Some Attacker In My Sever
Mar 11, 2008
i have VPS CentOs5 running 2.6.9-023stab044.11-entnosplit with Plesk 8.3 Panel ..
last nigth when i was talking with the support center and i past my root passwd ..
after 10-15 mnts some attacker has change my page (index.html)
the server is new .. i just take VPS server before 3 days .. so there is no way to upload or run any php script ( worm ) in my server kz i didn't install anything there else (.html) pages ..
so i stop my VPS tell today and now i change my password and run the command to find any php files in my Vhosts folder wich content my sites directory...
i didn't find anything there and everything looking as a Defualt..
now the question is there anyway for the attacker to hack NixCore V1.5.0 Support Center ...?
and if there any way to check my server if there any uploading new files? whatever is .php ; .pl ; .rar ; .gif ; etc ...
and what command to show what the user group have the root permission?
View 4 Replies
ADVERTISEMENT
Sep 29, 2007
to day i log my site and see notice :
Sep 29 12:30:30 SP116328292A suhosin[15988]: ALERT - script tried to increase memory_limit to 1073741824 bytes which is above the allowed value (attacker '121.108.187.170', file '/srv/www/vhosts/fullsoftvn.com/httpdocs/ShopCart/index.php', line 8)
Sep 29 12:30:53 SP116328292A suhosin[15876]: ALERT - script tried to increase memory_limit to 1073741824 bytes which is above the allowed value (attacker '121.108.187.170', file '/srv/www/vhosts/fullsoftvn.com/httpdocs/ShopCart/index.php', line 8)
Sep 29 12:31:21 SP116328292A suhosin[15989]: ALERT - script tried to increase memory_limit to 1073741824 bytes which is above the allowed value (attacker '203.200.143.20', file '/srv/www/vhosts/fullsoftvn.com/httpdocs/ShopCart/index.php', line 8)
Sep 29 12:31:24 SP116328292A suhosin[15955]: ALERT - script tried to increase memory_limit to 1073741824 bytes which is above the allowed value (attacker '121.108.187.170', file '/srv/www/vhosts/fullsoftvn.com/httpdocs/ShopCart/index.php', line 8)
Sep 29 12:31:32 SP116328292A suhosin[15955]: ALERT - script tried to increase memory_limit to 1073741824 bytes which is above the allowed value (attacker '121.108.187.170', file '/srv/www/vhosts/fullsoftvn.com/httpdocs/ShopCart/index.php', line 8)
Sep 29 12:31:46 SP116328292A suhosin[15989]: ALERT - script tried to increase memory_limit to 1073741824 bytes which is above the allowed value (attacker '203.200.143.20', file '/srv/www/vhosts/fullsoftvn.com/httpdocs/ShopCart/index.php', line 8)
Sep 29 12:31:57 SP116328292A suhosin[15989]: ALERT - script tried to increase memory_limit to 1073741824 bytes which is above the allowed value (attacker '203.200.143.20', file '/srv/www/vhosts/fullsoftvn.com/httpdocs/ShopCart/index.php', line 8)
Sep 29 12:36:59 SP116328292A suhosin[16103]: ALERT - script tried to increase memory_limit to 1073741824 bytes which is above the allowed value (attacker '121.108.187.170', file '/srv/www/vhosts/fullsoftvn.com/httpdocs/ShopCart/index.php', line 8)
Sep 29 12:37:28 SP116328292A suhosin[15396]: ALERT - script tried to increase memory_limit to 1073741824 bytes which is above the allowed value (attacker '121.108.187.170', file '/srv/www/vhosts/fullsoftvn.com/httpdocs/ShopCart/index.php', line 8)
and dis Shopcart !
How To hinder other's attacker?
View 6 Replies
View Related
Nov 24, 2007
I have to deal with a lot of dictionary attacks. One evening, I got fed up with them and decided to do something about it. So, I wrote a service in VB.NET that monitors the Windows event log. I check for too many incorrect login attempts to MS SQL.
If I find someone attempting to dictionary attack, Windows shows the IP address of the invalid login attempt in the event log. So, I parse the event message, grab the IP address, and use IPSec to block the would-be intruder. Excellent!
Ok. That takes care of SQL attackers. But, what about RDC (Remote Desktops or Terminal Services) attackers? I started using 2x's SecureRDP. It works great, but the logging feature is broken. It doesn't accurately log the attackers' IP addresses. So, how can I get the IP address of those attempting to login via RDC? Anyone know? There has to be a way.
View 2 Replies
View Related
Jun 12, 2009
Let's say my site was getting DDOS'd. Let's say I suspected I knew the attacker's home IP address. Would there be anything I could do with this information to either end the attacks or penalize the attacker?
View 4 Replies
View Related
Feb 28, 2008
Has anyone used Attacker.net for server admin work, especially on FreeBSD? My other Admin team bailed on me, so I am looking for a new team to Secure and Harden my box. I have searched the boards, and have not found a review on them yet.
View 7 Replies
View Related
Nov 8, 2009
is this a good deal for a sever for $69 a month
320GB STORAGE
3,000GB MONTHLY TRAFFIC
2.6Ghz AMD PHENOM II X3
2GB RAM MEMORY
how do i prevent the hosting company from significantly raising my monthly cost?
View 3 Replies
View Related
Apr 15, 2008
What type of server and connection I need to handle more than 50.000 visits per day in a Webserver Front-End / Database Back-End.
View 5 Replies
View Related
Jul 26, 2008
firewall for my new server. I will be running cpanel 11 on it... so i was looking into configserver.com . Are they good? Is there any other firewall software's you can recommend besides configserver?
View 3 Replies
View Related
Mar 2, 2007
Is this possible we can scan virus on the account on server?
View 1 Replies
View Related
Mar 23, 2009
I'm wondering what the benefits are from switching a hosting server's nameservers to OpenDNS's.
Will this be better for the server or will it cause issues?
View 4 Replies
View Related
Nov 16, 2008
I rented out a server from leaseweb for 6 months (prepaying) before doing any real researching.. the price was great but the support apparently sucks. Now that I found this out, and my server hasn't been setup yet, I want a full refund. I've contacted them via email, but yet to recieve a response; who should I contact or what should I do.
View 12 Replies
View Related
Mar 27, 2008
This weird issue has poped up only this weekend , when csf blocks all ips and even ssh, email and all services are not accesible, even though server is working, but firewall puts a block on everyone, and appears offline to others, any ideas why csf and iptables are not responding and acting in this behavior, i asked jonesolutions.com last time it happened i got no reason/response which could be the culprit.
Could it be the kernel update/upgrade that was done, to optimize load which broke csf and its working?
as this is 2nd incident over last 2 days , and i had thought my management had fixed it. Upset here over the unwanted for no reason downtimes!
Here is the output for this command after i restart csf again, and thats like average too i get over the entire day.
root@webhosting1 [~]# netstat -an |grep :80 |wc -l
188
root@webhosting1 [~]# netstat -an |grep :80 |wc -l
168
Connections to server dont seem to be high enough to pooch the firewall.
View 14 Replies
View Related
Oct 12, 2008
With increased traffic lately I'm trying to plan my next move so I was hoping for some kind recommendation from you guys.
My current setup is 1 VPS from knownhost (managed) where i have my wordpress sites and 1 VDS at FDC (unmannged) for static content like images and zip files but i would like to have everything in one place because it would work out cheaper.
So the question is would i be risking too much if I moved my whole site to a unmanaged dedicated sever without having any expreice other than very basic stuff like intalling afp/ddos deflate?
Right now it seems like their isn't anything to it except upgrading the OS or mysql and things like that in the future...
View 11 Replies
View Related
Dec 3, 2008
to put together a file server. This server will only accept SFTP connections and send/receive data. Also, planning to use RAID 10 with a hardware controller. Just looking to get a feel for the CPU and RAM. While the server load will not be much, scalability is a factor when considering hardware.
View 7 Replies
View Related
Dec 7, 2008
I am looking for a dedicated server for my flash games site. I am currently using 1and1.com for a Titan 16gb ram, 6gb monthly transfer(bandwidth) but not enough. I end up paid almost $2k last month. So I am need is at least 15-20gb bandwidth monthly transfer and about 8gb ram....
View 7 Replies
View Related
Jul 14, 2009
We want to build a file server in our office - either Windows or Linux (doesn't make a difference to us).
We have a lot of satellite offices, and want to have certain computers have access to specific files/folders on the fileserver.
The catch is this... we would like some of our satellite computers to "sync" with the files/folders on the fileserver.
For example, a developer who is constantly working with a particular client, will always want his/her files to sync up with what is on the server.
The developer will want to work with a local copy of the files, and once finished, will upload them to the file server.
A few days go by, and there is a possibility the fileserver has additional information for that client. The developer would then want to download the changed files from the fileserver.
The benefit of working with local files, is that it is quicker to make changes. We can always leave the desktop on overnight to sync between the fileserver and the desktop.
Any suggestions what to look into here?
All of our desktops are on Windows, so we would need a windows application that has this functionality.
Rsync seems to be the closest thing I've found so far.
View 14 Replies
View Related
Jul 10, 2009
I will buy a new Dell server to stream webcasts and also do live streaming.
I will buy a PowerEdge 2950 III with 2 CPU's 2.5 GHZ and 8MB Ram.
View 13 Replies
View Related
Jun 16, 2007
I have set up a HA network.
Web Servers #1 and #2 have their own IPS, but share a dedicated load balanced IP via the H5 Load Balancer.
We have our domain name registered with Yahoo!
How do we point the domain name at Yahoo! to the load balanced IP?
View 3 Replies
View Related
Jan 3, 2007
I have my web server hacked several times and I am beating my head against the wall trying to find the problem(s).
Way back when my sites have been defaced and CHMODing my *.html files to 744 seemed to have done the trick
Now someone has put a phishing site somehow, which by the way I'm not able to remove still, I can't help but to think that I may have more CHMODing to do, I have recursevly set my site to 755, shoud this do the trick? I know I need to chmod .htaccess and alike files to 644, but what about...imagesCGI/PHP?cssetc?
What other steps can I take to secure this thing?
it's a shared host, limited access, but I do have SHELL.
View 6 Replies
View Related
Jun 7, 2009
we are expanding to offer vps. i have seen diferent servers config. but am not sure what to choose in terms of hardware
View 14 Replies
View Related
Jan 17, 2009
In fact i am a customer of PC-CORE.net's directly customer.They send me a email to let me translate my website a few days ago.But i was in a travel then.I recieved it yesterday night. But it is too late that i cannot enter my website then.It is likely the sever ha been shutdown.My ip was 64.191.125.149.The guy rent me the space said he is powerless with it.
I did not get any backups of my site.They are gone when i format my hard drive last time.But the website's date is very important with me.
Anyone related with it?What i can do to save my site? What is going on with PC-CORE.net?
View 14 Replies
View Related
