Windows Customers, Ensure You Are Properly Secured
May 31, 2008
There has been a recent rash of Windows 2003 customers being hacked and having "UTorrent" installed, as well as having their Administrator password changed, rendering the server inaccessible.
At the moment, we have yet to determine the vulnerability in Windows allowing the hackers to breach the systems however we believe it is related to RDP.
We highly suggest you are complying with the following, to lessen your risk of having your server compromised:
1) Run RDP on a non-standard port
[url]
2) Run a software firewall on your machine, blocking ALL unnecessary ports on your server. You should only have the bare minimum open.
3) Limit any non-public access to your IP and trusted IP's only. This will prevent any other outside networks or servers from reaching your machine through ports which are not meant to be public (http for example)
4) Ensure you have FULL updates for your Windows O/S, immediately.
5) Ensure any 3rd party software you are running, has also been fully updated to the latest version including any patches.
Please make sure these suggestions are implemented immediately to lessen you risk of being hacked by the current wave of exploits.
View 1 Replies
ADVERTISEMENT
Jun 27, 2015
I get this error message when I try to add a new domain from within Plesk 12 for Windows..Error: ProtDir_IIS::update() failed: Add Protected Directory failed: columns siteId, path are not unique (Error code 1)
I have added .co.uk - .com and others no issues at all.
View 1 Replies
View Related
Apr 14, 2014
A few months ago we had upgraded our server from Win 2k3 with Plesk 8.6 to Win 2k8 with Plesk 11.5.30 migrating all the domains. After migrating, all the domains are working fine, but when trying to access the control panel using a specific user we get always the error "the page isn't redirecting properly" in different browsers, login in with Admin user it works perfect, or even with a different domain user.
Tried already to change the subscription to a different owner and get it back, it didn't work neither on the different owner or the original one.
Tried also:
"%plesk_bin%"websrvmng.exe --configure-anonymous-access
"%plesk_bin%"websrvmng.exe --remove-sites-cache
"%plesk_bin%"websrvmng.exe --configure-plesk-website
When I get this error, the address bar always changes to https://server-ip.com:8443/smb/
I may guess that when migrating this domain, user roles where not upgraded correctly
View 2 Replies
View Related
Apr 21, 2014
I registered my domain yesterday and the company where I registered (Webstekker) forwarded me to this website where they obviously have there websites. I wanted to start immediately with my website. I can install Wordpress properly, so will it show easy fast made html text files.
Joomla is the one I want and need to use. I tried to install it via the application tab in either httpdocs and httpdocs/joomla. I tried custom install via the application tab, but didn't work.
Then I tried to copy the files myself via FTP to the server and tried to install it again. Made MySQL databases, but I get stucked on the last installation page where it did ask me if I wanted to install some examples. Whatever I choose it won't go further. Nvm, when I go back to the domain itself, it says I have to delete the installation map (as it should ask when install is actually finished). When I delete the installation map, my domain has no content, nothing. I can however, login via the domain/administrator
So there is something installed, the back end is working, but a website also needs some frontpage right?
The domain we are talking about is[URL]
View 1 Replies
View Related
Dec 1, 2014
We can no longer create a working subscription
Microsoft Windows Server 2012 R2
12.0.18 Update #26
After the creation of a subscription, DNS does not work properly.
The last successful subcription was created Sept 26, 2014.
I thought something ontoward had happened at first so attempted to delete the subscription and re-create.
On attempting to delete the subscription the following error is given
Error: Some of the selected subscriptions were not removed.
Unable to remove domain: Error during domain.com removeZone: dnsmng failed: Unknown error 0x80131509 (COM Interop Error 80131509, Description: System.InvalidOperationException: Operation is not valid due to the current state of the object. at System.Management.ManagementObject.Delete(DeleteOptions options) at System.Management.ManagementObject.Delete() at WMIMsDNS.Provider.DeleteRecordsByType(String zone, String type) at WMIMsDNS.Provider.DeleteZone(String zone, UInt32& serial)) at removeZone ZoneName = 'domain.com'Click to expand...
View 10 Replies
View Related
Feb 16, 2015
We have separate hosting environment of Linux Plesk and Windows Plesk where we do not allow PHP on Windows Plesk.
However, it seems to be next to impossible to find out how we can limit customers being able to use PHP.
View 9 Replies
View Related
Jul 11, 2014
I've got a e-mail notification problem since i upgraded from Plesk 11.5 to Plesk 12: One specific Application Update for customer X is being sent to all my customers.
Last week we did have a problem with a busted customer portal. ( not customer X, plus still on Plesk 11.5 ) I fixed this by using this procedure: [URL] ..... Restored two records and problem solved.
As a temporary resolution we disabled Application Updates for our customers, but I do want that my customers receive Application Updates, but just the one where they are the recipient.
View 2 Replies
View Related
Apr 20, 2014
I suddenly started to get the following error
Windows 2008 server 64 bits 24 gigs ram sql express php plesk 11.5.30 latest update passed the latest self test with no problem
Internal error: ODBC error #42S02: [MySQL][ODBC 3.51 Driver][mysqld-5.5.31]Table 'apsc.aps_package' doesn't existODBC error #42S02:
Message ODBC error #42S02: [MySQL][ODBC 3.51 Driver][mysqld-5.5.31]Table 'apsc.aps_package' doesn't existODBC error #42S02:
File aps_php.php
Line 11933
Type Exception
Go To Previous Page
View 1 Replies
View Related
Jun 25, 2008
I have PSM and i just found out that even though they initiated my server they dont support GD on the initially installed apache 2.
I really need a simple solution like GD to create simple thumbnails about 4-5 times per day.
So PSM offered to downgrade the server to apache 1.X, i'm not sure this is right and needed to be done just to get simple GD functions.
I'm with fairly limited server management skills, thats why i have psm.
So i googled this topic and found out i can use Cpanel's builtin apache builder to rebuild the same web server with GD,
I got this error:
file /etc/fonts/conf.d/30-aliases-fedora.conf from install of fontconfig-2.4.1-7.el5 conflicts with file from package fontconfig-2.4.1-6.el5
Error Summary
-------------
Could not ensure pkglist 'zlib1-devel, expat-devel, gettext, automake19, libstdc++.x86_64, libpng-devel, libopenssl0-dev, expat, openssl, gcc-c++, glibc-devel, libpng-dev, zlib-devel, zlib, bison, autoconf261, gmake, libXpm, libjpeg-devel, openssl-devel, automake, coreutils, libtool-libltdl-devel, libopenssl0, openssl-dev, libtool, patch, libz-devel, libltdl3-devel, libltdl, libjpeg-dev, libopenssl0.9.7-static-devel, pam-dev, libtool-ltdl-devel, libopenssl0.9.7-devel, libltdl-devel, fileutils, libXpm-devel, sed, libXpm-dev, lsof, krb5-dev, flex, glibc-dev, expat-dev, krb5-devel, libstdc++-devel.x64_64, make, libstdc++-dev.x86_64, libX11-devel, xorg-x11-devel, libtool-ltdl, libssl-dev, gd, pam-devel, cpp, xorg-x11-dev, gcc, libopenssl0-devel, ssl-dev, lex, autoconf'
Please visit [url]for help with this error.!
Restoring original working apache!
my heart went down to my pants, but the original web server was restored and working as usual...
I simply don't know what to do now, since this seems like a too complicated issue for a server newbie to fix, into getting GD to work with the current server would be great!
View 13 Replies
View Related
Apr 18, 2008
I know few things on it, if you can add few more.
1. Set up you domain at new server / host.
2. Upload files at new server.
3. Change domain name servers.
4. Keep site at old as well as new server during domain propagation.
View 6 Replies
View Related
Mar 27, 2009
I've been working in this industry for 5 years now. Over the years, I've come to realize the little things that customers do that REALLY piss tech support off. This is a guide for customers for 10 things NOT do when contacting their host's technical support team.
This is a repost of what I already posted before the big catastrophe.
Please forgive the brutal honesty. It's for your own good.
1. One ticket per issue.
Emailing your issue to Support, Sales, Billing, Abuse, the owner, each individual tech, and the mayor of your town is not going to get your ticket answered any quicker. Additionally, opening 2, 3, 4, or 10 tickets isn't going to get things done any faster. Seriously - all it will do is irritate the support guy
2. Contact the proper department
If your account is suspended due to non-payment, or your account hasn't yet been setup, or you want to upgrade your account - please don't bother contacting support hoping it'll get done faster. All it will do is slow down their response time to customers that have actual support issues. Billing issues goto Billing. Sales issues goto Sales. Abuse issues goto abuse. Get the picture?
3. Contact support via ONE medium
If you put in a support ticket, don't get on live chat and call too. Trust me - you'll get the same answer on live chat and the phone as you will in the ticket . Same goes for requesting "updates" on your ticket - if your ticket is in queue, wait patiently for a response. If you don't get a timely response, contact the management to complain.
4. Everyone thinks their ticket is CRITICAL
Tech support reps realize that you think your issue is CRITICAL and must be dealt with IMMEDIATELY. But, guess what, so does everyone else that submitted their ticket before you. Your CRITICAL ticket will be answered in the order received after everyone else's CRITICAL ticket has been answered.
5. Do not try to "bump" your ticket
Making continuous replies to your ticket in an event to get a faster response won't work. In fact, in most common helpdesk applications, each reply made rotates the ticket to the bottom of the queue. So really, by bumping your ticket, you're just making yourself wait longer. Not getting service fast enough? Contact the manager of the company!
6. Include all relevant information, but only relevant information
Seriously - we don't care to hear your life story. Submit your ticket with your client ID, domain name, username, password, error messages, steps to reproduce, and other information directly pertinent to your issue. If your website is inaccessible, check http://www.downforeveryoneorjustme.com/ and include your local IP address (from www.whatismyip.com) and a traceroute. That will save you a reply.
7. Just because YOU can't see the website does NOT mean the server is down
So please - don't come shouting at us claiming we're fraudsters and have horrible uptime and demand a credit. Most of the time you will find there is either a firewall issue or a routing issue - or scheduled maintenance. Check http://www.downforeveryoneorjustme.com/ and your host's forums before screaming at them.
8. Avoid live chat & phone support
Unless you have a quick question, live chat and phone support are probably not going to be good avenues. Chances are, if your issue requires someone to login to the server to investigate, you're just going to be escalated to a support ticket. Instead of whining about how long the support ticket will take to get answered - just get it in queue. Figure if you spend 5-10 minutes on the phone only for them to tell you that you need to submit a ticket - that's 5-10 minutes that your ticket could have been looked into. Think about it. If you do call or chat - be brief - and keep in mind we have other customers to help.
9. We don't make the rules
If you don't like a company's policies or procedures, don't complain to your support tech about it. They don't make the rules, they just follow them. If you want a change, contact the management of the company.
10. Do NOT disrespect or mistreat support people
If you curse at us, disrespect us, or mistreat us in any way - you can almost be guaranteed that we won't be going out of our way to help you beyond the minimum. By polite, cordial, and courteous to your support tech and it will get you a LOT farther. We don't get paid enough to deal with people's abuse.
11 (Free bonus ). The amount of money you pay does not matter to us
Seriously - the fact that you pay us $9.95/month does not matter to us. We're going to provide you with the same support that we provide somebody that's paying $3.95/month or $99.95/month. Don't expect better treatment based on the amount of money you pay.
View 14 Replies
View Related
Dec 22, 2008
I've been working in this industry for 5 years now. Over the years, I've come to realize the little things that customers do that REALLY piss tech support off. This is a guide for customers for 10 things NOT do when contacting their host's technical support team.
Please forgive the brutal honesty. It's for your own good.1. One ticket per issue.
Emailing your issue to Support, Sales, Billing, Abuse, the owner, each individual tech, and the mayor of your town is not going to get your ticket answered any quicker.
Additionally, opening 2, 3, 4, or 10 tickets isn't going to get things done any faster.
Seriously - all it will do is irritate the support guy 2. Contact the proper department
If your account is suspended due to non-payment, or your account hasn't yet been setup, or you want to upgrade your account - please don't bother contacting support hoping it'll get done faster. All it will do is slow down their response time to customers that have actual support issues. Billing issues goto Billing. Sales issues goto Sales. Abuse issues goto abuse. Get the picture?3. Contact support via ONE medium
If you put in a support ticket, don't get on live chat and call too. Trust me - you'll get the same answer on live chat and the phone as you will in the ticket . Same goes for requesting "updates" on your ticket - if your ticket is in queue, wait patiently for a response. If you don't get a timely response, contact the management to complain.4. Everyone thinks their ticket is CRITICAL
Tech support reps realize that you think your issue is CRITICAL and must be dealt with IMMEDIATELY. But, guess what, so does everyone else that submitted their ticket before you. Your CRITICAL ticket will be answered in the order received after everyone else's CRITICAL ticket has been answered.5. Do not try to "bump" your ticket
Making continuous replies to your ticket in an event to get a faster response won't work. In fact, in most common helpdesk applications, each reply made rotates the ticket to the bottom of the queue. So really, by bumping your ticket, you're just making yourself wait longer. Not getting service fast enough? Contact the manager of the company!6. Include all relevant information, but only relevant information
Seriously - we don't care to hear your life story. Submit your ticket with your client ID, domain name, username, password, error messages, steps to reproduce, and other information directly pertinent to your issue. If your website is inaccessible, check [url] and include your local IP address (from www.whatismyip.com) and a traceroute. That will save you a reply.7. Just because YOU can't see the website does NOT mean the server is down
So please - don't come shouting at us claiming we're fraudsters and have horrible uptime and demand a credit. Most of the time you will find there is either a firewall issue or a routing issue - or scheduled maintenance. Check [url]and your host's forums before screaming at them.8. Avoid live chat
View 10 Replies
View Related
Mar 30, 2009
It has come to my knowledge that SSL certificates that use the MD5 algorithm have been successfully hacked and are vulnerable to attacks. Only Verisign (owners of RapidSSL since 2006) have stated that they have stopped using MD5-signing for RapidSSL certificates, and will have phased out MD5-signing across all their certificate products by the end of January 2009
View 7 Replies
View Related
Jun 12, 2008
My VPS provider just setup and delivered my new VPS ;-)
He also optimized and secured it.
These are the details of the setup he did:
Cleaned up /etc/hosts
SSH Server Hardening
PHP Hardening
Advanced Policy Firewall (APF) With IP Blacklists Configured
APF Add-on - Brute Force Detection (BFD) Dos/DDoS Prevention
Basic Apache Optimization
Basic MySQL Optimization
Is this enough or should i do more to let the VPS run smoothly and secure?
View 7 Replies
View Related
May 18, 2008
some hostings around WHT have a small "feature" enabled on all shared or reseller servers. This feature allows read/write on local files. Php safe mode or open_basedir won't help here
CREATE TABLE data (text LONGTEXT);
LOAD DATA LOCAL INFILE '/etc/named.conf' INTO TABLE data;
This SQL query allows me to load local 'named.conf' to mysql database.
Code:
SELECT text FROM data INTO OUTFILE '/etc/file';
This SQL query allow me to write data from mysql to local file.
Last year I bought some shared and reseller packages, it worked 100%. None from 17 providers have disabled it. Also some of them are well known and big.
I've wrote emails to them, reported this "feature", hope they have disabled it ;-).
To disable add to my.cnf file :
Code:
[mysqld]
local-infile=0
View 12 Replies
View Related
Apr 16, 2008
Apache error log for a subdomain
[Thu Apr 17 00:02:24 2008] [crit] [client 69.113.17.156] (13)Permission denied: /home/user/public_html/subdir/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
However, there is no htaccess file in that directory anyway
/home/user/public_html/subdir
Server is Centos 5 / Cpanel
View 5 Replies
View Related
Sep 16, 2008
I tried searching around but maybe someone can steer me in the right direction.
I, as probably many other people, are in an interesting predicament.
I love my VPS right now...however obviously since I started with my VPS I'm about to out grow it, with the amount of power that I need.
What I'm looking for is a server which is completely managed, completely secured (some sort of active virus scanning), however I can get in there and have complete control like I would with my VPS, but obviously with more resources.
What I'm looking for is:
2-4GBs of ram
Pentium D (minimum) up to a Xeon 3220 SINGLE processor
1000 - 2000TB / bandwidth
100mb/s uplink
Windows 03 would be great, I'll settle for CentOS though
Budget max is $170/mo.
View 13 Replies
View Related
Mar 29, 2009
how to check if you host has made their job correct ?
We are looking into a PCI scan just because of the security, we do not need to be PCI compliant, but the security standard is what I believe the most reliable to stick to.
View 1 Replies
View Related
Feb 15, 2007
Here are my requirements:
A. Space: 1/2 a secured cabinet
B. Location : Bay area
C. Power: 8 amps
D. B/w: 1 Mbps
I got quotes from
A. www.bayarea.net for 1 cabinet with 20 amps $699
B. www.he.net for 1 cabinet with 15 amps $600
C. www.svcolo.com/ for 1 cabinet with 15 amps $695
I am wondering who can give me 1/2 a secured cabinet for around $300 to $400
View 3 Replies
View Related
May 4, 2015
I have installed an SSL certificate on my website since last saturday the 1st of May, and forced redirection to https URLs via .htaccess.
Since then, I cannot see any statistics in AWStats. All values stops after the implementation of the certificate. How can I continue to have statistics for my secured web site ?
View 3 Replies
View Related
Jun 28, 2009
I need to block a specific IP:
93.6.224.242
It adds fine when I do:
iptables -A INPUT -s 93.6.224.242 -j DROP
However, the IP is still accessing files and pages on the site according to Apache:
When I ban other IP's they are blocked from accessing anything on the server (e.g. it wouldn't even reach Apache level because of firewall), but this IP just isn't banning properly.
View 11 Replies
View Related
Mar 21, 2006
I am using SSL on my site but am having trouble in getting it to work correctly. I want to make it mandatory that the sections in <webaddress>/members and <webaddress>/admin are protected by SSL. I currently have the following in the httpd.conf file:
SSLEngine on
SSLCertificateFile /usr/local/home/pm42/finalcert.pem
SSLCertificateKeyFile /usr/local/home/pm42/privkey.pem
SSLCertificateChainFile /usr/local/home/pm42/finalcert.pem
but I dont know what to do next.
View 0 Replies
View Related
Feb 2, 2009
I installed VNC on my VPS using a guide I found here. I installed KDE. It all works but when I view the VPS through VNC on my windows PC the text on the screen appears to be squares as if its a non supported language.
[url]
I've uploaded a screenshot to better help you understand what I mean.
View 11 Replies
View Related
Jan 15, 2008
I set up my own SMTP server on IIS.
Most of the time it sends and recieves the email OK.
From time to time, the mails bounce. For example if I send to someone at Hanmail (major korean provider) then it always bounces. Similarly, sometimes people say they sent an email to the server and it bounced back to them.
I guess something is not set up right, maybe MX record or some other mysterious thing. How can I troubleshoot/solve this?
I MUST fix this so I will be back to check on this thread often,
View 0 Replies
View Related
Nov 7, 2008
As title suggests I'm looking to make sure my hosting is set up to respond with valid PTR information so my server generated emails aren't flagged as spam.
I have full SSH access to the machine at root level.
Running a CentOS machine but there are also other virtual hosts using a shared ip.
View 6 Replies
View Related
Jun 9, 2007
I have a slight problem with a cron job I have setup.
I wanted to save a copy of iptables every hour to a folder, so I created a script... here it is:
Code:
varDate=`date +%y%m%d`
varTime=`date +%H%M`
filename="IPtablesBackup-$varDate-$varTime"
iptables-save -c > /etc/IPtablesBackup/$filename
and called is Backup-Script.sh
Now if I just execute the script will in root ./Backup-Script.sh I get a new file with the correct filename and iptables info is saved ! Great ! So then I thought, how can I setup this automatically every hour.
Which leads me on to my problem. I inputted "crontab -e" added this line
Code:
59 * * * * /etc/IPtablesBackup/Backup-Script.sh
The problem is the script is run, I know because it creates a new file with the correct time and date, however the file is empty?
I have set Backup-Script.sh to 777 and owner and group are both root?
View 4 Replies
View Related
Jun 22, 2007
A client recently moved one of their domains to one&one (night mare I know) he then asked us to repoint the domain name to our servers using out name servers.
We have done this and it is not resolving to our server.
The problem is that the site is no longer showing and their emails are down.
I used a domain dossier and the DNS record looks like it should be changed but I'd like some confirmation on this.
View 1 Replies
View Related
Mar 25, 2008
I desperately need someone to help with a tomcat installation on a dedicated server. I have tomcat working properly but the app is not connecting properly to the database.
View 1 Replies
View Related
Mar 18, 2015
I renewed an SSL cert for one of my servers. After several hours, then days I noticed that the date had not updated to show the new expiration date.
When I do an ssl check through [URL] it shows the following when scanning https://webhost1.teksavvy.com:8443:
Valid from: 2014-Apr-11 00:00:00 GMT
Valid to: 2015-Apr-11 23:59:59 GMT
When scanning https://webhost1.teksavvy.com it shows:
[Code]....
View 6 Replies
View Related