PHPLive Hacked, Used To Send Spam. Best Alternative?
Apr 18, 2007
We received a few days ago a warring that our server is spamming. We hired someone to find the problem and it turned out that someone was using our phplivesupport to send spam from our server. The person who we hired showed us this http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6769 ("Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the...")
I sent a ticket to them and asked when they are going to release a new version and they did not answer, I asked them for a refund and no answer.
1) What do you think about this whole situation? You don't think they should refund us? (or release a new version)
I don't know about you guys... But when my datacenter opens a Ticket, I drop anything else I'm working on to take care of it...
God forbid someone had reported spam on MY domain, and they were warning me with a server take down notice.
Imagine my surprise when it turned out it was them breaking there own spam policy.
Here's the ticket /SPAM for those interested:
-- Dear Customer,
Your account has been selected for a special promotional price on our Network Attached Storage (NAS) for off-server backup. This is a great way to insure that your mission critical files and data are kept safe in case of some form of hardware failure. The FTP/NAS storage we offer is basically an allotment of space on one of our shared storage servers. We will provide you with the IP address and login to the space, and you can FTP your data across the private network from the private NIC on your server to this space.
You or your server administrator can automate the process by installing a script/cron job, or by setting up the backup utility within cPanel or Plesk.
Currently your account is eligible to order a NAS account for one half of the normal retail pricing. You will need to be logged in to your customer portal at the following link:
Enter the following promotional codes to take advantage of the special pricing.
$5/mo for 20GB of NAS: Half20nas $10/mo for 40GB of NAS: Half40nas $20/mo for 80GB of NAS: Half80nas $25/mo for 100GB of NAS: Half100nas $50/mo for 250GB of NAS: Half250nas
Having a solid backup of critical data is very important. It can save hours of time and trouble for your server administrator in the event the server is compromised, or the hard drive fails. For just a few dollars a month you can rest assured that your files and data are securely stored and your business is safe. How much is your business worth to you? If it is worth more than a few dollars a month I suggest you take advantage of our half off NAS storage promotion while it lasts as this promotion is only good for 7 days!
I've been getting a lot of "Undeliverable" emails sent to my email address. On these messages, the spammer is using my email on the "From" part of the email...... So whenever he sends out spam, the person(s) getting spammed think it's from me..... And the thousands of Undeliverable email error messages are also sent to me.
Is there a way to stop this from Happening? ....... Besides changing my email address?
Not far ago somebody hacked our customer account through the vulnerability in phpBB Album module and uploaded some scripts. Then it started to send nigerian spam using exim and apache. These scripts were found and deleted and the Album module was fully deleted too. But when I look at the processes now I see that exim and httpd still start very often so the system resources are probably overused by them ......
We are a web design firm and we provide hosting for our customers who design their websites with us, we do not promote ourselves as a web hosting company. We are in the market for years and the most thing that confuses us is the hosting problems. Server problems when occur take all of our human resources (we are a small company) and that affects our other (main) work which is web development.
We've tried a lot of reseller then VPS providers, each provider will experience some problems even after a long time of stability.
Sorry for the long introduction but it was necessary to let you know what exactly I want. I know Rackspace from a long time and I was happy when I found out that they are providing a new service (mosso.com) especially for web design firms, they provide 80 GB of disk space with their zero-downtime network and other cool features for $100 monthly which I think is very affordable compared with Rackspace's reputation even it's more than what I pay for my current provider but I'm really looking for stability that makes me concentrate on designing and programming. The problem is that they told me that their customers must have a U.S bank account which we don't have.
Can you suggest companies that provide same quality services with affordable prices (reseller or VPS)
I've had my servers with The Planet for years. Used to be really happy with them. Ever since the merger, they seem to have deteriorated over time. Recently, I find the level of support to have become poor.
The redeeming quality is that they have had outstanding uptime over all of these years, and they are always there if you need them in a true emergency - in other words, they always pick up the phone.
I need a company that is comparable in their level of staffing and resources. Who out there is comparable, yet providing better support and overall attitude these days and for the long-haul?
Tried to search a bit, I may have the wrong keyword, but didn't find anythings...
I wish to block scripts to send outbound mail without going into my SMTP (so I can scan them and block them). I cannot block outbound port 25 and since I'm into a Virtuozzo VPS, I cannot use SMTP_BLOCK.
I have a question concerning the redirection of URLs. One of our customers has 1 main website (www.x.com) and many subsites (www.y.com, www.z.com etc.) which all end up at the same IIS instance. There, a CMS picks up the URLSs and directs them to the place the user requested.
Now, our customer wants all subsites to enter at the main site/subsite, instead of letting the routing be done bij the CMS. One solution would be to let our DNS hoster put URL redirects on all subsites. This however is not a valid option for us, since it's untransparant to us.
Another option would be to create a separate IIS website for every subsite and redirect these sites to the main site/subsite. That would mean redirecting www.y.com to www.x.com/y and www.z.com to www.x.com/z. This is not a very professional solution though.
We have been using BQ Backup for some time now and have been very satisfied with the service for the price. Is there anyone else out there that offers a similar service at a similar price, just feeling that it is time now to move on.
My service at Slicehost recently got very slow so I don't think their network management is the best it could be. So I'm preparing to leave if it remains like this for anymore than a few days. Is there any VPS people could recommend with comparable service catered to developers with an active community and good connection speeds?
We currently are using Barracuda solution for our spam filtering for managed hosting clients and a few shared hosting ones that took advantage of our promotion.
However we are now in the situation of the filter dropping the ball and queuing up emails during business hours and are currently looking into two options for replacement as Barracuda support teams is unable to help.
Delay'd email generally isn't an issue but we have some high profile clients who's primary business runs on email and a delay'd email for 12 hours could cost them tens of thousands of dollars.
We are throwing around the idea of deploying our own spam/email filter on a BSD platform or an alternative hardware spam filter. As this will give us more freedom but less enterprise support.
Was wondering what anyone has dealt with that they could give there reviews on. I know there are a handful of similar solutions out there I just want reviews and pro/cons to them as we cannot deploy an untested solution and want to get into the testing stages very soon.
I run special software that is similar to a gaming server. It operates mostly in SWAP memory because 99% of the time its idling. Each instance uses about 5MB of physical memory and 50MB of SWAP memory. So I am using about 2000MB (2GB) of SWAP memory and 250MB of Physical memory. To my understanding, most Virtuozzo VPSes count SWAP memory as apart of the burstable memory , so finding 2GB of burstable is not likey or cheap.
Virtuozzo with the SLM method of handling RAM seems to be my only option because it allows for no set limit of burstable RAM. I am wondering if there is any other method or technology that could allow me to actually use high amounts of SWAP memory, as it should run from the hard-drive, not taking up the faster physical memory.
I am currently consider XEN servers, but I was unsure if they could handle the SWAP I need, I emailed Ray at BigVPS.com and he stated his XEN servers can handle my requirements, but would need an extra $5 for the extraneous SWAP usage. Is it true XEN can handle what I need?