Prevent Phishing
Jun 1, 2008
I'm not that techy I'd like to ask why this person downloaded the file below before uploading some phishing webpages on my account ? I've changed my password numerious times from different computers and even from mobile phone just to check if the person can still get in. But again it is no use the person were able to upload phishing pages.
logs:
May 25 21:50:42 server100 pure-ftpd: (weblogin100@62.56.133.36) [NOTICE] /home/weblogin100//.htpasswds/update/Login.php downloaded (21251 bytes, 755.78KB/sec)
Right now I deleted all other scripts on the account and remain some htmls. Folder were also set to 644 no 777, while waiting if the person can still upload his phishing pages please help me why he downloaded the file above. I've check the file on my account and I cannot see Login.php. By the way I have a root login and only two accounts were a constant phishing victims.
View 1 Replies
ADVERTISEMENT
Nov 1, 2007
with my server i ran in to big issue with phishing sites. i have secured my server with firewall, and many other security things. but still i can see some times some one place phishing site. serverbeach suspend my server few times. i know this is not doing by users by there selfs. but however its coming in to the server. in secure side now i have to only go thorugh sites and check all writable directories.
is there any way to monitor the phishing activities? may be its some kind of scripts some one running inside the server?
View 8 Replies
View Related
Jun 15, 2007
I currently run a dedicated server and for the past 2 month or so have been attacked by some hackers or so. Meaning that on my sites every other day there is a folder of a phishing site. It is either paypal, ebay, exc phishing site and I know that I did not upload it there. I have tried almost anything to stop that, but it just keeps happening, my server company suggested to do os reload, but I am not sure as that will cost me $100. Was anyone faced with a problem like this that can give few suggestions? I use cpanel server.
View 8 Replies
View Related
Jun 9, 2009
I spotted a user on my site with the hostname: gator832.hostgator.com
This particular visitor identified themselves as a "visitor", with the user agent: Mozilla/4.8 [en] (Windows NT 6.0; U)
Upon typing the user's IP into google, a boatload of "phishing" / "bad bots" logs come up.
My question: Can I identify visitors like this via automation?
i.e.: fake users. People who masquerade themselves as a human, while they're really a bot.
(I only noticed this potentially 'bad' user because I was viewing my visitor log in real-time. -I was on at the very moment they were-)
In previous experience, not every user with the "host" phrase in their hostname are bad users, so sniffing those bits wouldn't do anything useful.
View 0 Replies
View Related
Apr 26, 2008
Gmail has a feature to detect email phishing and it marks them with a red header alert saying "Warning" This message may not be from whom......", I believe this red alert has nothing to do with spf record of that email, so how does it detect it as phishing email?
We have spf record and I sent an email from another server, when I received that emai the spf record was "softfail" but it does not have that red alert.
View 0 Replies
View Related
Jan 10, 2007
We have received the complain from paypal that one of the domains were phishing. How to track it down? How to find out the method that how they uploaded? I checked /tmp file and couldn't find anything. I check access_log file for wget and couldnt find anyting.
View 2 Replies
View Related
Feb 18, 2007
I am running a hosting service. Recently a user put a phishing site on the server, pretending to be an eBay signup page and soliciting passwords. I had all kind of truble with this, because eBay complained to my server company.
I would like to ask if you know any solution what would block such sites automatically?
It could search for some predefined texts on the page (such as "sign in to eBay") and block the page if they are found. I wasn't able to find anything in Apache documentation.
View 6 Replies
View Related
Sep 18, 2008
I want post here about RapidVPS hosting,
they host all scam and phishy sites like Hyip.
What is Hyip? Here-> [url]
My proof:
ablehyip. com/hyip/ (IP:208.84.144.131)
globalmarketsol. org (IP:66.35.79.68)
forexco. us/index.php?a=home (IP:66.35.79.37)
xlinvestment. us (IP:66.35.79.29)
topprofitworld. net (IP:66.35.79.94)
real-onlineforex. com (IP:66.35.79.118)
fx-88. com (IP:208.84.150.149)
marvelpartners. us (IP:66.35.79.68)
and so on too many hyip scams, very big list.
All provided IP addresses are rigistered with
OrgName: Infinitum Technologies Inc. (RapidVPS)
OrgID: INFIN-27
Address: 873 Grand Regency Pte.
Address: Suite 201
City: Altamonte Springs
StateProv: FL
PostalCode: 32714
Country: US
All IP addresses are provided for
network: Organization-Org-Name:NVHSERVER Inc
network: Organization-Name:Ha Nguyen
network: Description-Usage:Internet Service Provider
I have contacted with RapidVPS admin and this guy (name is Rick) never answer my reports,
just ignore me, ban me, I'm sure he is owner of all this scam.
I have created account on the RapidVPS forum,
and Rick ban me for my first post about hyip scam on their servers,
here is proof: [url]
If you wanna ask about this issue, contact Rick directly: rickb@rapidvps.c0m
Guys what you think about this issue or maybe it's normal for all US hosters?
Please your comments.
Thanks for this post reading and your time.
Here is more info about hyip scam:
fbi.gov/majcases/fraud/fraudschemes.htm#ponzi
sec.gov/answers/ponzi.htm
View 14 Replies
View Related
Dec 17, 2007
I don't know about security on servers much, and we're setting up our new server. I have the techs doing the install stuff, but I would love to know what to install security wise. My current list:
Firewall - good free one?
Antivirus - good free one?
rootkit, some way of stopping it (anti-rootkit?)
Also, is there some sort of script which searches all cPanel accounts/files for phishing sites or spam sites etc? I swear I've seen one before, in firewall form?
Oh the server setup is going to be:
php5-CGI, fCGI, mySQL 5, apache 2.2.x, centOS, ruby on rails, django, ioncube, other php libraries, mod_rewrite, I think thats everything. (cPanel).
View 4 Replies
View Related
Jul 31, 2007
Someones managed to upload a phishing site to my VPS.
How do they normally achieve this, there has been no unauthorised root access as I get e-mail each time someone log in as root.
Is it likely they've just managed to guess my ftp password, or is it going to have something to do with a script running elsewhere?
I've got solarvps looking at it now.
View 14 Replies
View Related
Jun 2, 2009
I know Brent from HostGator reads here so thought I share this, If you are an Australian you are more than likely getting phishing emails supposedly from Commonwealth Bank (Australia's largest bank). I get about 20 a day to all my email addresses, here's one I got today:
We recorded a payment request from "HostGator -www.hostgator.com- Reseller Web Hosting"
to enable the charge of $74.95 on your account.
Because the order was made from an African internet address, we put an Exception Payment on
transaction id #POS PAYM7284 motivated by our Geographical Tracking System.
THE PAYMENT IS PENDING FOR THE MOMENT.
If you made this transaction or if you just authorize this payment, please ignore or remove this email
message. The transaction will be shown on your monthly statement as "HostGator - Reseller Web Hosting".
If you didn't make this payment and would like to decline the $74.95 billing to your card, please follow
the link below to cancel the payment :
Cancel this payment (transaction id #POS PAYM7284)
NOTE: Because email is not a secure form of communication, please do not reply to this email.
© Commonwealth Bank of Australia 2009 ABN 48 123 123 124
Of course I'm not a customer of this bank nor am I with HostGator, but these emails are getting more sophisticated by the day.. please also see [url]
View 6 Replies
View Related
Apr 23, 2009
One day, you noticed that someone remotely connectted your computer and an application sends spam/phishing emails bu using your IP. What do you do?
Of course, I stopped the program and blocked remote connection for a while and changed my password... I any way, i have to connect my computer remotely... What do you advice?
By the way, i have more than 1000 email accounts on my computer. Hacker left me a gift, but I don't need them))
View 9 Replies
View Related
Aug 30, 2007
I run a Free web hosting service on my server with XPanel script installed. It has around 47K accounts in all. Recently i started getting mails from e-bay, banks and many other institutions regarding the Phishing sites operating from my server for cheating their customers / members. Though i removed them but i have to do it manually and after getting mails from them.
Now that i dont want any more such site to run from my hosting site, What are the options available for me in order to check all accounts automatically and remove any such site on its own? As there are 47K accounts and 100+ new signups each day, it is not possible to check all accounts manually.
I want any script / addon which can check all possible Phishing / Spamming / Spurious / Fraud sites and intimate me/ delete them upon request. Any person using such services? I need your guidance + support.
Looking for some fast and effective answers from experts here.
View 10 Replies
View Related
May 22, 2014
I are running an Plesk 11.5 on a Ubuntu 12.04 machine. Since days i have problems where i see scripts of phishing sites and mailer scripts installed in the httpdocs directory of various domain.
How I can prevent that people outsiders install this scripts on the server? Where is the bug that allows this?
View 4 Replies
View Related
Jul 4, 2009
Does anyone know anyway that "rm -rf /" can be disabled? OR any selinux rule or something to prevent this?
Or if I wanted to prevent a certain directory from being deleted like backups but something unlike chattr that someone can figure out quickly.
Im sure LOTS of people would like to know about this. Ive searched around and only somewhat useful thing I have found is an rm wrapper that sends everything to a trash file in the root of the mount point.
View 14 Replies
View Related
May 28, 2008
Can anyone share tips how to prevent DNS flood on a cPanel and Directadmin server platform on Centos?
View 7 Replies
View Related
Feb 21, 2007
I am giving few tips on securing your server against hack attempts. You must check these inspite of other securities like firewall, rootkits detectors etc.
1. Most Important, do not disable safe_mode under php.ini. If any customer asks to disable it, turn it off on his account only, not on whole server.
As most of the time attack is done using shellc99 (phpshell) script. In case safe_mode is off on server and there are public dirs with 777 permission, he can easily hack through.
2. Compile apache with safe mode as well.
3. In cpanel under tweek settings, turn on base_dir, if someone requests to turn off, turn it off on his/her account only. As using phpshell one can easily move to main server dirs like /etc, /home.
4. Do not allow Anonymous Ftp on your server. You can turn it off from ftp config under WHM Service Configuration. If its allowed, one can easily bind port using nc tool with your server and gain root access. Always keep it disabled.
5. Make sure /tmp is secured. You can easily do that by running this command /scripts/securetmp using ssh. But do make sure, /tmp is secured. Else one can upload some kind of perl script in /tmp dir and can deface or damage all data on the few/all accounts on your server.
keeping your server secure from hack attempts.
View 7 Replies
View Related
Oct 28, 2007
Does anyone know how to prevent some shell, php script change file name from file.php to file.jpg or file.gif and upload to server and run it to attack server?
View 14 Replies
View Related
Sep 11, 2007
from 2 days ago until now my server be ddos and i stay in my computer and block ip but it is not finish is a program to do block ip automatic?
View 2 Replies
View Related
Sep 13, 2007
We have been using our L2 switches functionality to only allow IPs that are assigned to a particular server to be accessed for sometime. However, the latest version of this particular switch no longer includes this feature. Moreoever, it is quite a labor intensive task which is not good for "budget" servers.
I am considering moving the rules to the main router, but am afraid of the scalability of this. Will it hold up with a few 1000 servers?
How are other hosties going about this? I have heard that some just don't bother at all, which leaves their clients open to having their IPs duplicated by others on the same subnet. This can't be good....
View 1 Replies
View Related
Sep 21, 2006
i need any thing to prevent mass download
my server is cost a huge bandwidht monthly . because mass downloading?
View 1 Replies
View Related
May 24, 2008
I need to know so idea, how to prevent iframe virus injection into the server,also is there is any mod which help in protection for iframe virus.
View 14 Replies
View Related
Jun 13, 2009
i have my own box for my forum .. now i shared my box with friend's , but in reall they a freak friend's , just to be in safe brother, am looking to know what function i can disable in php.ini or any problem/tool to prevent anybody / attacker * nobody* permission to move in the server via his shell script..
as we know some attacker's use them own php-shell to hack site's * shared hosting *, so they can move to any account after they know the user account name * /etc/passwd * .. so as i say before is there any good functions to prevent these attacker to move in the server? so i can disable it .. or install any good tool * else modsecurity * in the system to prevent them *nobody* of that?
View 7 Replies
View Related
Jul 30, 2009
I try to use mod_security to prevent some script in some files,
imagine I want to block all scripts includes "test" in the body
so if code of script.php is:
HTML Code:
<html>
<p>test</p>
</html>
and someone run script.php , I want block running and show 406 error
now can you tell me how can I write this rule in mod_security 2 with apache 2?
I use SecRule RESPONSE_BODY "test" but its now working ...
View 8 Replies
View Related
Jan 12, 2008
I have a cPanel/Linux server, runing apache as a webserver.
i want to know how can i prevent perl/cgi files from working on all virtual hosts on both apache2/apache1.3!
View 14 Replies
View Related
Aug 4, 2008
My site was recently under a DDoS attack and was down for a few days, the attack came from Russia i believe.
The people who did it asked for $800, but of course i didnt pay. My hosting company did the best they could in order to stop the attack but it still lasted a few days and badly hurt my rankings.
I moved my site to a dedicated server, but i dont know what kind of software/hardware i need to install on it in order to prevent more future attacks, the hosting company suggested a few things but i dont know if they are just trying to get more money out of me.
View 3 Replies
View Related
Apr 26, 2008
I have added some functions in php.ini for security.
But when user use their php.ini file located in their account, all functions enabled again.
How can i prevent user custom php.ini?
View 10 Replies
View Related
Aug 19, 2008
I have a colocated server with the following specs:
Intel Core 2 Quad Q6600 2.4Ghz
4GB RAM
400GB SATA Drive
I have a problem every few days, the server keeps hanging up and giving an "Out of Memory" message and SSH just hangs and doesn't connect. Every time i have to call out a tech to manually reboot it.
Is there a setting i can change to make SSH connect even when it is out of memory, or anything that can prevent it happening?
View 6 Replies
View Related
Apr 2, 2007
I've just made a transition from a VDS to a Dedicated and I'm having problems preventing directory contents from showing. In my previous server whenever I created a directory, it would automatically give a 403 when you tried to access the directory directly in your browser (which is what I want). Now when I set up directories in this new dedicated the contents of the directories display when there is either no index page or if I didn't have an htaccess file preventing it from listing the contents.
So what im asking is how did my previous server automatically set up the directories to not display the contents but use the contents and allow access to say for example pictures in the directory?
Is there a way I can have apache automatically do this for me or do I have to place a blank index page in every directory i create or have to place an htaccess file in every directory I create? How can I protect the contents with a 403 but still allow the contents to be accessed only through full path?
View 13 Replies
View Related
Oct 2, 2007
My server was recently hacked and I'm looking ways to secure it in the future. I use the server to host my own websites.
It was hacked to be a spam server. I traced the new files the hackers added to my "upload" directory, which is where my site members upload pics. I had set the directory to chmod 777. Could someone hack that directory solely from it being its rights being 777?
The site was custom developed in PHP, and looking through it myself, I couldn't find any security issues. But then again, I may not know what exactly to look up.
I would appreciate any general tips to protecting a server, as well as general tactics hackers use to hack a server and PHP site.
View 13 Replies
View Related
Nov 29, 2007
I try to enhance my server security and prevent local hack but it seem useless.
I tried to chmod home/user/public_html to 711; disable functions; enable php open_basedir.
I can stop some popular shell such as c99shell.php but server can be hacked local.
Anyway to prevent it completely?
View 5 Replies
View Related
