Hacked At OS Level

Mar 13, 2008

my VPS has been hacked as per as the provider emailed me

Your VPS is hacked at OS level. It was running following suspicious processes and bot files were uploaded to it.

-bash-3.00# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 1628 600 ? Ss 19:27 0:00 init boot
root 18326 0.0 0.1 2156 1164 ? Ss 19:27 0:00 bash
root 18354 0.0 0.0 2156 524 ? S 19:27 0:00 bash
root 18356 0.0 0.0 1524 468 ? S 19:27 0:00 sed s/.*ifcfg-venet0://
root 18357 0.0 0.0 1780 100 ? T 19:27 0:00 ls -1 bak/ifcfg-venet0:*
root 18358 0.0 0.0 0 0 ? Z 19:27 0:00 [sed] <defunct>
root 11610 0.0 0.0 1628 296 ? Ss 19:32 0:00 init boot
root 11611 0.0 0.1 2156 1200 ? S 19:32 0:00 /bin/bash /etc/rc.d/rc.sysinit
root 11625 0.0 0.0 1484 572 ? S 19:32 0:00 /sbin/initlog -r /etc/rc.d/rc.sysinit
root 11839 0.0 0.0 1456 276 ? Ss 19:32 0:00 minilogd
root 12006 0.0 0.0 2156 532 ? S 19:32 0:00 /bin/bash /etc/rc.d/rc.sysinit
root 12014 0.0 0.0 1780 104 ? T 19:32 0:00 ls ifcfg-lo ifcfg-venet0
root 12021 0.0 0.0 27104 512 ? S 19:32 0:00 sort -k 1,1 -k 2nroot 12022 0.0 0.0 1372 52 ? T 19:32 0:00 sed s/[0-9]/ &/
root 12025 0.0 0.0 1524 464 ? S 19:32 0:00 sed s/ //
root 12030 0.0 0.0 0 0 ? Z 19:32 0:00 [sed] <defunct>
root 12044 0.0 0.0 0 0 ? Z 19:32 0:00 [sed] <defunct>
root 5654 0.0 0.0 1912 392 ? Ss 22:46 0:00 vzctl: ttyp0
root 5655 0.2 0.1 2156 1248 ttyp0 Ss 22:46 0:00 -bash
root 5733 0.0 0.0 2312 764 ttyp0 R+ 22:46 0:00 ps aux
-bash-3.00# cd /usr/local/games/-bash-3.00# ls -a.
.. irc
-bash-3.00# cd irc/-bash-3.00# ls
1 12 15 18 20 23 26 29 31 34 37 4 42 45 48 50 53 56 59 61 64 8 common mfu.txt
r00t ssh
10 13 16 19 21 24 27 3 32 35 38 40 43 46 49 51 54 57 6 62 68.231.ps.22 9 full pass_file skan x
11 14 17 2 22 25 28 30 33 36 39 41 44 47 5 52 55 58 60 63 7 all go.sh ps ss-bash-3.00

how can I know what is the issue over here

View 14 Replies


ADVERTISEMENT

Difference Between Level 1, Level 2 And Level 3 Tech Support

Oct 10, 2009

Is there any preset criteria for it like Level 1 includes a, b & c, Level 2 includes d, e & f and level includes x, y & z?

I know the difference in General but, I wanted a specific answer.

View 14 Replies View Related

Hardware Level Virtualization Or Software Level Virtualization

Jun 28, 2009

Which virtualization technology is better? Hardware level or software level? My friend suggested me to go for software level virtualization. However, I am still concerned about the technology as to which I should choose?

View 3 Replies View Related

Hardware Level Virtualization Or Software Level Virtualization ...?

Jun 28, 2009

Which virtualization technology is better? Hardware level or software level? My friend suggested me to go for software level virtualization. However, I am still concerned about the technology as to which I should choose?

View 0 Replies View Related

Second Level Quota

Apr 25, 2009

how can i enable second level quota step by step?

View 3 Replies View Related

Difference Between A Level 1, 2, And Three

Apr 19, 2009

what is the difference between a Level 1, 2, and three issue.

View 1 Replies View Related

Low Level Format 512/520

Jan 15, 2008

I can't find any software.

Trying to get my Maxtor/Seagate hard drive to low level format to either 512 or 520 so it could work in my EMC2/ax150 SAN unit. If you know any software that would do this please guide me into that direction.

View 3 Replies View Related

Account Level Php.ini

Aug 23, 2007

How to i set php.ini file to run on account level? Some client need different php configuration.

View 9 Replies View Related

Top Level VPS Providers

Sep 25, 2008

Who are the premium VPS companies? I have been burned enough with companies that are tryin to build client base so they can sell out.

What are the companies that have been around for a while and are selling plans that make the company stable for the long term?

View 14 Replies View Related

Level 3 Routing

May 10, 2007

I've been doing some traceroutes between Chicago and Dallas. Tracing from Chicago -> Dallas, I go through Denver almost 100% of the time. Tracing from Dallas -> Chicago, I go through Denver or Atlanta before routing to Chicago.

Is this normal? Looking at the Level 3 network map there seems to be several, much shorter routes.

View 7 Replies View Related

Level 3 POP's In Canada

Feb 6, 2007

Does anyone here have any experience with L3 POP's in Canada?

Have you had any problems with them?

View 0 Replies View Related

Possible Root Level Hack

Apr 28, 2009

I believe my server has been hacked as I did the top and observe as follows

top - 15:53:39 up 12 days, 3:16, 2 users, load average: 7.87, 10.30, 11.10
Tasks: 789 total, 3 running, 771 sleeping, 0 stopped, 15 zombie
Cpu(s): 20.4% us, 9.3% sy, 4.8% ni, 35.0% id, 30.1% wa, 0.4% hi, 0.0% si
Mem: 2074364k total, 2048296k used, 26068k free, 72136k buffers
Swap: 2040244k total, 2076k used, 2038168k free, 1286884k cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
22488 root 27 12 3376 1352 508 R 16.8 0.1 12:08.63 rsync
15370 named 20 0 84020 30m 1936 S 4.2 1.5 20:15.72 named
16732 root 16 0 4684 1456 868 S 2.9 0.1 0:01.07 ftp
22489 root 27 12 5444 1860 1420 R 2.9 0.1 3:27.51 ssh
26448 mailnull 17 0 9016 4088 2832 D 2.9 0.2 0:00.11 exim
26436 mailnull 16 0 0 0 0 Z 2.4 0.0 0:00.09 exim <defunct>
477 root 15 0 0 0 0 D 2.1 0.0 217:34.28 kjournald
26408 mailnull 16 0 8964 4584 3244 D 2.1 0.2 0:00.08 exim
26442 mailnull 16 0 0 0 0 Z 2.1 0.0 0:00.08 exim <defunct>
16975 root 15 0 4684 1444 856 S 1.6 0.1 0:00.56 ftp
23071 root 16 0 3760 1420 764 R 1.6 0.1 0:05.08 top
26477 root 16 0 8616 3892 2656 D 1.6 0.2 0:00.06 exim
26486 root 15 0 9420 3888 2656 D 1.3 0.2 0:00.05 exim
16694 root 15 0 4684 1436 848 S 1.0 0.1 0:00.63 ftp
16840 root 15 0 4684 1448 860 S 1.0 0.1 0:00.43 ftp
16865 root 15 0 4684 1444 856 S 1.0 0.1 0:00.72 ftp
16932 root 15 0 4684 1444 856 S 1.0 0.1 0:00.42 ftp
17275 root 15 0 4684 1448 860 S 1.0 0.1 0:00.57 ftp
26434 mailnull 16 0 8972 3956 2704 D 1.0 0.2 0:00.04 exim
26437 mailnull 15 0 8964 3920 2688 D 1.0 0.2 0:00.04 exim
26451 mailnull 15 0 8968 3932 2696 S 1.0 0.2 0:00.04 exim
26489 root 18 0 10568 3912 2656 S 1.0 0.2 0:00.04 exim
5310 root 15 0 40104 35m 1888 S 0.8 1.8 10:55.77 tailwatchd
16771 root 15 0 4684 1448 860 S 0.8 0.1 0:00.44 ftp
16779 root 15 0 4684 1448 860 S 0.8 0.1 0:00.56 ftp
16806 root 16 0 4684 1444 856 S 0.8 0.1 0:00.71 ftp
16844 root 15 0 4684 1440 852 S 0.8 0.1 0:00.57 ftp
16854 root 15 0 4684 1444 856 S 0.8 0.1 0:00.72 ftp
16857 root 15 0 4684 1444 856 S 0.8 0.1 0:00.63 ftp
16868 root 15 0 4684 1448 860 S 0.8 0.1 0:00.79 ftp
16885 root 15 0 4684 1448 860 S 0.8 0.1 0:00.68 ftp
16982 root 15 0 4684 1440 852 S 0.8 0.1 0:00.40 ftp
17008 root 16 0 4684 1448 860 S 0.8 0.1 0:00.69 ftp
17038 root 15 0 4684 1448 860 S 0.8 0.1 0:01.01 ftp
17082 root 15 0 4684 1448 860 S 0.8 0.1 0:00.71 ftp
17106 root 15 0 4684 1444 856 S 0.8 0.1 0:00.84 ftp
17288 root 16 0 4684 1448 860 S 0.8 0.1 0:00.69 ftp

Now..I am logged in root in two terminals and it shows

root pts/2 Apr 28 15:19 (x.x.x.x)
root pts/3 Apr 28 14:06 (x.x.x.x)

I am just wondering how can the root perform ftp tasks where my root login is sitting idle and what about pts/0 and pts/1

I stopped the ftp service in cpanel and it is started automatically..

View 14 Replies View Related

Mid-level (1GB RAM) VPS With Strong Support

Dec 8, 2008

My university runs a website to help students find rentals in the general area. We recently ran into some billing issues with our current VPS host, and we're trying to move to a new VPS.

I have some experience finding cheap VPSs (I use Slicehost for a 256MB RAM VPS), but this one has different requirements. Our current VPS provides us with 1GB of RAM, and we don't want to go below this. Also, the VPS we use gives great tech support to my boss (who only knows the very basics about technology). We'd also strongly prefer a VPS that comes with Cpanel.

Does anyone have any recommendations for other VPSs that meet these requirements?

View 10 Replies View Related

How To Ban A ENTIRE Top-level Domain

Aug 22, 2007

how to ban an entire top-level domain? For example ban everyone from Russia by coming from the .ru domain? Or everyone from Lithuania by somehow banning everyone coming from .It ip address.

I've had some people from those places try to hack my site and am fed up with it. So I want to ban those two entire countries for the time being using cPanel X's "IP Deny Manager".

By the way I am not a technical person. Just your every day person running a site.

View 12 Replies View Related

Level 3 NY2 85 10th Ave Experiences

Apr 19, 2007

Is anyone co-located at this facility? The 111 8th Ave center is filled up, but L3 says NY2 is just as good. They are a tad bit more than colo4dallas and others for the same specs, but I'm curious to hear everyones thoughts about NY2.

View 2 Replies View Related

Internap, Level(3), BTN Or Savvis

Apr 27, 2007

Which one has the best routes to Asia, especially South East Asia?

View 14 Replies View Related

Backup Of Sites - Which Application Level

May 11, 2009

I have my personal and business websites through Cpanel - which has a backup facility in it. I also have a WebHost Manager, which has a backup option in there. Then.. I can log into HyperVM, and there is another backup option there. This is all running on a VPS.

So - should i be running backups on all 3 levels? Which should I be running backups on, and which is the recommended course of action? The sites are not all that active.. a one week data loss would not be catastrophic - though, if any new clients in that period of time they'd have to re-sign up. I'm currently running backups 3 times a week via WebHost Manager... but suddenly had a fear that maybe I need to run the Cpanel and HyperVM backups too?

View 3 Replies View Related

Blocking IP Addresses At Server Level

May 4, 2008

I've been carrying some weird hours lately, so I'm able to see activity on my sites that I normally don't see.

Certain IPs are trying to diddle their things into my server and need the boot. It's not consistent (ie not happening every 5, 10 mins)... it's periodically throughout the months. I'll see an IP I blocked 2 months ago just randomly show up at 4:30am and try accessing the same files it was probing during it's last visit. Assuming this is just some sort of bot, can I block it permanently?

I know APF has a collection system that purges an IP list to keep it from bloating, and I had PSM do some hardening so I'm not entirely sure about the workings of APF firewall. So far my IP blocks are blank (which is a good sign!), but I'd like to add some nuisances to it, to keep their crap from appearing in my error logs anymore as "Denied by Server Configuration"

My question is: Can I block people at server level permanently? I do not want their IP being taken out with the purge list that comes by every so often.

View 4 Replies View Related

Most Cost Effetive Level Of RAID?

Sep 9, 2008

What is the most cost effetive level of RAID in your experience?

View 8 Replies View Related

Bandwidth Monitoring At Server Level

Nov 27, 2007

I have a few boxes on a special setup in a rack that I want to monitor bandwidth usage on for a while. There really isn't a way at the moment to do it switch level. Some of the servers have cPanel, some are just straight Linux (CentOS). I have seen where you can setup iptables to measure/monitor bandwidth, any other easy and effective suggestions for doing this?

View 3 Replies View Related

Stop Spam At Smtp Level

Nov 5, 2007

Stop spam at smtp level.It's great with a lot of features, easy to install.

www.spamdyke.org

Stop spam now

View 0 Replies View Related

Route From Level 3 To Qwest On The West Coast

Aug 30, 2009

I am looking at getting some Qwest bandwidth at 200 Paul, San Francisco. Not being too familar with Qwest's network and as part of evaluating that decision I did some testing to see how the routes/latency looked from various points on the Internet and from our other data centers. For pretty much all the testing I did from the major tier 1/2 networks, Qwest has great peering in places you would expect resulting is decent routes and low latency.

The strange thing is that the one exception is routes from Level 3. As an example, traffic from various Northern California points on Level 3's network to a test IP on Qwest's network in Sunnyvale all go via Denver to connect to Qwest and then back to the Bay Area. For LA originating traffic, it goves via Dallas. Same thing for Seattle that is going via Denver.

Hard to imagine these two tier 1 providers don't peer at any location on the west coast at all? Is this typical between these two or is there some temporary outage right now? Or is there some peering spat going on between them?

Seems pretty silly for traffic to go 3,000 miles between points that are only 10 miles apart!

Here is an example of the route to a test IP sunnyvale.speedtest.qwest.net (205.171.214.185):

1 vlan89.csw3.SanJose1.Level3.net (4.68.18.190) 0 msec
vlan79.csw2.SanJose1.Level3.net (4.68.18.126) 0 msec
vlan99.csw4.SanJose1.Level3.net (4.68.18.254) 0 msec
2 ae-62-62.ebr2.SanJose1.Level3.net (4.69.134.209) 216 msec
ae-82-82.ebr2.SanJose1.Level3.net (4.69.134.217) 4 msec
ae-72-72.ebr2.SanJose1.Level3.net (4.69.134.213) 204 msec
3 ae-3.ebr1.Denver1.Level3.net (4.69.132.58) 204 msec 200 msec 204 msec
4 ae-11-51.car1.Denver1.Level3.net (4.68.107.6) 224 msec
ae-11-55.car1.Denver1.Level3.net (4.68.107.134) 212 msec *
5 dvr-brdr-01.inet.qwest.net (63.146.26.133) [AS209 {ASN-QWEST}] 24 msec 28 msec 28 msec
6 dvr-core-01.inet.qwest.net (205.171.10.54) [AS209 {ASN-QWEST}] 24 msec 24 msec 28 msec
7 * * *
8 svl-svcs-01.inet.qwest.net (205.171.214.98) [AS209 {ASN-QWEST}] 28 msec 28 msec 28 msec
9 svl-speedtest-01.inet.qwest.net (205.171.214.185) [AS209 {ASN-QWEST}] 28 msec 28 msec 28 msec

Anyone have experiences with using Qwest bandwidth in Northern California they care to share?

View 0 Replies View Related

Which RAID Level Should I Chose For An 8 Drive Setup

Oct 28, 2009

Which RAID level should I chose for an 8 drive setup? It is going to be a R1Soft server.

Should I get RAID 5, 6, 10, or a different level?

View 14 Replies View Related

Different Level/tiers/class Of Hosting Company

Oct 1, 2009

My startup company has tasked me to look for a hosting company to get dedicated servers for their production (Web, DB) and operation (email, AD, etc) servers, 9 servers in total. I'm new to this whole industry and finding this forum really help me point myself in the right direction given so much junk and "partial" review sites out there.

I was able to get great reviews and recommendations off this forum but since I'm new, one area I'm not clear on is the different levels/tiers/class of hosting companies. For example, from what I am reading, Gigenet & Rackspace seem to be on a high end scale while CoreNetworks is on the low end but still excellent. Where would others like LiquidWeb, SteadFast, Softlayer fit in?

Can someone help me break it down into classes like cars such as budget/mid size/luxury or is it even possible? I'm just trying to get a sense of how to compare these companies as I'm getting quotes from them. These are some of the companies I'm looking at:
LiquidWeb
Gigenet
Softlayer
SteadFast
ThePlanet
Colocrosing
Iweb
DedicatedNow
CoreNetworks
Cartika
Servint
SingleHot

They all seem to have good reviews. I know some are truly managed and some just leave everything to you. I'm probably looking for something in between that has decent bandwidth and speeds. Our site won't be a public site so no large traffic requirements but we are spread out from NY to LA. We probably don't need the fastest speeds but somthing reliable. We are also in the health care industry so HIPAA maybe important but I'm still trying to determine that.

View 8 Replies View Related

Entry Level Sever Config For VPS Deployment

Jun 7, 2009

we are expanding to offer vps. i have seen diferent servers config. but am not sure what to choose in terms of hardware

View 14 Replies View Related

CPanel + Exim + User Level Filtering

Nov 18, 2008

whether our webhost has their configuration messed up, or if this is not genuinely possible with cpanel + exim + shared hosting.

Our email server is hosted with the web host, and what we want to do is to not allow certain users to be able to receive (And send) outgoing email to non-local domains e.g. they should only be able send and receive within our hosted domain, @mydomain.com .

Now, we've tried doing this using cpanel's user level filters and have setup the following:

Rules:
If Field To does not contain @mydomain.com OR
If Field From does not contain @mydomain.com

Action:

Fail with message.

We've tested these filters using combinations and they seem to be working as far as we can see on cpanel (it has the filter testing feature)

Now this works for people sending emails into our domain e.g. someone from hotmail tries sending emails to a user, and it bounces back.

But people from inside the domain can send emails to other domains even when they give valid results on the cpanel filter tester.

View 3 Replies View Related

Google's Entry-level Search Appliance

Dec 28, 2007

Google's mini search appliance:
[url]

hardware wise, it's just an out-dated supermicro's mini 1U setup (P8SCT in SC512L chassis, prescott 3G, 2G DDR2, 1x WD 250G) which can be easily upgraded to newer, greener configuration such as PDSMI+ or PDSBL-LN2 board with Conroe/Kentsfield CPU, 4G~8G RAM, even raptor 10k drive.

what do you guys think the market out there for this type of appliance? will updated hardware boots the performance by much?

View 8 Replies View Related

Parking An External 3rd Level Domain In CPanel

Jul 3, 2007

How to add an external third level domain to cPanel?

For example, my main domain at cPanel is one.com, so I can easily add subdomains like second.one.com, third.one.com etc.

But what I need is to point first.two.com to my hosting.

I'm a customer, not the server administrator.

A two.com owner has already configured my server's IP in the two.com zone file for that subdomain.

But how to configure that external 3rd level domain in my cPanel?

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved