" and that I would need to move the account to one of their dedicated plans. I have asked that the account simply be backed up, but have not received any response so far, as time ticks away and the client whose account this was becomes more and more frustrated as their files are effectively being "held hostage".
My last complaint is that they never notified myself, nor the client that they had suspended the account.
Has anyone else had problems with trying to get their files back after a host has locked you out of your account? What are my options? Does the hosting company technically "own" the files, simply because they are being hosted on their server?
View 14 Replies
View Related
May 4, 2015
I keep having certain domains being hijacked and mass emails being sent from them somehow. I've disabled mail within domain control panel for each domain and issue keeps occurring. I've limited # of emails as well to 2-5 per hour but now so many are trying to be sent from my server it is clogging up mail queue and I have to log into server via ssh and run postsuper -d ALL every day or two. It is very frustrating. The only way I can stop it is to disable domain in plesk panel but that is not an option.
What can I do to find the cause of this issue and stop it?
View 6 Replies
View Related
Sep 27, 2007
i have set email for some domain to catch all setting. After some time i have a lot of bounce, redirect and rected email to address. How come my email accounts are hijacked and what to do to prevent such things in case of catch all setting.
Here it is noteworthy catcth all used to attract a lot of spam.
View 3 Replies
View Related
May 8, 2007
I've got a VPS which is serving as the main server for a number of sites. Web Server, SSH Server, and Mail Server.
What I've got running:
Apache2, PHP5, MySQL5, Dovecot, Postfix
One of the sites is a growing forum with a MASSIVE photo album. This is the site where I notice the most slowness.
Changing the server software is not an option - Only optimization.
Quote:
Originally Posted by httpd.conf
ServerTokens OS
ServerRoot "/etc/httpd"
PidFile run/httpd.pid
Timeout 300
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 5
<IfModule prefork.c>
StartServers 8
MinSpareServers 8
MaxSpareServers 13
ServerLimit 256
MaxClients 256
MaxRequestsPerChild 50
</IfModule>
<IfModule worker.c>
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
</IfModule>
Listen 80
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule info_module modules/mod_info.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule cache_module modules/mod_cache.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule cgi_module modules/mod_cgi.so
Include conf.d/*.conf
User apache
Group apache
Quote:
Originally Posted by my.cnf
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Default to using old password format for compatibility with mysql 3.x
# clients (those using the mysqlclient10 compatibility package).
old_passwords=1
[mysql.server]
user=mysql
basedir=/var/lib
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
View 8 Replies
View Related
Mar 7, 2009
I looked a lot - can not find solution ....
I want to transfer a file from [url]to [url]or [url]Without it will pass my localcomputer (slow upload)
It can be also a script i will install like this one - this is only for images
[url](remote)
View 7 Replies
View Related
Oct 16, 2013
I have Plesk 11.5 (service provider mode) on a Windows 2008 server IIS7.Most of my sites are developed in .asp and therefore i use a custom 500-100.asp error page that check s the IP of the visitor then displays either a friendly error, or if its my IP a full error of what has happened (it also emails me the error). This allows me to debug pages easily whilst developing and to keep an eye on anyone trying SQL Injection hacks on my sites (as the error and email also have session variables and IP address).I dont have root access to the server as it is a Webfusion dedicated server.I have following the Plesk documentation -
1) Switch on custom errors for the subscription
2) Look in virtual directories and navigate to error documents
3) Find the error in question (500:100) and change it to point at either a file or URL
FILE - I had the data centre add in the 500-100.asp error page in to the virtual template so that my page is available in the list of virtual files - this didn't work but that maybe because its not a static page??
URL - when i add the path it says its incorrect, if i add a fully qualified address, it accepts it but it doesn't work.give me a specific example of the URL that can be entered relative to the root as the format in the documentation isn't accepted. The last step is to restart IIS which is also an issue as i cant seem to do this from the Plesk panel..It is as if it isn't catching the 500:100 error, and only catching the general 500 error??
View 1 Replies
View Related
Nov 21, 2006
I am currently running Google Analytics/Urchin 5 (v5.7.02), on a server, the server has started to act up, (on its last legs etc) and now I am trying to transfer the Urchin Software to a new server, where it would work effectively.
However upon installing the urchin software on the new server and running it (localhost:9999), I am presented with An Action Items Page, and these following choices
Obtain Demo License
Buy License
Activate Pre-Purchased License
I choose ‘Activate Pre-Purchased License’ pop in the Serial number and complete the registration then…
---------------------------------------------------------
Urchin Licensing Center -- Error!
An error has occured during your transaction, please use the back button and correct the problem. The specific error message is:
• Unable to generate a license. Some possible reasons:
Your serial code is currently active <<< How do I disable it and use it on another server?
---------------------------------------------------------
So all I want to do is deactivate the serial and reactivate it on another server.
Does anyone have experience with this or a similar problem or have a solution to this problem. Any help be most appriciated.
Or even a Contact Number so that i can get some one over the phone!
View 2 Replies
View Related
Nov 7, 2009
This is the scenario, domain.com are setup on server1, however server2 also has the same profile of domain.com as we use ns3 and ns4 using domain.com. This works fine with the nameserver setup on server2.
However I encounter problems as the emails from server2 won't reach server1 as there are duplicate profile on server2.
My question is how do I setup the DNS in cpanel/whm from server2 so the emails from server2 will reach server1?
Server1 (www.domain.com)
ns1.domain.com
ns2.domain.com
Server2
ns3.domain.com
ns4.domain.com
View 6 Replies
View Related
Apr 22, 2009
I just want to use a server for file sharing, it will have nginx and that's it. I'm looking at centos, or freebsd, but I been using centos forever now and I'm not sure how to use freebsd, should I just stay with centos?
Do I tell my hosting provider to just install the OS and give me ssh action and that's it? Don't install any control panels or any other stuff? I want one domain and one subdomain on it though and ftp action.
View 8 Replies
View Related
May 12, 2009
Remote Spamassassin for Multiple Smartermail Server
I want to setup Remote Spamassassin(On Linux) for Multiple Smartermail servers. I want to the setup the spamassassin on a linux box
How i can setup this with multiple smartermail servers.
View 6 Replies
View Related
Jul 4, 2007
what is the fast and best way?
View 4 Replies
View Related
Jul 20, 2015
I'm wondering whether it is possible to perform a full server migration to a new Plesk server with the same hostname or will Plesk give an error about the hostname being the same?
The new server would not be accessible by hostname (only via IP) until DNS and glue records were changed after the migration.
View 1 Replies
View Related
Aug 31, 2008
I've been developing a small 2D MMORPG lately. I bought a VPS to run the server on a few days ago and sadly it doesn't work so well. Sometimes the loads go pretty high (afaik not caused by me) and MySQL freezes, causing the server to just wait for MySQL to unlock, hanging all the players around on the map. Not a good thing.
Anyway, the game is very small scale, and I'm not planning to have more than maybe 30-50 players online. It does not suck up much CPU, I had ~10 guys online and loads stayed down at 0.00 on the VPS box.
Problem with getting a dedicated is our very low budget. As I'm still underage and living at home hammering my pc and don't have any real incomes, we're talking numbers like $ 30 - $ 50 USD per month - it's really hard to find for that price in Europe.
Requirements:
Monthly payment, $ 30 - $ 50 / month, no setup (or very small setup, like $ 20)
10Mbit/s or faster connection, 100GB traffic should do
500MHz CPU is all cool
512MB or more RAM
5GB diskspace is enough
Has to be in Europe due to ping times (< 100ms)
Linux, Debian 4.0 prefered
If anyone knows where I could get something like this for a low price, $ 30 to $ 50 USD, it'd be great.
View 12 Replies
View Related
Aug 28, 2009
I have been searching everywhere trying to find a tutorial but It is not going anywhere. Basically I need to create 2 nameservers for Godaddy and pretty much so when i type http://mysite.com it goes to my site. I can access everything from http://myip and everything works. Now is there a step by step on how to actually do it in the DNS Manager? I need help like what IP address do I use is it the router ip? The external IP?
View 7 Replies
View Related
Mar 2, 2009
i want to shift my domain to one server to another server and the problem is how can i shift my email accounts data to one server to another server.
View 8 Replies
View Related
Dec 8, 2008
Site is currently running on a single code single cpu p4 server. Am thinking of upgrading to a quad core Xeon server.
My site is pretty dynamic with lots of hits to php / mysql, and has trouble keeping up with the requests sometimes. Would a quadcore Xeon significantly help?
Server Software:
Windows 2003 Server
php 5.2.6
apache 2
mysql 4.1
Current Setup:
P4 2.8 single core/cpu.
Proposed setup
Xeon 3210 quadcore
I guess my confusion lies in the following:
1. Can win2003 server make use of the quadcores?
2. Does php / apache / mysql make use of the quadcores?
3. Will i see a significant increase in the amount of pages i can serve?
View 5 Replies
View Related
Oct 23, 2009
I need to move an SSL certificate from a cPanel server to a Plesk server.
View 3 Replies
View Related
Feb 11, 2009
What is the difference between a virtual private server and a dedicated server?
View 8 Replies
View Related
May 10, 2009
I am going to be buying a dedicated server from kimsufi Most likely the 2XL Package.
My streamers will be using my server aswell, On weekends we will be running 3-4 streams at a time, weekdays 1-2 at a time.
Spreading all the streams out, at anyone time we will have 300 viewers.
I need to know your advice on this before i go spending money.
How do i convert my dedi into a flash media server, i need red5 or something, thats all i know so far. My streamers wil be streaming to server with FME, And i also want it coded so that my streams can only be embedded on my site.
Basically i dont have a clue where to start, how long would it take me to set up etc....
In addition, what kind of server do i need, windows / linux / traffic / burstable / standard etc..
View 9 Replies
View Related
Jan 10, 2008
I have a linux server for a video sharring site
The video encoder that I prefer to use will only work in a windows enviorment
The windows server would pass off the converted video to the Linux server.
Will a Samba server for Linux allow a Linux machine to connect and share files with a Windows machine work for this application.
Although it's probably a dumb question but can Linux and Windows exist on the same server?
View 3 Replies
View Related
Dec 1, 2008
I am not using IIS and the built FTP server. Is ther other recommended FTP server to use in a windows 2008 dedicated server?
View 5 Replies
View Related
Jan 1, 2008
for setup and configuration instructions for setting up mail server on a Fedora Core 6 server. I googled it and most of the links are described with steps while installing OS, but i need to configure a mail server on a server where my site is already running.
View 1 Replies
View Related
Sep 25, 2007
I'm running a local department website using xampp (apache, php, mysql) and we have a corporate lotus notes mail server. Is it possible to connect to and send mail via lotus notes using something like sendmail running under xampp?
View 0 Replies
View Related