Server Hacked : How Can I Find Out How They Are Uploading Files To My Server
Apr 14, 2007
I am being hacked & I don't know how they are getting files on my server. They are doing it on two of my domains, I suspended one and then they got it on the other. My FTP access log does not show anything suspicious..
I have noticed in a few Windows server tha the server gets hacked and there are tons of files which are mostly DVD rips and games being transferred away which results in huge amount of data transferred and bandwidth consumption increasing to as far as 29 Mbps. On further investigation, I find that all the files get stored in either the Recycler directory or the System Volume Information directories in any of the drives. Now these two directories are protected operating system files. Even if there is a windows firewall installed, there is no difference. I have even noticed that in some servers there is an automatic exception rule added in the windows firewall enabling the torrent client to communicate outside the server. This seems to be a common problem with Windows 2003 server and seems to be some backdoor of Windows allowing hackers to use the server for seeding. Has anybody come across such a problem or know the solution? Kindly help me with this.
I've just uploaded my website files onto the server, the website is working fine, but I'm not sure my files are 'arranged' right. I uploaded my images in a folder, but all the rest of the files are 'loose' along with the index file. If I go to either of my domain names, the website appears, which is ok for now, but I only really intended it to under one domain name, so there may be problems if I want another site up there. I think my files should be in a folder. Is this right? Should the index file be in the same folder, or should it be outside the folder with the links changed accordingly. I've been emailing my hosting service, and they 've been trying to help, but I feel a bit thick because I don't really understand what they're saying. Could someone tell me in very plain english how the files should be arranged?
i just bought php file management script, its running smoothly, the only problem was i cant upload big file ( > 1 Gigs ) using that script, then i ask the developer and he said it shouldnt be a problem since he sold that software before people and he never got a problem like that.
OS : Slamd64 apache 2.2.10 php 5.2.8
i tried to changed post_max_size = 1900M upload_max_filesize = 1500M
I want to install a script (a simple wordpress blog)on my website but now i'm just astonished at how many files I have to upload on my server's directory! Uploading those files one by one will take forever. Is there a way to upload multiple files all at once?
Hi guys, I've been having problems trying to edit my php.ini file which I think I've now fixed.
The whole reason I wanted to do this was because I've just moved to Media Temple from another hosting company and I'm having a couple of problems with the switchover.
Basically I use a CMS system to add properties which appear on the main website. I also upload PDFs and images. On the old hosting company, the PDFs and images went into folders called dnDir/pdf and dnDir/images but on Media Temple, they are going in to a folder called tmp. I really want them to go to the same place as they used to.
Is this an issue with php.ini that I need to rectify? If so, could you point me in the right direction?
It appears that some people like to take advantage of those files for online web applications such as Wordpress which have php files with permissions set to 777. They use those as a means of creating an upload file. The upload files that they create then have access to the whole server somehow... Is there anyway of preventing this from happening?
I'm facing a very strange FTP issue with one of my shared-hosting accounts, while all of my other servers are having no problems but only this one, when I try to upload a file (whatever file) larger than 500kb from my local PCs, in most cases, the file would stop uploading during the process and hang there until it times out.
There are 2 interesting things though: The file transmission typically hangs when approximately 248kb of the file have been transferred, pls see the attached screenshot for example.
If you look at the attached screenshot, you will notice that the uploading transmission hangs when 248kb of the file have been transferred. This is very strange and what I mean is that for example, I randomly pick up a file, and attempt to upload it onto my host for 10 times, now see, 5 times it will hang when 248kb of the total size have been transferred, 3 times it will hang at other points *near* 248kb (224kb or 280kb typically), 1 time it will hang at another random point, and 1 time it might be uploaded successfully (yes, there is still a tiny chance for the file to be uploaded successfully).
My default internet uploading speed is 80kb/s-100kb/s, lately I found that, when I limit the uploading speed on my FTP client (e.g. max. 30kb/s), everything WILL WORK without any problem! No hangs, no interrupt.. Whereas when I free up the uploading speed limitation and let it upload with my regular speed, the problem appears again.
It seems to me that the FTP hangs only when the uploading speed is higher than 60kb/s. However my host provider told me that they have customers uploading without any problem at over 400kb/s, and they said "there's no problem or limitations on the server at all".
Up until now, I have done following things to troubleshoot the issue but with no luck:
Contacted my host. Disabled/Enabled the PASV mode on my FTP client. Tried different FTP clients on different computers (FlashFXP and Filezilla). Rebooted my router and reseted everything with the factory default settings. Contacted my ISP for the issue, they "did something" but nothing were helpful. Rebooted all my PCs. Disabled both firewalls on my PC and on the router.
Furthermore, I have asked another friend of mine in another city with another ISP to test the FTP uploading, but unfortunately he got the exact same problem. And I've done some search on the internet for hours but no one seemed to have the same problem..
i have a problem trying to upload files to a server, when i try and upload a file, (.htm) i get a message: file already exists (even though it doesn't), which if i then say to overwrite, it creates an empty file of 0mb, (with the name of the file i am trying to upload).
i don't know a great deal about web servers - are there any web server settings which may be causing this.
Can someone volunteer (using the word "volunteer" because the one who agrees to help can be getting some really beginner level questions) to help me on uploading my website to a web server. The thing is i have designed and optimized (seo) some websites but i never had an experience of uploading a website on webserver (in other words launching it). I have this simple webpage and a free hosting service (Frihost) ... once i learn how to upload a webpage and get it running online .. i will make changes in the webpage and go for some paid hosting service. So can someone guide me at this? Specially the one who has hosted some page at Frihost.
tried to download files from http links to my ftp server. i looked all over the forums but could not find any services. google spitted out this one. [url]Well, it really does help to upload http links to an ftp server and move files from one ftp server to another. does anyone know other services or free scripts that help to do this?
Domain has PHP Settings in Plesk set to 2G and I get this error when uploading a 48MB file using Wordpress. I assume I need ot modify this manually in conf file somewhere to allow uploading large files?
Requested content-length of 48443338 is larger than the configured limit of 10240000..
mod_fcgid: error reading data, FastCGI server closed connection...
All the videos have been uploaded to << link removed >> and in there you will seea flash_video directory, in there should be a html file where you can double click and watch the flash video.
Now go ahead and try it, click on the HTML file and click CONTINUE and try clicking on MODULE 1.. You will see a video play to the left but on the right are bunch of POWERPOINT slides that will appear as the guy continues to speak. THAT DOESNT SHOW..
Our website is hosted by xo.com
Dont know much about the plan since its my 2nd day at the job..
But here is the weird part,
i have uploaded the samething - same exact way to another web host and it plays fine, the PPTs show up fine..
What do you guys think it is?
Before someone asks about uploading methods, i tried filezilla, coreftp and cuteFTP using both ASCII and binary methods. Samething..
I was working on WHM of my server sudeenly i saw CPU load was increasing and till when i understand CPU load was on peak of 160%. I tried to find out CPU overloading sites and found that my 4 populer sites were creating problem. I stopped apache and suspanded all 4 sites and rebooted server. After forceful server reboot i found that load was getting normal to 2.5%. I unsuspanded one of 2 forums but even i unsuspanded that forum was not opening (IPB). I logged into ftp suspecting some problem i found that index.php was only 45bytes i have opend index.php and found this text inside .....
SOme one has claimed that he has penetrated my server and has gathered some kind of information via shell access, I have disabled the possible ways of shell access for the users via twaek settings, and php.ini
- How I can check he has made any backdoor for himself or not? and I have made a trojan check via Scan for Trojan Horses in WHM, and it has found about 200 possible trojans.
My server was hacked night before last and here is the log
Oct 28 10:30:47 server1 : connection from "18.104.22.168" Oct 28 10:30:47 server1 : User root's local password accepted. Oct 28 10:30:47 server1 : Password authentication for user root accepted. Oct 28 10:30:47 server1 : User root, coming from 3a.76.2d.[url], authenticated.