I have 2 reseller accounts with one provider, and in the last several days I have noticed that when you visit the site for the first time, my AV software detects a trojan on the site, but the code & html files are 100% clean!
I'm suspecting that there is something being injected into the scripts from the server daemons that's either running or something else.
Anyone have any suggestions?
i have an site on my server when i open it the kaspersky anti viruss detect there is an trojan in this site .. ( see the picture in the attachment )
and i checked the server from the whm and there is result 15 POSSIBLE Trojans Detected
How i can solve this ?? and remove this trojans .
How can i know which site cause load in my server?
View 9 Replies View RelatedI have a growing website that needs to move from its current single-server setup to using a cluster of servers to deliver its dynamic pages.
My current host does not support load balancing among its servers, so I'm left to configure that on my own. Round-rovin DNS doesn't work for me as I'll need certain http requests to always go to the central server (the one with the master database).
My distro is Redhat 9, and I only access the server remotely through SSH. I'm using Apache 2 (and PHP and Mysql).
Any ideas on the simplest way to do this?
I've read a bit about LVS (http://www.linuxvirtualserver.org/) but it seems to require a kernel recompile, which is way beyond the things I would dare to try...
I recently put up a website and after about a week, I suddenly can not access it. The site went down after the host had a problem with the http on the server and it never came back for me but it works for everyone else. It times out while trying to connect in both the web browser and FTP client. The problem appears to be related to my internet connection, because the site won't load on any computer that is using my internet. When I disconnect from my cable and use my cellphone as a modem, the site works fine. The site works for everyone else that has tried though.
Besides changing my IP address, how do I go about getting the site to work?
i have dedicated server
one site on my server compress to my server
cpu and memory
how i can config that the site use of memory only 2% and ...
My machine is pretty good. Here are the specs:
Intel Xeon-Woodcrest 5148-DualCore
3 gigs of ram
250GB Western Digital WD Cavia
I run a forum with a modest amount of traffic along with a content management system handling the other sections of the website. I'm pretty sure the forum isn't the problem though.
The server load for this machine is almost never above a 1. Right now as I type this the load is at 0.17, but it's unbearably slow! Taking up to 16 seconds to load a single page.
What could be causing this? I'm a server n00b. Is there a setting I should be doing to one of my servers configuration files to make it run faster?
My website gets 30-40,000 visitors a day and these problems always occur during peak hours. It would be easier to deal with this though if not for the fact that the server load is always so low. How is it possible for the site to get so slow while the server load is always so low?
I currently have 256MB RAM on a VPS. I was wondering, if I upgrade to 512MB RAM will that increase load times on my website?
If so, should one expect the load times be significantly greater - maybe twice as fast?
I would just like to no how you would load balance 2 sites. Would this be done via dns settings. EG
instead of seting the domain to something like
ns1.server1.com ns2.server1.com
would it be?
n1.server1.com ns2.server2.com
what can make site load faster other than replication
(well lets assume that design wise it is ok and doesnt content heavy contents...)
i have heard that increasing networking speed at the server level can make site much faster...
is it true..?
is there any tweak bandwidth wise...
suppose we get 1tb bandwidth per month compared to 100gb ...
will that make site faster...
we want to host a photogalley site...which is fast or images are shown in faster way....
say i have lot of traffic from USA, does my site load slower if hosted in netherlands or uk?
View 11 Replies View RelatedI have seen 1 vps provider having very poor ping results in few online ping sites and they have a very cluster slow loading pages as well.
One of my friend has a package with them, the ping results are very poor even for him as well. Just made an traceroute found its on some node1.vpsprovider.com
Ya, one more major important similarity noticed was, the vps provider emails weren't set properly to yahoo mail, and my friend's emails sent from the server to yahoo weren't delivered as well.
So if the vps provider has poor content may be due to firewall or internal settings do the systems under the node also be affected?
I have no problems with my host so nothing to be worried about, but need to help him as he is just starting it out with a cheaper vps
I just installed a fresh copy of centos 4.5, updated some programs and installed chkrootkit. When i run # ./chkproc, it shows the following output:
# ./chkproc
You have 14 process hidden for readdir command
You have 14 process hidden for ps command
Searching for LKM trojans shows the following output:
# ./chkrootkit -x lkm
EXE 9994: /usr/sbin/named
CWD 9995: /var/named
EXE 9995: /usr/sbin/named
CWD 9996: /var/named
EXE 9996: /usr/sbin/named
CWD 9997: /var/named
EXE 9997: /usr/sbin/named
CWD 9998: /var/named
EXE 9998: /usr/sbin/named
CWD 26293: /var/lib/mysql
EXE 26293: /usr/sbin/mysqld
CWD 26294: /var/lib/mysql
EXE 26294: /usr/sbin/mysqld
CWD 26295: /var/lib/mysql
EXE 26295: /usr/sbin/mysqld
CWD 26296: /var/lib/mysql
EXE 26296: /usr/sbin/mysqld
CWD 26297: /var/lib/mysql
EXE 26297: /usr/sbin/mysqld
CWD 26298: /var/lib/mysql
EXE 26298: /usr/sbin/mysqld
CWD 26299: /var/lib/mysql
EXE 26299: /usr/sbin/mysqld
CWD 26300: /var/lib/mysql
EXE 26300: /usr/sbin/mysqld
When i stop mysql and named, and run # ./chkrootkit -x lkm again, it doesn't show anything. When i turn mysql and named back on, it starts complaining about compromises again.
Can it be a false alarm, or should i really be worried? What do you advise me to do now?
I just installed zen cart on my webhosting and after few days later i saw some file written like core1405.php and when i open to view the file it is actually trojan c99shell.
I have deleted all of the core file. Now how can i prevent it from happen again? Cause it is too much work to clean up the hosting server.
We have a client claming that she gets a Trojan warming when she trys to access her website but using the Trojan scan in cpanel doesn't show anything.
What can we use to scan for Trojan?
I just ran a scan for trojan horses in WHM and it came up with "687 POSSIBLE Trojans". WTH? Are these real trojan horses? If so, how do I remove them?
View 2 Replies View RelatedAs usually I do monthly scan to all files on my site,today I download all backup site into my PC,then scanning them using Norton Antivirus and on one site files Norton detected PHP.Backdoor.Trojan.
I take a look file location and found current file with name xTgsj78Jn.txt
Then I go to my server where site hosted,and i go to the directory and found file above stay on there,I try many time to delete it but always get an error message "Permission denied",I try to change permission but always returned an error.
When deleted it i use command rm -r with root access,then I do ls -l and found details file like below.
-rwxrwxrwx 1 nobody nobody 137787 Mar 19 20:14 xTgsj78Jn.txt*
Please help me to delete this file.
FYI this file uploaded to my hosting file site.
We recently setup a server with 4 gigs of RAM and installed Fedora core 7 32-bit version in it. After installing the OS, I have found that Fedora is able to detect only 2 GB and not 4 GB of RAM. I installed the kernel-PAE and kernel-PAE-devel modules and restart the server and made sure that the the OS with the PAE switch starts at boot time. However, the OS still does not detect the 4 GB RAM. Any idea what else can be done apart from installing the 64-bit OS in the system?
View 14 Replies View Relatedmy whm Trojan scanner found 23 possible Trojans.
how can i clean my server?
I have an hosting account at OXEO.com and I have trojan problems on all my websites
The index files of all my websites show a Trojan program called Trojan-Downloader.JS.Psyme.hz
I checked my websites on Google and Google is warning users for this kind of problems for one of my websites
Does anybody here has experienced the same problem?
I ran the Trojan scan in WHM and it came up with the list below. I have a strong feeling WHM is mis-reporting these as trojans, but I thought I would ask the experts here:
Scan for Trojan Horses
Appears Clean
/dev/stderr
Scanning for Trojan Horses.....
Possible Trojan - /usr/bin/cpan
Possible Trojan - /usr/bin/instmodsh
Possible Trojan - /usr/bin/prove
Possible Trojan - /usr/bin/xmlcatalog
Possible Trojan - /usr/bin/xmllint
Possible Trojan - /usr/bin/xml2-config
Possible Trojan - /usr/lib/libxml2.la
Possible Trojan - /usr/bin/mysqlhotcopy
Possible Trojan - /usr/bin/Wand-config
Possible Trojan - /usr/bin/animate
Possible Trojan - /usr/bin/compare
Possible Trojan - /usr/bin/composite
Possible Trojan - /usr/bin/conjure
Possible Trojan - /usr/bin/convert
Possible Trojan - /usr/bin/display
Possible Trojan - /usr/bin/identify
Possible Trojan - /usr/bin/import
Possible Trojan - /usr/bin/mogrify
Possible Trojan - /usr/bin/montage
Possible Trojan - /usr/bin/curl-config
Possible Trojan - /usr/bin/curl
Possible Trojan - /usr/lib/libcurl.so.3.0.0
Possible Trojan - /usr/lib/python2.3/site-packages/libxml2mod.la
Possible Trojan - /usr/lib/python2.3/site-packages/libxml2mod.so
Possible Trojan - /usr/sbin/pureauth
25 POSSIBLE Trojans Detected
Is there anything that looks fishy here?
What is a rootkit? The following link is a very good read to answer that question.
http://linux.oreillynet.com/pub/a/li...4/rootkit.html
In Summary, a rootkit is a trojan installed on your Linux server after someone has broken into it. These files are used to cover the hackers tracks, and to give the hacker tools to do more dirty work from your server.
Usage:
1. su - (change to root user)
2. mkdir /usr/local/chkrootkit
3. wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
4. tar -xvzf chkrootkit.tar.gz
5. cd chkrootkit*
6. cp * /usr/local/chkrootkit
7. cd /usr/local/chkrootkit
8. make sense
Now scan your system:
1. cd /usr/local/chkrootkit
2. ./chkrootkit
chkrootkit may from time to time give false positives. If you ever get a positive or "infected hit" scan a second time. If you do get a positive hit, google the hit to research the issue and steps to correct.
Part 2 - automated chkrootkit, and emailed results.
I'm lazy, and like my server to do the work for me so I have it scan every day, and email me the results.
Usage:
1. vi /etc/cron.daily/chkrootkit
2. add the following code.
Code:
#!/bin/bash
(cd /usr/local/chkrootkit; ./chkrootkit -q 2>&1 | mail -s "Daily chkrootkt scan" you@yourdomain.com)
3. chmod 0755 /etc/cron.daily/chkrootkit
This will email you@yourdomain.com every morning with your chkrootkit results. the -q option will only show you exploits.
Removal:
If you don't like getting the emails or just want to remove this from your server:
1. rm /etc/cron.daily/chkrootkit
2. rm -rf /usr/local/chkrootkit
All files will now be deleted from your server.
how can I remove a Virus/Trojan from my website?
View 6 Replies View RelatedJust installed fresh centos 5 / cpanel and now I get this:
No filesystems with quota detected.
[root@server scripts]# quotacheck -avugm
quotacheck: Can't find filesystem to check or filesystem not mounted with quota option.
Code:
[root@server scripts]# /scripts/initquotas
Quotas are now on
Updating Quota Files......
quotacheck: Can't find filesystem to check or filesystem not mounted with quota option.
quotacheck: Can't find filesystem to check or filesystem not mounted with quota option.
....Done
How do I fix this?
Code:
LABEL=/1 / ext3 defaults,usrquota 1 1
LABEL=/boot1 /boot ext3 defaults 1 2
devpts /dev/pts devpts gid=5,mode=620 0 0
tmpfs /dev/shm tmpfs defaults 0 0
proc /proc proc defaults 0 0
sysfs /sys sysfs defaults 0 0
LABEL=SWAP-sda2 swap swap defaults 0 0
I am using Windows 2003 Enterprise Edition SP1 and i have recently set the computer up to 4GB RAM. I notice a problem occur error :
When I start the computer, Bios detected all 4GB Ram. However, i have checked Total physical memory in General (My Computer-> Properties) doesnot detect all 4GB Ram. it only detect 3GB Ram.
I have checked that this OS support up to 32GB . Why it doesn't detect all 4GB ?
What happen to it?
Mainboard : Intel chipset 915GL
I did following the instruction in internet (exactly is Microsoft) is /PAE in boot.ini file. But, it doesnt work.
I've been with XenVZ for about a day now, and thought I would share my initial impressions thus far.
I was looking for a cheap, basic little VPS to run a few simple services off of. I had raked high and low through these forums since I was looking for something located in the UK, with Xen virtualization for <£10/month.
I came across XenVZ in the advertising forum, and thought I would check them out.
Started up the Live Chat, and got through to Sean right away. I asked a series of questions and received prompt and professional replies.
I thought I would start out cheap, so I signed up for the £3.99 'taster' VPS (they have a 30 day money back guarantee, so can't really lose). Signed up around 8:10, received invoice 8:12, paid invoice right away and had the server details at 8:21. Whole signup process took around 11 minutes.
Even for a tiny VPS with only 64MB RAM, it performs fairly well. I am running a Ventrilo server inside Screen, IRSSI session inside Screen and Lighttpd server (serving a simple static placeholder page), and I still have around 20MB spare RAM.
The network seems pretty solid too, I thought I would test it out with a wget from a UK mirror service, the connection capped out at about 9.5MB/s.
If your looking for a UK VPS, I highly suggest giving these guys a check, can't fault them so far.
Of course, I'll be back in a month to give a more detailed rundown of the service.
I don't run a domain off the VPS but can provide the IP on request.
I will be posting a month review after my 1st months of service.
But for now, here is my initial review of Wiredtree.com
This is under my domain of aps-enterprises.co.uk which you can tell is on the Wiredtree network.
OK here goes.
Placed my order on Saturday 21st as Level3hostings main site went off line and I got a really bad feeling that my VPS would go down too, a feeling which proved all too true.
After a little while, I got the Fraud check phonecall. Although I couldnt hear them, James Webb could hear me, that was quite amusing....
Sunday 22nd, got my VPS Setup. Usually they said it would take a lot quicker to get setup, but they did have a network maintainence for about 3hrs. I was stil happy.
7.16am GMT time, my VPS with LEVEL3HOSTING went down *thank god for backups!! hooray I learnt my lesson*
The VPS I ordered is a good spec and any support tickets I had to raise, all were answered and resolved in an average of 15mins!! Yep! 15mins. I used to pay an external company each month, and they resolved stuff in 24hrs. How cool are they?
So anyway, VPS is great, Uptime has been 100% one can only expect. And Support is by far, one of the best I have seen.
Only been in business with them for my 5th day, so far they will be keeping me as a customer and if I have to upgrade (which I know one day I will), then I will be ordering any upgrades through them.
This is only my initial review and I will post a 1 month one too.
Which I reckon will be a positive one, just like this one is.
Thank you Wiredtree for making my life easier for my hosting business. As they say you do get what you paid for, and believe me the services I have had from some people that saying is very true, however you guys.... I think your prices are cheap for the amount of work you actually do.
Keep it up, and I hope this review makes a few customers for you.
I signed up with FutureHosting for a managed Linux VPS. I'm about a week into going "live" with the nameservers switched over and am very happy! I was going to wait a month before posting but these guys have been so patient and thorough with the tickets I've submitted I wanted to give my initial thoughts
Overall 9.5/10
Great Host. Very patient and thorough support. Very Good response time. Surprisingly low pricing. I highly recommend for your VPS. Very Good response time on Support BUT no phone support
Signup 9/10
Signup was straightforward. I think they have a higher volume than normal with their promotion. It took a bit of time to set up the VPS (under 10-12 hours) but I'll take a few hours' delay if I'm getting a good product/support for months/years.
Speed 10/10
They publish their speedtests here [url]I just downloaded a couple test files (5-20MB each) from my VPS and I get to about 1.1 MB/sec. At that point it may be a limit from my ISP (FYI speedtest.net gives my download 14000 kbps = 1.7MB/s). No issues on speed!
: Support :
Overall: 9/10
Speed: 9/10
Thoroughness: 10/10
'Other': 8/10
Very good response. For NORMAL PRIORITY issues, within 5-30 minutes I get a response that someone's attending to it and soon thereafter I have a resolution. Some tickets have taken longer but they haven't been critical issues so it's really okay. You can prioritize your tickets as CRITICAL or SERVER DOWN and I'm sure they're even faster.
They have gone back and forth with me and been patient with my questions (I've never administered a VPS before) and I GREATLY appreciate that. I've had many tickets with them and other hosts may have just said "this is really not an issue with the VPS" and left me to learn it myself-- FutureHosting has been very helpful.
Sometimes (probably due to my own vagueness/lack of knowledge), my actual request/issue is unclear. I think this is where phone support would be very helpful; it's not currently offered. (and this is why Other gets an 8/10)
Reliability 10/10
I've had no downtime so far! My nameservers/DNS switch took longer than expected but that has nothing to do with FH.
Pricing 10/10
With their DoubleRAM/Bandwidth+30% off OR 50% deals, Pricing is great I think. Others had recommended WiredTree to me given their lightning quick response times. I'm sure they're amazing but they were also almost double the price. FutureHosting has had very good support at a great value IMHO
I'm not sure how you 'validate' my domain/review but just let me know and I'll PM you the information on my domain.
This is an initial review of WebNX.com. I was hosting my personal sites on a reseller account at Eleven2 which had started feeling kinda slow, so I was in the hunt for a low cost dedicated or a mid range VPS.
After scouring a lot of places for quotes, I finally came across WebNX's thread on WHT on the 17th of March.
The specs looked to be amazing, and their Value level VPS would fit right into my budget, and match my requirements. I fired an email to sales, and went on to their site to see live support online.
I spoke to their rep on live chat, and I was given a signup link in minutes (it was 11PM PST), and I was told that my VPS would be setup in a few hours.
And as expected, I had the root logins for the server, and HyperVM within 4 hours.
I logged into SSH, and ran cat /proc/cpuinfo and I was really amazed to see that the server really had 16 cores
I then moved my cpanel backups from my old host, and the speeds were really good.
Even though the server is unmanaged, their support rep helped me to move a file that was around 5GB in size, that was constantly failing during cPanel's remote SCP backup feature. They went to the extent of downloading the file for me and uploading it so that I could restore it.
It has only been 4 days, but I am extremely overjoyed with the level of service I've received so far. Infact, I feel like I'm cheating them by paying them so less ($15 for the first month, and $59.99/mo after that)
I've been through many many hosts and server providers in the past few years, and this is the only second review I've ever written on WHT. (The previous one was more than a year ago).
I've been with the host (dmehosting.com) for just 1 month now but I decided to give an initial review as I am pretty impressed with their support.
All the websites went offline and the HTTPD would not start even after manual reboot, but they provided extended support and did a complete rebuild of PHP configuration file.
Initially, when I saw their prices frankly I was not expecting or relying on great service (usually the case for low price) but I was quite surprised that they balanced it pretty well.
I would recommend them for anyone looking for very cheap servers with good support.