Trojan Detected On Initial Load Of Site
I have 2 reseller accounts with one provider, and in the last several days I have noticed that when you visit the site for the first time, my AV software detects a trojan on the site, but the code & html files are 100% clean!
I'm suspecting that there is something being injected into the scripts from the server daemons that's either running or something else.
Anyone have any suggestions?
View Complete Thread with Replies
Sponsored Links:
Related Forum Messages:
15 POSSIBLE Trojan Detected WHM
i have an site on my server when i open it the kaspersky anti viruss detect there is an trojan in this site .. ( see the picture in the attachment ) and i checked the server from the whm and there is result 15 POSSIBLE Trojans Detected How i can solve this ?? and remove this trojans .
View Replies!
View Related
Load Balancing For A Web Site
I have a growing website that needs to move from its current single-server setup to using a cluster of servers to deliver its dynamic pages. My current host does not support load balancing among its servers, so I'm left to configure that on my own. Round-rovin DNS doesn't work for me as I'll need certain http requests to always go to the central server (the one with the master database). My distro is Redhat 9, and I only access the server remotely through SSH. I'm using Apache 2 (and PHP and Mysql). Any ideas on the simplest way to do this? I've read a bit about LVS (http://www.linuxvirtualserver.org/) but it seems to require a kernel recompile, which is way beyond the things I would dare to try...
View Replies!
View Related
Site Won't Load Based On IP Address
I recently put up a website and after about a week, I suddenly can not access it. The site went down after the host had a problem with the http on the server and it never came back for me but it works for everyone else. It times out while trying to connect in both the web browser and FTP client. The problem appears to be related to my internet connection, because the site won't load on any computer that is using my internet. When I disconnect from my cable and use my cellphone as a modem, the site works fine. The site works for everyone else that has tried though. Besides changing my IP address, how do I go about getting the site to work?
View Replies!
View Related
Make Site Load Faster Other Than Replication?
what can make site load faster other than replication (well lets assume that design wise it is ok and doesnt content heavy contents...) i have heard that increasing networking speed at the server level can make site much faster... is it true..? is there any tweak bandwidth wise... suppose we get 1tb bandwidth per month compared to 100gb ... will that make site faster... we want to host a photogalley site...which is fast or images are shown in faster way....
View Replies!
View Related
Server Load Is Low But Site Is VERY Slow
My machine is pretty good. Here are the specs: Intel Xeon-Woodcrest 5148-DualCore 3 gigs of ram 250GB Western Digital WD Cavia I run a forum with a modest amount of traffic along with a content management system handling the other sections of the website. I'm pretty sure the forum isn't the problem though. The server load for this machine is almost never above a 1. Right now as I type this the load is at 0.17, but it's unbearably slow! Taking up to 16 seconds to load a single page. What could be causing this? I'm a server n00b. Is there a setting I should be doing to one of my servers configuration files to make it run faster? My website gets 30-40,000 visitors a day and these problems always occur during peak hours. It would be easier to deal with this though if not for the fact that the server load is always so low. How is it possible for the site to get so slow while the server load is always so low?
View Replies!
View Related
Does The Server Site Load Affect On The Child Sites
I have seen 1 vps provider having very poor ping results in few online ping sites and they have a very cluster slow loading pages as well. One of my friend has a package with them, the ping results are very poor even for him as well. Just made an traceroute found its on some node1.vpsprovider.com Ya, one more major important similarity noticed was, the vps provider emails weren't set properly to yahoo mail, and my friend's emails sent from the server to yahoo weren't delivered as well. So if the vps provider has poor content may be due to firewall or internal settings do the systems under the node also be affected? I have no problems with my host so nothing to be worried about, but need to help him as he is just starting it out with a cheaper vps
View Replies!
View Related
No Filesystems With Quota Detected.
Just installed fresh centos 5 / cpanel and now I get this: No filesystems with quota detected. [root@server scripts]# quotacheck -avugm quotacheck: Can't find filesystem to check or filesystem not mounted with quota option. Code: [root@server scripts]# /scripts/initquotas Quotas are now on Updating Quota Files...... quotacheck: Can't find filesystem to check or filesystem not mounted with quota option. quotacheck: Can't find filesystem to check or filesystem not mounted with quota option. ....Done How do I fix this? Code: LABEL=/1 / ext3 defaults,usrquota 1 1 LABEL=/boot1 /boot ext3 defaults 1 2 devpts /dev/pts devpts gid=5,mode=620 0 0 tmpfs /dev/shm tmpfs defaults 0 0 proc /proc proc defaults 0 0 sysfs /sys sysfs defaults 0 0 LABEL=SWAP-sda2 swap swap defaults 0 0
View Replies!
View Related
4 G RAM Not Detected By Fedora 7
We recently setup a server with 4 gigs of RAM and installed Fedora core 7 32-bit version in it. After installing the OS, I have found that Fedora is able to detect only 2 GB and not 4 GB of RAM. I installed the kernel-PAE and kernel-PAE-devel modules and restart the server and made sure that the the OS with the PAE switch starts at boot time. However, the OS still does not detect the 4 GB RAM. Any idea what else can be done apart from installing the 64-bit OS in the system?
View Replies!
View Related
SMART Error (CurrentPendingSector) Detected
I got email notice about this: Quote: The following warning/error was logged by the smartd daemon: Device: /dev/sdb, 1 Currently unreadable (pending) sectors For details see host's SYSLOG (default: /var/log/messages). Quote: The following warning/error was logged by the smartd daemon: Device: /dev/sdb, 1 Offline uncorrectable sectors For details see host's SYSLOG (default: /var/log/messages). It causes server crash and down.
View Replies!
View Related
How To Make Sure Email Isn't Detected As Spam
I'm just working with my first dedicated server and also in the process of coding a new site. Anyway, I've gotten around to emailing users from scripts on my site (Java Servlet). Using Sendmail as the server (with default config) the emails are detected as spam by pretty much everything. I'm looking for a complete list of things which need to be done to ensure an email isn't detected incorrectly as spam. I've read through various sites etc but haven't found a definitive list of things which should be done. I'm sure this would be helpful for other forum visitors too. I'm NOT trying to send spam or anything like that but I haven't set up a dedicated server before.
View Replies!
View Related
Genuine Mails Getting Detected As Spam
I am using Merak Mail server 8.0.3 (Windows). From past 2 - 3 days many of my users are complaining their genuine mails are going to spam. The value set for antispam is 5 i.e. if antispam value is above it is detected as spam else not spam. But from past few days which ever genuine mail is detected as spam I have found an very uncommon thing in it. It shows '10.4 FH_HAS_X Has X: header' The SpamAssassin table shows the following information: Content analysis details: (16.34 points, 5.00 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.1 HTML_MESSAGE HTML included in message 0.1 HTML_TAG_EXISTS_TBODY HTML has "tbody" tag 2.2 DEAR_SOMETHING Contains 'Dear (something)' 2.4 BAYES_80 Bayesian spam probability is 80 to 90% 0.0 NO_RDNS2 Sending MTA has no reverse DNS 10.4 FH_HAS_X Has X: header 1.1 SARE_HEAD_MIME_INVALID SARE_HEAD_MIME_INVALID Invalid mime version 0.1 SARE_HEAD_HDR_XMS SARE_HEAD_HDR_XMS Message headers used whic
View Replies!
View Related
E1000_clean_tx_irq: Detected Tx Unit Hang
in one of my CentOS 64bit, there is errors with NICs NETDEV WATCHDOG: eth0: transmit timed out e1000: eth0: e1000_watchdog_task: NIC Link is Up 100 Mbps Full Duplex e1000: eth0: e1000_watchdog_task: 10/100 speed: disabling TSO e1000: eth0: e1000_clean_tx_irq: Detected Tx Unit Hang Tx Queue <0> TDH <59> TDT <5c> next_to_use <5c> next_to_clean <58> buffer_info[next_to_clean] time_stamp <1241628eb> next_to_watch <59> jiffies <124162eba> next_to_watch.status <0> e1000: eth0: e1000_clean_tx_irq: Detected Tx Unit Hang Tx Queue <0> TDH <59> TDT <5c> next_to_use <5c> next_to_clean <58> buffer_info[next_to_clean] time_stamp <1241628eb> next_to_watch <59> jiffies <12416368a> next_to_watch.status <0> Is there any idea for fixing? It's SM PDSMI+ board. Kernel 2.6.9-55.0.2.ELsmp #1 SMP Tue Jun 26 14:14:47 EDT 2007 x86_64 x86_64 x86_64 GNU/Linux
View Replies!
View Related
SATA Drives :: Detected Within The BIOS But Not In CentOS
I installed 2 SATA raptors drives on my server. I formatted/partitioned one of the drives through WHM. After rebooting both drives disappeared. They are still detected within the BIOS but not in CentOS. It is possible that I installed a wrong driver or made a bad configuration change. Server Info: CentOS 4.6 64bit cPanel/WHM Motherboard: [url]OS is running on a 250GB IDE drive 2 SATA WD Raptors (That I am trying to get to work)
View Replies!
View Related
Windows Doesnt Detected All 4GB RAM
I am using Windows 2003 Enterprise Edition SP1 and i have recently set the computer up to 4GB RAM. I notice a problem occur error : When I start the computer, Bios detected all 4GB Ram. However, i have checked Total physical memory in General (My Computer-> Properties) doesnot detect all 4GB Ram. it only detect 3GB Ram. I have checked that this OS support up to 32GB . Why it doesn't detect all 4GB ? What happen to it? Mainboard : Intel chipset 915GL I did following the instruction in internet (exactly is Microsoft) is /PAE in boot.ini file. But, it doesnt work.
View Replies!
View Related
XenVZ.co.uk - Initial Impressions
I've been with XenVZ for about a day now, and thought I would share my initial impressions thus far. I was looking for a cheap, basic little VPS to run a few simple services off of. I had raked high and low through these forums since I was looking for something located in the UK, with Xen virtualization for <£10/month. I came across XenVZ in the advertising forum, and thought I would check them out. Started up the Live Chat, and got through to Sean right away. I asked a series of questions and received prompt and professional replies. I thought I would start out cheap, so I signed up for the £3.99 'taster' VPS (they have a 30 day money back guarantee, so can't really lose). Signed up around 8:10, received invoice 8:12, paid invoice right away and had the server details at 8:21. Whole signup process took around 11 minutes. Even for a tiny VPS with only 64MB RAM, it performs fairly well. I am running a Ventrilo server inside Screen, IRSSI session inside Screen and Lighttpd server (serving a simple static placeholder page), and I still have around 20MB spare RAM. The network seems pretty solid too, I thought I would test it out with a wget from a UK mirror service, the connection capped out at about 9.5MB/s. If your looking for a UK VPS, I highly suggest giving these guys a check, can't fault them so far. Of course, I'll be back in a month to give a more detailed rundown of the service. I don't run a domain off the VPS but can provide the IP on request.
View Replies!
View Related
Wiredtree.com :: My Initial Review
I will be posting a month review after my 1st months of service. But for now, here is my initial review of Wiredtree.com This is under my domain of aps-enterprises.co.uk which you can tell is on the Wiredtree network. OK here goes. Placed my order on Saturday 21st as Level3hostings main site went off line and I got a really bad feeling that my VPS would go down too, a feeling which proved all too true. After a little while, I got the Fraud check phonecall. Although I couldnt hear them, James Webb could hear me, that was quite amusing.... Sunday 22nd, got my VPS Setup. Usually they said it would take a lot quicker to get setup, but they did have a network maintainence for about 3hrs. I was stil happy. 7.16am GMT time, my VPS with LEVEL3HOSTING went down *thank god for backups!! hooray I learnt my lesson* The VPS I ordered is a good spec and any support tickets I had to raise, all were answered and resolved in an average of 15mins!! Yep! 15mins. I used to pay an external company each month, and they resolved stuff in 24hrs. How cool are they? So anyway, VPS is great, Uptime has been 100% one can only expect. And Support is by far, one of the best I have seen. Only been in business with them for my 5th day, so far they will be keeping me as a customer and if I have to upgrade (which I know one day I will), then I will be ordering any upgrades through them. This is only my initial review and I will post a 1 month one too. Which I reckon will be a positive one, just like this one is. Thank you Wiredtree for making my life easier for my hosting business. As they say you do get what you paid for, and believe me the services I have had from some people that saying is very true, however you guys.... I think your prices are cheap for the amount of work you actually do. Keep it up, and I hope this review makes a few customers for you.
View Replies!
View Related
WebNX Initial Review
This is an initial review of WebNX.com. I was hosting my personal sites on a reseller account at Eleven2 which had started feeling kinda slow, so I was in the hunt for a low cost dedicated or a mid range VPS. After scouring a lot of places for quotes, I finally came across WebNX's thread on WHT on the 17th of March. The specs looked to be amazing, and their Value level VPS would fit right into my budget, and match my requirements. I fired an email to sales, and went on to their site to see live support online. I spoke to their rep on live chat, and I was given a signup link in minutes (it was 11PM PST), and I was told that my VPS would be setup in a few hours. And as expected, I had the root logins for the server, and HyperVM within 4 hours. I logged into SSH, and ran cat /proc/cpuinfo and I was really amazed to see that the server really had 16 cores I then moved my cpanel backups from my old host, and the speeds were really good. Even though the server is unmanaged, their support rep helped me to move a file that was around 5GB in size, that was constantly failing during cPanel's remote SCP backup feature. They went to the extent of downloading the file for me and uploading it so that I could restore it. It has only been 4 days, but I am extremely overjoyed with the level of service I've received so far. Infact, I feel like I'm cheating them by paying them so less ($15 for the first month, and $59.99/mo after that) I've been through many many hosts and server providers in the past few years, and this is the only second review I've ever written on WHT. (The previous one was more than a year ago).
View Replies!
View Related
Initial Review Of DMEHosting
I've been with the host (dmehosting.com) for just 1 month now but I decided to give an initial review as I am pretty impressed with their support. All the websites went offline and the HTTPD would not start even after manual reboot, but they provided extended support and did a complete rebuild of PHP configuration file. Initially, when I saw their prices frankly I was not expecting or relying on great service (usually the case for low price) but I was quite surprised that they balanced it pretty well. I would recommend them for anyone looking for very cheap servers with good support.
View Replies!
View Related
Initial Impression Of VPSLink
I was on shared hosting with Site5 and found the level of service declining the cheaper their shared hosting plans got. My site was down more often than I wanted, so I canceled my plan and went with VPSLink. I signed up for the Link-2 plan for a few months just to feel it out and see if I could get a Debian server up and running from the command line. After signing up I was in my VPS in less than 30 minutes. Much quicker than I expected! Following some tutorials I was able to have a lighttpd, PHP5, MySQL server installed and running in a little over an hour. I had a site up right away ! I'm used to FreeBSD, so Debian's apt-get is very simple to use. I used VPSLink DNS and it was easy to set up. To keep the load off the server I transferred my domain email over to Google Apps. I've spent more time tweaking the configuration and I'm happy with the result so far. VPSLink is much faster than my old Site5 shared hosting. That could be due to the VPSLink server sitting in Seattle while I'm in Vancouver BC, but I kind of doubt it. My initial impression of VPSLink after a couple of weeks is positive. The price is right, the performance is good and it's no frills VPS. I like to have full control over the server and I'm glad I just took the leap away from shared hosting. For the prices they offer it's worth trying.
View Replies!
View Related
Lfd: System Exploit Checking Detected A Possible Compromise
I always recieve this email: from lfd Time: Tue Apr 29 03:40:13 2008 Possible detection of "Random JS Toolkit" Failed to create test directory /etc/csf/1: No space left on device: See [url] for more information I do this to test if my server is infected: mkdir /home/1 it created without any problems and I used tcpdump and I got this: <script type="text/javascript" src='jscripts/ips_ipsclass.js'></script> <script type="text/javascript" src='jscripts/ipb_global.js'></script> <script type="text/javascript" src='cache/lang_cache/en/lang_javascript.js'></script> <script type="text/javascript" src='jscripts/ips_xmlhttprequest.js'></script> <script type="text/javascript" src='jscripts/ipb_global_xmlenhanced.js'></script> is that mean the server is infected? but these scripts are for the IPB forum board so why I still recieve this email?
View Replies!
View Related
Trojan C99Shell
I just installed zen cart on my webhosting and after few days later i saw some file written like core1405.php and when i open to view the file it is actually trojan c99shell. I have deleted all of the core file. Now how can i prevent it from happen again? Cause it is too much work to clean up the hosting server.
View Replies!
View Related
LKM Trojan?
I just installed a fresh copy of centos 4.5, updated some programs and installed chkrootkit. When i run # ./chkproc, it shows the following output: # ./chkproc You have 14 process hidden for readdir command You have 14 process hidden for ps command Searching for LKM trojans shows the following output: # ./chkrootkit -x lkm EXE 9994: /usr/sbin/named CWD 9995: /var/named EXE 9995: /usr/sbin/named CWD 9996: /var/named EXE 9996: /usr/sbin/named CWD 9997: /var/named EXE 9997: /usr/sbin/named CWD 9998: /var/named EXE 9998: /usr/sbin/named CWD 26293: /var/lib/mysql EXE 26293: /usr/sbin/mysqld CWD 26294: /var/lib/mysql EXE 26294: /usr/sbin/mysqld CWD 26295: /var/lib/mysql EXE 26295: /usr/sbin/mysqld CWD 26296: /var/lib/mysql EXE 26296: /usr/sbin/mysqld CWD 26297: /var/lib/mysql EXE 26297: /usr/sbin/mysqld CWD 26298: /var/lib/mysql EXE 26298: /usr/sbin/mysqld CWD 26299: /var/lib/mysql EXE 26299: /usr/sbin/mysqld CWD 26300: /var/lib/mysql EXE 26300: /usr/sbin/mysqld When i stop mysql and named, and run # ./chkrootkit -x lkm again, it doesn't show anything. When i turn mysql and named back on, it starts complaining about compromises again. Can it be a false alarm, or should i really be worried? What do you advise me to do now?
View Replies!
View Related
Initial Review - FutureHosting VPS
I signed up with FutureHosting for a managed Linux VPS. I'm about a week into going "live" with the nameservers switched over and am very happy! I was going to wait a month before posting but these guys have been so patient and thorough with the tickets I've submitted I wanted to give my initial thoughts Overall 9.5/10 Great Host. Very patient and thorough support. Very Good response time. Surprisingly low pricing. I highly recommend for your VPS. Very Good response time on Support BUT no phone support Signup 9/10 Signup was straightforward. I think they have a higher volume than normal with their promotion. It took a bit of time to set up the VPS (under 10-12 hours) but I'll take a few hours' delay if I'm getting a good product/support for months/years. Speed 10/10 They publish their speedtests here [url]I just downloaded a couple test files (5-20MB each) from my VPS and I get to about 1.1 MB/sec. At that point it may be a limit from my ISP (FYI speedtest.net gives my download 14000 kbps = 1.7MB/s). No issues on speed! : Support : Overall: 9/10 Speed: 9/10 Thoroughness: 10/10 'Other': 8/10 Very good response. For NORMAL PRIORITY issues, within 5-30 minutes I get a response that someone's attending to it and soon thereafter I have a resolution. Some tickets have taken longer but they haven't been critical issues so it's really okay. You can prioritize your tickets as CRITICAL or SERVER DOWN and I'm sure they're even faster. They have gone back and forth with me and been patient with my questions (I've never administered a VPS before) and I GREATLY appreciate that. I've had many tickets with them and other hosts may have just said "this is really not an issue with the VPS" and left me to learn it myself-- FutureHosting has been very helpful. Sometimes (probably due to my own vagueness/lack of knowledge), my actual request/issue is unclear. I think this is where phone support would be very helpful; it's not currently offered. (and this is why Other gets an 8/10) Reliability 10/10 I've had no downtime so far! My nameservers/DNS switch took longer than expected but that has nothing to do with FH. Pricing 10/10 With their DoubleRAM/Bandwidth+30% off OR 50% deals, Pricing is great I think. Others had recommended WiredTree to me given their lightning quick response times. I'm sure they're amazing but they were also almost double the price. FutureHosting has had very good support at a great value IMHO I'm not sure how you 'validate' my domain/review but just let me know and I'll PM you the information on my domain.
View Replies!
View Related
Initial Experiences With Pacific Rack
I just thought I'd take a moment to share a few of my thoughts on my initial experiences getting set up with Pacific Rack... It was finally time for me to take the plunge for a dedicated box, and after browsing through these forums and hearing a lot of good things about Pacific Rack, I decided to contact their sales department. I was immediately responded to and soon found myself talking to Alex and Jordan (both very helpful). We quickly found an appropriate solution for my company, and soon I was off to the setup queue. Setup took longer than expected, but I think that was due to some custom configuration issues on my end (they had to wait for parts to come in). Support/sales were pretty good about keeping me up to date on what was happening though, and soon things were rolling along nicely. (Initial experiences with the network...) Wikipedia lists 14 Tier 1 networks on their article page (for whatever that's worth!), and I think PacificRack (and parent(?) company OC3Networks) sits on Gigabit links to 6 or 7 of those networks. So I was excited to see what the network would look like once I was set up. Once my server was provisioned and I received a login to their client portal, I started messing around with things and was quite impressed. I signed up for a 1Gbps switch and I've seen several transfers in the 20BM/s - 60MB/s range (PM me if you would like a speed-test file link). These guys have got quite a network! (Initial experiences with the client control panel) Their client section is minimalistic, but has the basics. Server info, billing info, ticketing system, and a nice little graph showing you how much throughput your server is experiencing at the moment (or historically). I can't really think of anything it's missing, though it looks a bit bland. (Initial experiences with the sales/support team) So far I've sent in several tickets for a number of things (they don't set up rDNS by default), and from what I can tell a support/sales agent is usually on it within minutes. Once it almost felt like I was on a chat with the support rep. Everyone seems to know his/her stuff, and they have all been quite helpful, resolving each issue in (usually) a manner of minutes. All in all I'd have to say these guys are great. I've only been around for about a week now, but I've been quite impressed. If anyone finds this post useful I'll probably write another one at the 6 month mark. Feel free to respond here or PM me for further information/speed test links, etc.
View Replies!
View Related
Gigenet - Quick Initial Review
I another thread recently I done a 5 year review for another provider hover circumstance changed and I took on a couple of Gigenet servers ( relatively high end) Sales were extremely efficient working with me to achieve what I needed at a price I was comfortable with, replies were fast and concise so I ended up with 2 new machines and backup service. Normally I don't need a lot of support and for the first few weeks nothing bar rDNS set ups - However I ran into some serious post migration issues over the past few days that had me stumped, support has been some of the best I have ever received both in speed and efficiency - Anyway I sincerely hope I will be coming back to this thread in 5 years time to update it.
View Replies!
View Related
EasyApache Running Slow After Initial Run
I am migrating my sites from a Xen based Centos 5.3 + cPanel/WHM instante to another Xen based cPanel/WHM solution with Centos 5.3 64-bit. I am having issues with easyApache now after it was successfully ran for the first time. It does not time out however even the profile selection screen takes well over 10 minutes to get to once easyApache is initiated. Once the profile selection is made it is still slow moving to the customization screen. The server is neither overloaded, nor out of memory. I have actually executed /scripts/checkperlscripts in hopes that it would identify something. I am planning to remove /home/cpeasyapache folder however I am not confident whether this is the right approach or not.
View Replies!
View Related
Reverse DNS- Slow Initial Loading
I have a page that is loading very slowly the first time I connect to it. After that it's very fast. Now I did some research and found out that this could be a DNS issue and that my nameserver might do a reverse DNS lookup. I do not know excatly what that means yet, but I suppose that could be the issue. To the my.cnf file I added skip-name-resolve in order to disable DNS lookups, but what I can do to find out if I have a dns issue? Specs: VPS WHM/Cpanel 600MB RAM CentOS Apache
View Replies!
View Related
Aplus.net Initial Setup Review
Bought a new server from Aplus.net last night. Got a great deal on a simple server for a side project. Paying $59.99 a month for the server which makes it very affordable for medium-size projects. General: * Setup Fee: Free * Celeron 1.7 GHz CPU * 512 MB RAM (upgradeable to 2GB) * 60 GB IDE Hard Drive * 500 GB Monthly Transfer * 5 IP addresses* * Premium Set-Up Options The sign-up was quick and easy and I was sent an authorization email. I authorized and was able to immediately log into my account. I processed the order a bit late at night so the next morning I received a call on my cell from my personal tech rep saying the server was already up and running (they said it would take three day, more like 8 hours) He offered any assistance to help me get up and running and gave me a direct line to his phone in case of anything. Then he emailed his contact info and an introduction to my e-mail as I requested. So far I am very pleased with the setup and the individualized attention, although I may not require it, it is very comforting to know it is there. First impressions mean a lot to me and Aplus.net's first impression is stellar to say the least. Hope this helps, I will be posting a review a bit down the line on how it progresses.
View Replies!
View Related
Trojan-Downloader.JS.Psyme.hz
I have an hosting account at OXEO.com and I have trojan problems on all my websites The index files of all my websites show a Trojan program called Trojan-Downloader.JS.Psyme.hz I checked my websites on Google and Google is warning users for this kind of problems for one of my websites Does anybody here has experienced the same problem?
View Replies!
View Related
How-to - Rootkit Scan (trojan Etc)
What is a rootkit? The following link is a very good read to answer that question. http://linux.oreillynet.com/pub/a/li...4/rootkit.html In Summary, a rootkit is a trojan installed on your Linux server after someone has broken into it. These files are used to cover the hackers tracks, and to give the hacker tools to do more dirty work from your server. Usage: 1. su - (change to root user) 2. mkdir /usr/local/chkrootkit 3. wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz 4. tar -xvzf chkrootkit.tar.gz 5. cd chkrootkit* 6. cp * /usr/local/chkrootkit 7. cd /usr/local/chkrootkit 8. make sense Now scan your system: 1. cd /usr/local/chkrootkit 2. ./chkrootkit chkrootkit may from time to time give false positives. If you ever get a positive or "infected hit" scan a second time. If you do get a positive hit, google the hit to research the issue and steps to correct. Part 2 - automated chkrootkit, and emailed results. I'm lazy, and like my server to do the work for me so I have it scan every day, and email me the results. Usage: 1. vi /etc/cron.daily/chkrootkit 2. add the following code. Code: #!/bin/bash (cd /usr/local/chkrootkit; ./chkrootkit -q 2>&1 | mail -s "Daily chkrootkt scan" you@yourdomain.com) 3. chmod 0755 /etc/cron.daily/chkrootkit This will email you@yourdomain.com every morning with your chkrootkit results. the -q option will only show you exploits. Removal: If you don't like getting the emails or just want to remove this from your server: 1. rm /etc/cron.daily/chkrootkit 2. rm -rf /usr/local/chkrootkit All files will now be deleted from your server.
View Replies!
View Related
PHP.Backdoor.Trojan
As usually I do monthly scan to all files on my site,today I download all backup site into my PC,then scanning them using Norton Antivirus and on one site files Norton detected PHP.Backdoor.Trojan. I take a look file location and found current file with name xTgsj78Jn.txt Then I go to my server where site hosted,and i go to the directory and found file above stay on there,I try many time to delete it but always get an error message "Permission denied",I try to change permission but always returned an error. When deleted it i use command rm -r with root access,then I do ls -l and found details file like below. -rwxrwxrwx 1 nobody nobody 137787 Mar 19 20:14 xTgsj78Jn.txt* Please help me to delete this file. FYI this file uploaded to my hosting file site.
View Replies!
View Related
Future Hosting VPS: Initial Impressions And Review
After considering and comparing VPS offers from Future Hosting, Knownhost, Wiredtree, and Liquidweb, I went ahead and ordered from Future Hosting. I'll post my initial impressions, and try to update the thread over time. I currently have a VPS at Godaddy, plus shared hosting at Godaddy, 1and1, and Namecheap. My objectives were to get away from Godaddy VPS, set up with a 'better' provider, and consolidate sites. I am fairly technically adept, though not an expert. My requirements are for hosting appx. 25 sites currently, with perhaps another 15-25 to be added over the next 12 months. Most are low volume, a few are low-to-mid volume. Nothing fancy, primarily informational sites and affiliate sales sites (WP and Xsitepro), and some direct ecommerce. I focused on the 4 providers mentioned above based on recommendations and reviews here and elsewhere. My main concerns are reliability and price. After comparing plans and the specials listed on the 'Webhosting Offers' board, I settled on Future Hostings "Titanium" managed VPS offer. The special offer they listed was for 50% off lifetime cost. Through live chat, I spoke with Nick to ask some specific questions. He was patient and helpful each of the 3-4 times I came back with questions. One question I asked was how long it would take to get provisioned. He quoted me at under 12 hours - this was also mentioned on the "Offers" thread, specifically for the current special. The "unspecial" price was $84.95 for 1Gb RAM, 650Gb bandwidth, and 50Gb disk space, with cPanel. I added Fantastico for $3.95. After the coupon code, I'll be paying $46.42 / month. I put in the order at 10:04am. Registration was activated at 10:50am. Cpanel, Virtuozzo, firewall, etc. installed
View Replies!
View Related
Possible Trojan List By WHM - Do I Need To Worry?
I ran the Trojan scan in WHM and it came up with the list below. I have a strong feeling WHM is mis-reporting these as trojans, but I thought I would ask the experts here: Scan for Trojan Horses Appears Clean /dev/stderr Scanning for Trojan Horses..... Possible Trojan - /usr/bin/cpan Possible Trojan - /usr/bin/instmodsh Possible Trojan - /usr/bin/prove Possible Trojan - /usr/bin/xmlcatalog Possible Trojan - /usr/bin/xmllint Possible Trojan - /usr/bin/xml2-config Possible Trojan - /usr/lib/libxml2.la Possible Trojan - /usr/bin/mysqlhotcopy Possible Trojan - /usr/bin/Wand-config Possible Trojan - /usr/bin/animate Possible Trojan - /usr/bin/compare Possible Trojan - /usr/bin/composite Possible Trojan - /usr/bin/conjure Possible Trojan - /usr/bin/convert Possible Trojan - /usr/bin/display Possible Trojan - /usr/bin/identify Possible Trojan - /usr/bin/import Possible Trojan - /usr/bin/mogrify Possible Trojan - /usr/bin/montage Possible Trojan - /usr/bin/curl-config Possible Trojan - /usr/bin/curl Possible Trojan - /usr/lib/libcurl.so.3.0.0 Possible Trojan - /usr/lib/python2.3/site-packages/libxml2mod.la Possible Trojan - /usr/lib/python2.3/site-packages/libxml2mod.so Possible Trojan - /usr/sbin/pureauth 25 POSSIBLE Trojans Detected Is there anything that looks fishy here?
View Replies!
View Related
Websites Infected With Trojan How To Solve?
i see my websites are infected with some trojan. there are some iframe tag simlilar to this in all index files <iframe src="http://traff<<removed>>.cn/in.cgi?27" width=100 height=80></iframe> any idea how might this iframe inserted in my codes. i have tried to format my systems and remove all saved ftp passwords , but still this virus is comming back and the strange thing is i have website on different servers infected with same virus any idea how this is happened and how to avoide this?
View Replies!
View Related
Fivebean.com VPS - Initial Experience, Planned Ongoing Review
Fivebean.com VPS - [url] Although the domain was registered in 4/15/08, I could find next to nothing on WHT or the ‘net in general in the way of reviews on FiveBean. Saw a lot of specials and things they have been running off and on at different venues and boards, but couldn’t find a review to save my life. I did search pretty thoroughly. No web cache on web.archive.org either. So, I’ll be the first to post one (that I know of), with a special they are offering, it’s very affordable, if the service turns out to be good enough, then I have another node at a great price J. The more, the merrier. Win / Win 4 all. (FiveBean also offers shared hosting, so not exclusively a VPS provider.) Hardware nodes – From their site: “VPS Nodes are built with Intel Core2 Quad Processors, Premium SATA Disks and RAID Protection powered by CentOS 5.x and MoxieVM. Each VPS server is backed up daily and we provide 2 full backups to our customers.” Although I never rely on provider’s backups, it’s good to see them offered as standard. Could come in handy. They offer 5 plans; I ordered the middle-of-the road “Starter”. All VPSs appear to be OpenVZ based. Ordered Plan - 512M / 1G burst 40G HDD 450G BW 1 IP CentOS 5 for initial load Initial order, small issue - Placed order at about midnight, got my welcome email at 7:40 AM. One issue was, I did not receive any emails from their ordering system, other than the PayPal-originating receipt. The emails were listed under the Client Area, so I still had access to read. Since I own and admin my own mail servers, I checked logs - Emails from ordering system were sent from a non-FQDN domain. From SMTP logfile: RECEIVED: MAIL FROM:<fivebean@kona> SIZE=3560 Mail server rejected because of the incomplete domain. This appeared to be an issue with the sign-up process only. All support ticket replies came from a FQDN. I described this problem in a support ticket, curios to see if they really do look @ and fix. Maybe on my second order? Everything initially ordered during the process was delivered, with no follow-ups required to correct anything. That's a little rare, from my experiences. They offer online chat support, but have not caught it online as of yet, although I haven’t checked before 9PM on any given day, so not a fair eval on that aspect. FWIW. - On to the goodies - Control panel - Apparently, FiveBean previously used HyperVM, but has since disabled and rolled out their own self-spun VM manager, "moxieVM". It's a simple, yet effective, web interface that allows me to do everything I need to, and everything works. That's always a good plus! moxieVM control panel contains the following: VPS list facility / user profile control / pass reset VPS Controls -- Reboot / Start / Stop / Rebuild OS / Set Reverse DNS Report (simple) shows -- OS currently installed / Monthly BW Usage total / Current Memory Usage / Action Log of previous control commands Noteworthy - when you select "reboot / start / stop" there is no confirmation, action is queued and executed immediately. Good info to know. Rebuilds - FiveBean offers 13 OS rebuild option w/ 6 Flavors - Ubuntu / Suse / Slackware / Fedora / Debian / CentOS, 32/64bit in most. Reload of OS (From CentOS 5 to Fedora 10) took about 4 minutes. Note - keep your original root login password! On OS reload, the pass is reset to the original you receive in your VPS welcome email, NOT whatever you have currently changed it to. I can see this being an issue if it’s been a while since you have reloaded and end up digging out the old email. A little different than HyperVM. Network - Ping times are consistently 15-16ms from/to Austin, 21ms from/to Atlanta, 12-18ms from/to Kansas City, MO. Traceroute to node (69.162.118.226) puts them behind Limestone Networks in Dallas, Tx. One thing I can report, their network seems to be very peppy. I've had a hard time hitting anything from / to the VPS with more than 20ms. I haven't seen a 30ms yet. From anywhere. An I have VPSs from coast to coast. VPS / Initial Order- Hostname was set properly right off the bat, both initially and on OS reloads. Reverse DNS PTR self-set worked without having to put in a ticket, a first for sure! I just entered the rDNS PTR I required, waited about an hour, and it was set and propagated, ready to go. No muss, no fuss. Although I haven't put any load on the system, the CLI is responding very fast, and pings / traces / nslookups are very quick (as stated above). The only issue at all so far was the aforementioned order response email non-FQDN flurb. But, stuff happens. Small beans (pun intended). AUP No porn, excessive violence, hate, deception, illegal IRC that causes no disturbances is allowed. I really prefer non-IRC networks, but they have a long lecture about it in the AUP, so it appears they watch activity pretty close. Nuts n Bolts - Benchmark (benchmark is on newly loaded system, minimal install FC 10, no load) ------------------ INDEX VALUES TEST BASELINE RESULT INDEX Dhrystone 2 using register variables 376783.7 11243614.3 298.4 Double-Precision Whetstone 83.1 1239.4 149.1 Execl Throughput 188.3 5574.6 296.0 File Copy 1024 bufsize 2000 maxblocks 2672.0 127493.0 477.1 File Copy 256 bufsize 500 maxblocks 1077.0 48517.0 450.5 File Read 4096 bufsize 8000 maxblocks 15382.0 803836.0 522.6 Pipe-based Context Switching 15448.6 509724.8 329.9 Pipe Throughput 111814.6 1790127.7 160.1 Process Creation 569.3 16151.2 283.7 Shell Scripts (8 concurrent) 44.8 1055.8 235.7 System Call Overhead 114433.5 1246883.8 109.0 ========= FINAL SCORE 270.6 -------------------------------------------------------------------------------------------- Conclusions – so far, so good. I’m actually pretty impressed with everything I’ve seen up to this point. I’m planning on putting the server under load as a backend node of a busy website’s load balancer. I’ll post follow ups as we go along.
View Replies!
View Related
Trojan-Clicker.HTML.Iframe.g In My Website? What Is This??
I have a website and all works fine, but an user said me that uses kaspersky said me my website has an trojan i don't understand how this is possible, and i'l really worried. the trojan that appears to my user is: Trojan-Clicker.HTML.Iframe.g someone know why i have this trojan? Now the users refuses to open my website!! i'm more than worried this is an printscreen of the error: ...
View Replies!
View Related
Trojan-Clicker.HTML.IFrame.amh
I am not that technically proficient so I have to resort to shared hosting solutions...I am currently with Bluehost. Problem: I have a small site with minimal needs in terms of storage and bandwidth, but the site is controversial and gets hacked and attacked a lot. I need a shared hosting provider which ranks higher than most in terms of security. Recently the site was attacked such that any user going to the site was infected with Trojan horse viruses. Donno if it's useful or not but here are the files from my PC antivirus which was infected when I went to the site with IE: File generated by Rogers Online Protection Anti-Virus C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE5PG8E0SM0gifimg[1].htm Trojan-Clicker.HTML.IFrame.amh Deleted 11/5/2009 12:21:25 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE5GC9JZWI3gifimg[2].htm Trojan-Clicker.HTML.IFrame.amh Deleted 11/5/2009 12:21:27 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE5QBPA1ELgifimg[1].htm Trojan-Clicker.HTML.IFrame.amh Deleted 11/5/2009 12:21:27 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE56SLECSUQgifimg[5].htm Trojan-Clicker.HTML.IFrame.amh Deleted 11/5/2009 12:21:28 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE5EKTEAS82gifimg[5].htm Trojan-Clicker.HTML.IFrame.amh Deleted 11/5/2009 12:21:28 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE5P5098OY4gifimg[4].htm Trojan-Clicker.HTML.IFrame.amh Deleted 11/5/2009 12:21:29 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE5IPGNWAB0gifimg[1].htm Trojan-Clicker.HTML.IFrame.amh Deleted 11/5/2009 12:21:30 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE55VT8B104gifimg[1].htm Trojan-Clicker.HTML.IFrame.amh Deleted 11/5/2009 12:21:30 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE543XUDX83gifimg[2].htm Trojan-Clicker.HTML.IFrame.amh Quarantined 11/5/2009 12:21:31 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE56SLECSUQgifimg[5].htm Trojan-Clicker.HTML.IFrame.amh Quarantined 11/5/2009 12:22:18 AM C:Documents and SettingsuserLocal SettingsTemporary Internet
View Replies!
View Related
Some Initial Impressions Of Fsckvps / Vaserv: Mixed--set Low Expectations
I had three VMs with Fsck VPS, dating back to before they got hacked in June. I've been paying the bill since then, I imagined as a kind of insurance, so that I had the VMs handy if I needed to use them in a big hurry. Last week, I tried to log in, and found that my three VMs didn't exist, anymore. As far as I can tell, the VMs haven't existed since the June break-in. SETUP / PROVISIONING My first reaction was "They've been billing me for three months, and providing nothing?!??!" I'll be honest, I was pretty tweaked, but after I'd calmed down I decided to see how they handled the situation. So I submitted a ticket asking for an explanation: How long had the machines been down for, and what would it take to get them back up and running? It took about a day, but we eventually established that VAServ could build three new OpenVZ VMs, and that they would give me three months' credit for those three machines. Since I actually do need the VMs, and I didn't really want to fight about the billing, I decided to go for it. It took another day, but I did get three new machines up and running. Unfortunately, I do have some complaints about the process, specifically: - VAServ's technical support is very inconsistent, and different techs seem to have vastly different levels of communications skill and professionality. - Many of the techs don't seem to bother reading your ticket, beyond the subject. They tend to only be capable of answering the first question in each ticket/email, and they ignore anything else you've asked. - After the FSCKVPS/VAServ buyout, following the break-in, the HyperVM control panel was disabled. If you need a reboot, or a root password reset, or anything that you can't accomplish yourself by SSHing into the VM, you have to open a ticket. (Seems like a chancy proposition, now, to me.) REBOOT-AND-PRAY Today, I started seeing memory allocation errors in running programs. The machine mostly worked, but certain operations (shell scripts, in particular) would error out. I opened a ticket asking for some guidance, and within less than 10 minutes, the VM started rebooting. I got an update about the ticket a few minutes later, and was told that the VM had been reconfigured (increased memory allocation limit) and rebooted. I was pretty mad about the no-notice reboot. I'd been in the middle of editing a bunch of configuration files, and I lost an hour of work. It just seems so unprofessional and inconsiderate for VAServ's technician to bounce the VM without confirming it with me, first. I did get an explanation/apology from the tech who rebooted the machine. I asked him to have his supervisor contact me, which took a few hours, but I did hear back. The supervisor wrote: "...we reboot the vps if we found any VPS out of memory. Normally most of the service stop working or access got killed when VPS is out of memory..." To me, it sounds like the reboot is a standard procedure for a common problem. Given that kind of environment, it's only natural that the tech's first impulse would be to reboot, given a ticket about memory errors. At the same time, it's also indicative of a bottom-of-the-barrel service, isn't it? - Memory problems seem to be common--is that because they're over-subscribed? Does your 512MB allocation mean anything, or is it just talk? - The staff can't / won't bother to read through a ticket and give it some consideration. - The staff has an itchy reboot finger. Their first impulse is to power-cycle, rather than to try to understand and fix the issue directly. FOR THE FUTURE I do intend to continue using VAServ / FSCKVPS, at least for now. They're really cheap, about $10/month for a 512MB VM, and I can mostly get done with what I need to do. But this is a qualified opinion. I am solely using these VMs for simple R&D projects: Quasi-professional work, stuff that nobody is currently paying me to do. Given my experiences so far, I would never trust these guys with a real, money-making business project. VAServ / FSCKVPS is suitable for toying around with, or if you're flat broke, but I wouldn't bet my job on them if I could possibly help it. I'm setting a calendar reminder for myself, right now, to check back in another month or so with an update to this post. Assuming I'm still chugging along with these VMs, I'm going to make a point of posting my impressions on a regular basis.
View Replies!
View Related
Prevent Of Execution Trojan Shell Scripts, Like R57shell And Other?
Which configuration for php and server that prevent execute shell scripts? Which funstions you recommend to disable? Like shell_exec, passthru, proc_open, proc_close, proc_get-status, proc_nice, proc_terminate, exec, system, suexec, popen, pclose, dl, ini_set, virtual, set_time_limit
View Replies!
View Related
/tmp/clamav-77e7bfdbb2d3872b/test2.exe: Trojan.Taskkill.A FOUND
What is the mining of following lines in temp folder. If i have been check daily /tmp folder many /tmp/clamav are presented in mail server, and occupied the large amount of space in temp folder /tmp/clamav-77e7bfdbb2d3872b/test1.exe: Worm.Mydoom.U FOUND /tmp/clamav-77e7bfdbb2d3872b/test2.exe: Trojan.Taskkill.A FOUND /tmp/clamav-77e7bfdbb2d3872b/test3.exe: Worm.Nyxem.D FOUND /tmp/malware.zip: Infected.Archive FOUND
View Replies!
View Related
Trojan Activity - Running Perl With High CPU Usage, With User Apache
Running programs named Perl with Heavy CPU usage, with the ownership of user apache. We found the problem on Fedora 3 and Fedora 6. In our case, it was the result of a Trojan activity. Quick Solution Check the cron jobs of user apache crontab -u apache -e */1 * * * * perl /tmp/.tmp/tmpfile delete the cronjob entry. Also delete the file /tmp/.tmp/tmpfile also added "apache" to the file /etc/cron.deny That's all Problem and solution in detail....
View Replies!
View Related
|
TRACKER
