Register or have you forgotten your password?
Get the most out of Surmunity, read our tips here! Need an interesting blog to read? You've got to read the Surpass Blog!
| Welcome! Please register to access all of our features.
| Private Hosting Questions about VPS, dedicated servers and colocation. |
 |
|
|
LinkBack | Thread Tools | Search this Thread |
May 7th, 2006, 3:05 AM
|
#10 (permalink) |
|
Surpass Fan
Comfy Contributor
Joined in May 2004
125 posts
Gave thanks: 0
Thanked 0 times
|
i have an open ticket since 06 May 2006 11:08 AM it is still not updated up to now SQZ-385403
i also made a security scan and get this result i poste it in the same tichet in 06 May 2006 11:51 AM and also no body see Appears Clean /dev/core /dev/stderr Scanning for Trojan Horses..... . . . . . . . . . . . . . . Possible Trojan - /usr/bin/pear . . Possible Trojan - /usr/bin/xml2-config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Possible Trojan - /usr/lib/libxml2.la . . . . . Possible Trojan - /usr/sbin/lsof . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Possible Trojan - /usr/bin/pstree . Possible Trojan - /usr/bin/find . . . . Possible Trojan - /usr/bin/xsltproc . . . . . . . . Possible Trojan - /usr/lib/python2.3/site-packages/libxml2mod.la . Possible Trojan - /usr/lib/python2.3/site-packages/libxml2mod.so . . . . . . . . . . . . . . . . . . . . . . Possible Trojan - /usr/bin/slocate . Possible Trojan - /bin/ls . . Possible Trojan - /usr/bin/dir . Possible Trojan - /usr/bin/md5sum . . . . . . . . . . . . . . . . Possible Trojan - /bin/ps . Possible Trojan - /usr/bin/top . . . . . . . . . . . . . . . . . . . . . . Possible Trojan - /usr/bin/cpan . . . . . . . . . . . . . . . . . . . . . . . . Possible Trojan - /usr/bin/pstruct . . Possible Trojan - /usr/bin/splain . . . . Possible Trojan - /usr/bin/xmlcatalog . Possible Trojan - /usr/bin/xmllint . . . . . . . . . . Possible Trojan - /bin/netstat . Possible Trojan - /sbin/ifconfig . . . . . 22 POSSIBLE Trojans Detected |
|
    
|
|
May 7th, 2006, 4:44 AM
|
#11 (permalink) | |
|
says GIMME SOME MORE!
Resident.
Joined in Mar 2004
Lives in fear of Obama.
Hosted on Pass 7
13,092 posts
Gave thanks: 8
Thanked 34 times
|
Quote:
__________________
|
|
|
|
|
|
May 7th, 2006, 4:56 AM
|
#12 (permalink) |
|
Surpass Fan
Comfy Contributor
Joined in May 2004
125 posts
Gave thanks: 0
Thanked 0 times
|
the server is hacked, when thay changing the root password i start using it but the hacker change it after a very small time, it looks that he installed a spayware in the server after his first login then he can easy change it if we changed it.
the support telling me that the server hacked and thay will reinstall the server(12 Hrs), the issue now is not changing the root password or the 12 Hrs downtime, this isse is will the hacker can use the same hole or bug to hack the server again or not. i hope that we can know that is the bug or can fix the root issue after discovering it.
__________________
Gool |
|
|
|
|
May 8th, 2006, 2:16 AM
|
#13 (permalink) |
|
Registered User
Comfy Contributor
Joined in Dec 2004
150 posts
Gave thanks: 1
Thanked 1 Time in 1 Post
|
This is quite interesting post. After they install your system again, make sure you ask them to install you a firewall and make sure you disable root login over shell. Create another user and add that user to the wheel group so only once you are logged in with that username over the shell you can su to root. Keep both passwords for these two accounts complex and different!
Also, do not keep your shell on the regular port 22, change that asap to something random like 3755 or such. If you do not know how, ask support to do it for you. It will take them about 5 minutes for what I just mentioned. Good luck!
__________________
PeconiHosting.com <-- new design  Wicked-Templates.com - High Quality Web Templates  Peconi.com - My Personal Website  BlackPearl Dedicated Server  20% discount on hosting 4 students! |
|
|
|
|
May 8th, 2006, 2:28 AM
|
#14 (permalink) |
|
says GIMME SOME MORE!
Resident.
Joined in Mar 2004
Lives in fear of Obama.
Hosted on Pass 7
13,092 posts
Gave thanks: 8
Thanked 34 times
|
And make sure when you do the wheel group part that you are typing it correctly. I screwed that up and locked SSH out completely.
As for passwords, this is a good place to generate one. I as well as many others use it: http://www.winguides.com/security/password.php
__________________
|
|
|
|
|
May 8th, 2006, 5:51 AM
|
#15 (permalink) |
|
Yabadabadoo
Super #1
Joined in Nov 2004
Lives in B.C., Canada
Hosted on Dedicated
1,013 posts
Gave thanks: 7
Thanked 28 times
|
i would also recommend scanning your own system with an antivirus (up to date) to make sure you are not infected with a trojan or something.
|
|
|
|
|
May 8th, 2006, 9:48 AM
|
#16 (permalink) |
|
Surpass Fan
Comfy Contributor
Joined in May 2004
125 posts
Gave thanks: 0
Thanked 0 times
|
thay installed the server the server load is all the time under 1, now the server is down again, i crayed many times to monitor or protect the server and no way i'am all the time neer the server and posting a tickets untill my head is really crached, why yahoo or google not down due to the ddos, why surpass can not install a firwall that work!
__________________
Gool |
|
|
|
|
May 8th, 2006, 11:28 AM
|
#17 (permalink) |
|
Yabadabadoo
Super #1
Joined in Nov 2004
Lives in B.C., Canada
Hosted on Dedicated
1,013 posts
Gave thanks: 7
Thanked 28 times
|
if you are trying to say that the server was reinstalled and it is down again, then i would have to say figure out the problem?
first you were saying it was hacked, now calling it a DDoS? the two actions would have 2 very different responses as to how to fix. A hack/exploit requires trying to figure out how/where, and a DDoS requires other network level solutions Now if you mean they went from hacking, to a DDoS, then you cant blame support. They fixed the problem only to have the hacker try something else. And comparing Google/Yahoo is hardly fair. They have huge server farms.It wouldnt suprise me if Google had 100,000 servers and LOTS of technicians/engineers, and the networks behind them. Now while surpass is big, and decent, they dont have that kind of system in place. Also, they are not trying to secure 100,000 servers to serve 1 website, they are trying to secure 1 server in order to serve thousands of websites. It is also your server. If you cant seem to secure it, and the support team is doing all they can to help (and it sounds like they are), dont *****. You are hard enough to understand. Im not even sure what to make of your last post. I dont know if they even know what the problem you are trying to express is. Now my server, hosts a few websites that are just a tad more likely to be the target of an attack, and i myself have pissed off a lot of so called hackers. (i recorded attempts on my server/website like several times a day several times a month for literally, 13 months). I spend atleast a few minutes every day making sure my server is secure, checking logs, and so on. |
|
|
|
|
May 8th, 2006, 11:54 AM
|
#18 (permalink) |
|
Registered User
Comfy Contributor
Joined in Dec 2004
150 posts
Gave thanks: 1
Thanked 1 Time in 1 Post
|
O yea, and for the list of trojans you listed - I wouldn't worry... They are just scripts that run on your servers and are not real trojans as far as I know.
__________________
PeconiHosting.com <-- new design Wicked-Templates.com - High Quality Web Templates Peconi.com - My Personal Website BlackPearl Dedicated Server 20% discount on hosting 4 students! |
|
|
|
