I got an email saying that there was a security breach at steadfast. At the same time I got an email saying that my account was suspended because I am sending spam from one of my domains. I NEVER SEND SPAM. I opened a support ticket and they apologized saying it's not my fault and they restored my account. Apparently spam was sent by a php script but they don't want to give me details. The next day they suspended my account again on the same reason.
somewhere on my cpanel server a script has been able to be used by a spammer and im now getting tonnes of returned mails from aol etc. 1000's are coming in every hour.
I think i have found the culprit, but i can't be sure. how can i find out for sure which script this was? the email headers dont even show the user from what i can see!
I found a random proxy site running out of /var/www/temp. It seems to have been created yesterday, and I found about it via a DMCA notice from the planet. Is this apache's temporary directory? There was even an entry for it in the apache configuration and was running as a perl script out of its own cgi bin. I killed it and chmod'd it to 0. In the future, would setting permissions on this directory to non executable prove to be effective? Any idea if this type of breach is serious enough to warrant an OS reinstall?
I got this email earlier today, surprised to see there isn't already a 10-page thread about it. Did anyone else get this from The Planet?
In the course of the last two days, our Computer Security Incident Response Center team has identified suspicious activity in our customer management portal. Through their vigorous investigation, we have identified what appears to be a security breach that may have affected your customer portal account and server passwords. We have identified the methods by which the systems were compromised and have closed those holes. In addition to those actions, we will be implementing additional security measures to further strengthen the infrastructure and systems.
We are taking this action to alert you to this potential malicious activity. At this juncture, we are aware of only two incidents whereby log-in and server passwords were accessed. Based upon our security review of access logs, we do not believe any credit card information was compromised. We have contacted the authorities and are working with them to identify the perpetrator and to pursue appropriate legal action.
We are taking a proactive approach by contacting you directly, which we believe is the best course of action. We strongly suggest you implement a security best-practices approach by immediately taking four steps to mitigate risk:
1) Change your Orbit log-in passwords immediately and do so again every 60 days.
2) Change your server passwords and do so again every 60 days.
3) Be alert to any suspicious activity on your account.
4) If you suspect any unusual activity, please retain your access logs along with
We have found (thanks to CSF warning us) in /tmp 4 suspicious files. One is a perl script (probably a backdoor) and the other 3 files are binaries. They were probably uploaded by some vulnerability a customer's website (now suspended) because they are under his ownership.
The server seems ok, nothing out of the ordinary (the root logins are disabled, we su - from another account).
We have run rkhuner and chkrootkit (fresh installs) and found nothing.
One of the binaries contained this (retrieved with strings): chown root:root /tmp/suid; chmod +s /tmp/suid (suid being one of the other binaries). This /tmp/suid has no suid set and is not under root ownership:
-rw-r--r-- 1 user user 759 Jan 25 2008 dc.pl -rwxr-xr-x 1 user user 2404 Nov 4 22:10 libno_ex.so.1.0* -rwxr-xr-x 1 user user 4945 Nov 4 22:10 suid* -rwxr-xr-x 1 user user 6209 Nov 4 22:10 udev*
dc.pl seems to be from January but it's apparently fake:
I dont know how but the passwords keeps getting changed on the emails on my cpanel. Its no one who has acess and no files are being delted to the problem is only with the email.
we have a server that was breeched and is being used to send ddos attacks to another website and we need to stop it permanently and secure our server to avoid it from happening again.
My tech has already been able to track down the bot/script that was sending it and seemed to stop it for about a week, but they have gained access to the server again.
He is not an expert at security issues so I'm looking to hire someone for a one time job to correct this issue.
Can someone offer me some referrals of someone to take care of this. Please do not recommend Rack911 as I waited nearly a week for their assistance and had no luck.
I just received a fairly scary WHMCS notice, you can view the details here:
<<please don't paste the file names, there are accounts that may have these on them>>
What are your thoughts on the entire situation? Personally, I'm a tad fearful (luckily, I hadn't upgraded to the next version yet as I was letting the other users play beta-testers) given the fact that there wasn't any versioning / modification 'notification' system in place on their end.
I'm fearing further updates. In essence, my concern is that the WHMCS development team isn't entirely certain how they were backdoored or to what scale they were backdoored.
Are their own billing systems & servers hosted in the same environment, were our billing details also released? etc. I want to know the scale of the attack.
I recently upgraded my VPS at Steadfast from the Cobalt package to the Titanium package. If you don't know what the packages are, look here: [url]
After I got the OK that the upgrade was complete, I began to configure my setup to take advantage of the 1GB of memory.
This morning, I noticed that my site was down. Upon further investigation, httpd had become unresponsive, mysql had crashed and my tables became corrupt and when I ran the top command, it showed I only had 512MB of memory available. My setup must have hit the limit and crashed.
I created a ticket at their tech support, but it seems like they have no idea what is going on. I also went on Plesk to check my system statistics and it says there that I had 512MB of memory and only 60 gigs of disk space, which is the Cobalt package. I wouldn't be surprise if I also am still only getting a fair share of CPU instead of a dedicated one as offered by the Titanium package.
Has anyone else experience this before? Or know what is going on? The tech support at Steadfast says they don't know how to fix this, perhaps someone here might? In the meantime, I losing money since my site is down, and I have to fix all my corrupt database tables.
I just signed up with steadfast today, ordering a VPS. Ive had a few questions and had to change my control panel and their staff replied in a timely manner (its 9:42pm), is courteous, plus everything was set up lightning fast. From payment to login details for a ready server took less than 3 minutes. Great Job Steadfast.net!
I had heard good things about Steadfast.net and also liked the fact that they use H-sphere rather than the usual cPanel. So I signed up to test their services, back in July.
Everything went smoothly in the beginning. I had only a few static html sites on the account, and they ran without problems. Yes, there was a slight thing with the statistics not updating automatically as it should, but they got that solved quickly.
I then put a Wordpress blog on that account (installed it myself using the latest WP version). I noticed it loaded a bit slower than the static sites but didn't feel it was much to worry about.
However, yesterday morning when I tried opening that blog in my browser, it wouldn't load at all! And the other static sites loaded normally.
I contacted their support and explained to them that the blog had gone down from one day to the next, and that I had made NO changes to the code in the meantime.
To make a long story short: they refuse to investigate the issue further, claiming it must be some script that is causing this. Sure, there is likely some problem with how php runs on the account, but as I said - the blog had exactly the same code when it crashed as the previous day when it worked OK.
And I don't have any automatic updates running either. So my conclusion is that something must be wrong on THEIR side, which they flatly deny.
i was Having a ''General error'' at my forum caused by the MYsql Database , i posted my problem here and asked steadfast.net support team , and i clicked submit ..after 1 Min i got a reply and the guy Fixed for Me
what a Great Hosting ,Very Fast and Great support team
Iv been with steadfast for almost 6 years, we have small vps account and 1 shared hosting account, our vps is working very very slowly, we cant log in to direct admin, we cant do anything, i contact support personally to check this issue , the response i received was
" We are aware of the problem with slow disk access this VPS server. We will be adding an additional VPS server and migrating some of the VPS containers to it shortly to address this issue. Under the resources we have immediately available, we are unable to get the problem corrected. Thanks, Ben Galliart Steadfast Networks Support [url] "
WTF? unable to get the problem corrected? our clients that use our vps are going crazy, 1 client even threaten to leave us, i don't know that to do, i was thinking of sue them, what do you think? I'm very disappointed ..
I’ve been with SteadFast Networks for quite a few months now, around 4 if I’m not mistaken. I signed up to their Basic Plan for a semi-annual fee. Their support is truly something and I only submitted a few tickets in the first month, which means I’ve never experienced any server problems for 3 months.
They contacted me asking me if I was interested in moving the site to the new server where they were using Litespeed Webserver, I agreed just to help out and everything went smoothly. Had a few DNS problems (the usual since I was moved to other server). After that the site was stable. (Occurred in the first month only)
Now turning the tables, honestly I was tempted to go with a bigger plan, I have seen many oversellers and sometimes it’s too good to be true. My point is that I don’t regret taking their basic plan, infact I only use a very little amount (around 100mb) and 2-4GB bandwidth, the average site.
I’ve never experienced any downtime, a very rare sight. Maybe there was a tiny one or something and I must have missed it but every time I sit down in front of this desk and open my site I have never seen it down.
My site was submitted to StumbleUpon , it received over 2k hits (in a sudden way) and I expected that my host would contact me for abusing or something, guess what? I never received any infractions or anything. Which amazes me because I think an average host would contact you right away.
Nevertheless, I’m completely happy; if you are starting a domain, don’t try to justify quantity due to price. I rank steadfast support 10 out of 10 and I still don’t think that’s enough.
Other things to keep in mind:
MySQL Performance is pretty good
I also think H-Sphere should be enough for a person to control their site, never had a problem with it. Although I wish it was a bit more organized.
I didn't really want to post this earlier since I wanted to see how well Karl would treat me as a customer (coming from a former employer perspective). I'm currently coloing with Karl (I used to do be a network engineer there but moved on to bigger and better things for myself) and I must say it has been a wonderful experience as a client.
Karl is honest, trustworthy and a very fair guy to deal with. I was always a little skeptical and harsh about everything (as is my nature) but Karl was always very patient.
When downtime arises he is quick to respond and very quick to not ask questions or argue if he hasn't lived up to his SLA. He is fair and doesn't try to screw over the customer.
He has run a very clean operation and his staff is always available to let me come in when I need to. I've been hosting with Karl since February 2007 and I think it's time that I honestly say his quality of service has been excellent.
to start putting some more machines into Chicago. Currently we are only using leased machines there, so I haven't had to deal with any Chicago based colo yet.
The scenario that I'm faced with is that SteadFast only has room for current customers, and unfortunately we aren't one yet.
I have the opportunity to put my machines into the Looking Glass/Layer3 DC, at what I believe to be a fairly reasonable price ($110 / 3Mbps per 1u) with a company who I've been doing business with now for a while. Does anyone have experience in working with that center?
For those of you deal with with DC's in Chicago, who would you recommend I look at as an alternative? I have come up with names like: FDCServers; Server Central; CHI Networks; Fast Servers; GigeEnet. But based on what I'm reading, I don't really come away with a good indication of who is second in the pecking order with SteadFast.
I don't want to go for shared hosting, as there will be too many restrictions. And I will not need a dedicated server until my traffic really grows multi-fold (may take few months).
I am aiming to run 3 of my new sites on a VPS server. (I want to know whether I can put all my 3 sites on the same VPS server.)
After my initial research, I came up with below list :-
STEADFAST : steadfast.net/services/vps.php
LIQUIDWEB : liquidweb.com/cart/content/vps/
SERVINT : servint.net/vps/details.php
Now I like to know which one is better. (You can suggest any other providers also if they can beat these in terms of Customer Service and Reliability and my below requirements.)
Outline of my requirements :-
1) Fully Managed Service and outstanding customer service. 2) Daily Backup of all content and database. 3) Fast response times (For my website users mostly in INDIA) and best network. 4) Easy and smooth transition to upgrade to next VPS package or a dedicated server (I don't want to keep changing DNS everytime I want to upgrade.) 5) No restriction on bulk email being sent (Fully Double Opt-In mailing list) 6) cPanel needed 7) Other routine things like Uptime, Reliability, Hardware Replacement Warranty... 8) Price is not really a big issue.
Haven't posted on WHM in some time but wanted to drop a line in dedicated regarding SFN support.
I recently migrated a dedicated srv to InterWorx running Lite Speed (as apache) on CentOS 5. (srv was running PSA 9 on CentOS)
Being the NEWB that I am.....I needed a little "hand holding" with this setup (especially the Lite Speed config). SFN support went way out of their way to assist. What is enjoyable about their support is the tech's have never responding to many of my "NEWB" questions in a demeanoring way. They explain things in detail. Tickets are always answered promptly.
I just wanted to give a "shout-out" to Dan, Brad, Sean, Ryan, Mike, and all the other SFN support techs >> AWESOME SUPPORT GUYS
I am currently deciding between these 3 companies for a vps solution. They all seem to be solid and provide good deals. I would just like to know everyone's experience in terms of speed, uptime, support handling and stablility.
We've been a customer of Steadfast for a little over a year with a VPS plan. We had been using a dedicated server from another provider and we were looking to cut costs a bit since the server was very underutilized.
After researching here, we originally signed up on a low-end VPS plan and set up monitoring. Our goal was to monitor the server and service for a couple/few months prior to moving any services over to it; just to make sure the company and VPS would meet our needs.
After a several months of monitoring the server closely we decided to migrate from our ded server to the VPS at Steadfast. We haven't looked back since.
Our criteria for VPS at the time were:
1) Had to run Debian.
2) Reliability of service/provider.
--Uptime of the server itself
--Network reliability
--Redundancy
3) Customer support responsiveness.
4) Price.
Steadfast has exceeded our expectations in all areas. First off finding a host that supports Debian is not as easy as it should be.
(Note to VPS providers: This is a deal-breaker for us. If we can't use Debian then there's much less chance of us signing up for your services.)
Off the soapbox and back to Steadfast: The VPS is quick - with no I/O lag at all. It feels like a dedicated server. The service itself has been reliable and the network has also been responsive. (We monitor our servers from two separate geographical locations).
Further, we've opened more tickets than a 'normal' customer probably would, mostly just to find out what our options are for growth, backups, etc. The team (Karl and others) at Steadfast are very helpful. I don't have any specific recollection of opening a true tech support ticket but I'm sure I have. The fact that it doesn't stand out as remarkable indicates that it was answered quickly and with a personalized (non-generic) response.
We've grown since we started using the VPS and the upgrade process has been painless and quick. Maybe this is true of all VPS providers since all they need to do is allocate more resources, but either way, it's been painless and quick for us at Steadfast.
I would like to state my first impression from steadfast.
Signup + Account Setup : 5/5
I've signed up and paid with paypal - few minutes after i paid my account was ready and i got the welcome email with all the account details.
Performance + Uptime : 5/5
Download speeds are high and the server i am on is reacting quickly. I monitor uptime with siteuptime and during those two weeks there was no downtime at all.
Support : 5/5
The truth is i only opened 3 or 4 tickets when the account was created and i had questions regarding the mail filters. To all tickets i got answered in less than 10 mins with a detailed reply. It was also nice to see the staff there change shifts as i had different people handling my issues depending on the hour.
Overall, during those first two weeks - i am very pleased being a client of steadfast.
if anyone here is using Steadfast R1Soft CDP Backup for his servers and if it's truly working for him when a restore is needed and whether is causes a noticeable load or not?
I wanted to recommend and give a review of my service with Steadfast. Before I went with steadfast I read WHT almost everyday, looking at different hosts. Steadfast has exceeded my expectations by far.
I have a basic shared account but the speed and service make me feel like it is a dedicated account. My site is still in construction so I wont give the address but I have never experience any lag in loading or it ever being offline.
Whenever I submit a ticket, simply because I have a question, I have never waited more than a few minutes. It is genius. I think that Steadfast's business plan is to have the best equipment and software with the best service and reliability so that their customers stay and say good things about them. Sounds like a plan to me.
One of the things that I like the most is that Karl, owner and operator, actually knows what he is talking about is always happy to help.
I had never paid for hosting before or had a domain name and thought that the control panel and learning curve of hosting was gonna be hard but it is well organized and everything runs so perfectly that I almost never need to log into the control panel. A+++
(I would put the link to steadfast but the board says I don't have enough posts to link websites. Never heard of such a thing.)
I've been using steadfast.net over than 6 Months . A Great service , Fast and Reliable.
I had a problem with Databases for 3 days always disconnected i contacted them and after 5 mins they fixed my site
but Last months my site went offline for 30 mins only during the 6 months.
they're Great , you pay for what u Get .
My site was hosted in another hosting very slow and bad support. i am very happy with steadfast.net hope they can give us a discount some days coz they're not cheap :p
Aha i remember , i paid using Matercard i cant forget that moment i clicked submit and directly after 1 min they sent me the full details . i am using a shared hosting coz cant pay for more and dont need more . i am a happy person
Been stable as hell (except for those two days detailed in the outages thread this month, got a SLA refund painlessly) for a while, no latency problems or anything, running a decent amount of gameservers (CS/CSS/COD4/TF2 mainly). IPMI for free is a huge plus.
I would like to share my 8 day experience with Steadfast.net.. while it end up with me with a refund, I still highly recommend Steadfast.net as the refund was through no fault of theirs
I asked Steadfast.net several pre-sales question and they responded very quickly despite I was just window shopping. Satisfied with the information I received, I signed up for a Basic Plan with them on the 19th of Nov.
Turn of events:
1. I set up Prestashop shopping cart on Steadfast.net, everything worked
2. Turned on Friendly URL in Prestashop, not working
3. Sent a ticket to ask if URL Rewrites were enabled, answer was yes
4. Installed a script to test URL Rewrite on/off, confirmed it was on
5. Troubleshooted myself, spent hours, reading Prestashop forum
1. Great uptime. The only downtime I had was that weekend of July 20/21 when they got DDoSed. They stood behind their SLA and credited me with a full month of service without any hesitation or protest.
2. Great Servers. I use my hosting as a development and presentation environment for projects for clients and quality hosting is a must. I rarely see loads higher than 3.00 (it is a quad core server). Combine that with their litespeed webserver. I have never seen slow page loads.
3. Great Support. Tickets are almost always answered in just a few minutes. I have the pleasure of dealing with Karl (the owner) or one of his highly qualified techs, rather than some high school kid who can't tell a bit from a byte (who you often get at other hosts).
I run a web hosting company and one of my servers is a LAMP server running CentOs 5. A user of mine has a Joomla installation running to manage his website and he has run into the following problem that I am puzzled by.
When Joomla adds a component or module to itself, or when a user uses the Joomla upload functionality, Joomla will add the new files under the user name "apache". This makes sense as it is the apache service running PHP that is actually creating the files.
However, when he FTP's into the account to modify these files, he doesn't have the appropriate permissions to do so as he doesn't have a root level login, just permissions on his home directory which is the site. Any help would be much appreciated.
Also, does anyone know how to change the owner/group of a directory and all of its sub directories in Linux without changing the actual permissions? I.e. some of the files in the folder have different permissions (0644 as apposed to 0755) than its parent but if I do a top down user/group change on the folder it will change everything in that folder to 0755.
I have regarding hosting/designing my application. Users of my website upload highly sensitive files to the server. I'll use SSL but will that be enough since the files are not encrypted on the server. I tried to encrypt the files but that is adding a huge overhead.
My first question is - is it a good idea to store the files on the server rather than a database? My other question is regarding hosting; I'm thinking of building my own server and host it in a colo. Is colo more secure than dedicated hosting? Currently i'm still in the process of developing my App and my environment is Windows Server 2008/SQL Server 2005.
Is there any problems with having duplicate rules in different files as I have downloaded some rules and am going to make them all into one file to give me the best protection, but this is going to take time and I really need some sort of protection now