| Re: what is yahoo counter? | |
Posted: 01/26/2009 9:49 PM |
|
|
|
|
Site Admin |
Posts |
30756 |
Word Cnt. |
2,628,678 |
BDay |
Jul 28 |
Sign |
Leo |
Sex |
|
|
|
|
Joined: Sep 25, 2004
Local time: 3:58 PM
Location: St Pete, FL
|
|
|
|
|
|
Ok, these files do not belong here:
The .htaccess file redirects to the php files that have numbers for their names. This is a fairly common hack where the hacker does not modify any of your files but is able to grab traffic or use the files for spamming purposes. They can use your domain email server to send out spam that can't be tracked back to them...
I will delete these files for you and continue looking for others...
|
|
|
|
|
Back to Top |
|
|
| Re: what is yahoo counter? | |
Posted: 01/27/2009 11:34 AM |
|
|
|
|
Citation |
Posts |
4813 |
Word Cnt. |
427,864 |
BDay |
Oct 23 |
Sign |
Scorpio |
Sex |
|
|
|
|
Joined: Feb 09, 2005
Local time: 3:58 AM
Location: Sterling IL
|
|
|
|
|
|
Thanks nr. IX did reply, you can check it if you want but I will post what they said
Paste:
Also we can try to restore your account from our backup. Restoration may help in fixing this issue.
Paste:
Let me express the most sincere apologies according to the inconveniences you have faced. But, please, note that most of hackers' attacks are usually done through vulnerabilities of website software which you are using (like forums, blogs, CMS). We cannot keep them secured as we are not the developers of such kind of software. From our side, all server-side software (web services, FTP services, etc..) we are keeping up-to-date and protected. Anyway, it is strongly recommended to review everything that you have in website folder and check web server logs to determine the way you may protect your application against further intrusions. If you have any widely-used software installed, check the vendor site for recent updates or security fixes.
The attack that happened to your sites could be made via an FTP access to your account. Unfortunately, we don't suggest secure FTP connection, for the reason of shared hosting. Please, could you change the FTP passwords under FTP MANAGER icon -> opposite to password field click on Edit. Please, take all of the appropriate measures to prevent other people access your FTP account and use your FTP login information.
Well, what could be done to prevent it from happening again? Please note that most of hackers' attacks are usually done through vulnerabilities of website software which you are using (like forums, blogs, CMS, any other php-based applications). We cannot keep them secured as we are not the developers of such kind of software. From our side, all server-side software (web services, FTP services, etc..) we are keeping up-to-date and protected.
So, It is strongly recommended to review everything that you have in website folder and try to determine the way you may protect your applications. For example, If you have any widely-used software installed (forum, blog, etc.etc.), check the vendor site for recent updates or security fixes.
Please also note that your files are located on the Linux-based server and you are able to change file/folder permissions so make sure you do not have any "open" files/folders with write permissions set for all.
So please check if any folders has full granted permissions 777 set, which is means that it's worldwriteable for anyone from the Web. Recommended permissions are 755 or 644.
For changing permissions you can use following steps:
1 Go to webshell
2 Find certain folder
3 click on little folder icon left from folder name
4 at right side you will see permissions table
5 choose needful permission mask
6 click change
Also we can try to restore your account from our backup. Restoration may help in fixing this issue. |
|
|
|
|
Back to Top |
|
|
| Re: what is yahoo counter? | |
Posted: 01/27/2009 11:37 AM |
|
|
|
|
Citation |
Posts |
4813 |
Word Cnt. |
427,864 |
BDay |
Oct 23 |
Sign |
Scorpio |
Sex |
|
|
|
|
Joined: Feb 09, 2005
Local time: 3:58 AM
Location: Sterling IL
|
|
|
|
|
|
BTW, thias may mean nothing but IX and your forum are very slow loading today,. My forum loads ok and others sites, but when I went to IX and here it almost stalls out. |
|
|
|
|
Back to Top |
|
|
| Re: what is yahoo counter? | |
Posted: 01/27/2009 2:41 PM |
|
|
|
|
Citation |
Posts |
4813 |
Word Cnt. |
427,864 |
BDay |
Oct 23 |
Sign |
Scorpio |
Sex |
|
|
|
|
Joined: Feb 09, 2005
Local time: 3:58 AM
Location: Sterling IL
|
|
|
|
|
|
I think I will delete both my website emails. I need to change my password for cp too. I don't want to lock you out nr, but what if the hacker comes back in before I change it... |
|
|
|
|
Back to Top |
|
|
| Re: what is yahoo counter? | |
Posted: 01/27/2009 4:21 PM |
|
|
|
|
Citation |
Posts |
4813 |
Word Cnt. |
427,864 |
BDay |
Oct 23 |
Sign |
Scorpio |
Sex |
|
|
|
|
Joined: Feb 09, 2005
Local time: 3:58 AM
Location: Sterling IL
|
|
|
|
|
|
I finally got done babysitting so I will search some of my folders with wingrep. Here is what I found to do:
------
Go into the CP->scripts folder and look for things likechat, forum, guestlog, weird pictures etc. They always accompanied the yahoo counter virus thing.
http://www.wingrep.com/
For example, download your website folder to your computer, and do a search for
Code:
|
"<script language=JavaScript>function "
|
in that folder using wingrep and you will find all the pages on your site that contain that bad code. |
|
|
|
|
Back to Top |
|
|
| Re: what is yahoo counter? | |
Posted: 01/27/2009 4:44 PM |
|
|
|
|
Site Admin |
Posts |
30756 |
Word Cnt. |
2,628,678 |
BDay |
Jul 28 |
Sign |
Leo |
Sex |
|
|
|
|
Joined: Sep 25, 2004
Local time: 3:58 PM
Location: St Pete, FL
|
|
|
|
|
|
The CP folder is stored on our domain and every sub-domain. If you run the cp/scripts/forum.html file, it runs the Extropia software. I'm guessing that this folder and its contents were added to every domain and sub-domain by IX. It would be good to find out though...
IX will continue to blame lots of things on your end for the attacks. They have told me the same thing. I don't know about you, but we are not in the habit of giving out our FTP login information. So if the hacker is gaining access to our server through the FTP server, they are not getting it from us. IX will blame rogue software on our PCs for obtaining the FTP login information, but if that was the case, every site that I have ever worked on would be getting hacked too. That is not happening. Mostly, this seems to be happening to IX customers only. So for me, it seems clear that IX has security problems on their servers...
IX blamed outdated software for the attacks that started on our site November 26. But if you remember, no one could access any of our code on November 26 because they were all offline due to the server move. If we could not access our own code, then a hacker could not have been able to do it either. The outdated software explanation falls flat too...
IX continues to attempt to blame everyone else for these problems but they don't seem to be putting any effort into tracking the security problems on their own servers. I managed to get them to tell me what security software they use, which turns out to only be used for the incoming email servers and the software apparently isn't rated well in every review I have read. Their security software is Open Source and Beta software. Based on what I have been told, IX doesn't seem to have invested anything in security software for its servers...
|
|
|
|
|
Back to Top |
|
|
| Re: what is yahoo counter? | |
Posted: 01/27/2009 4:46 PM |
|
|
|
|
Site Admin |
Posts |
30756 |
Word Cnt. |
2,628,678 |
BDay |
Jul 28 |
Sign |
Leo |
Sex |
|
|
|
|
Joined: Sep 25, 2004
Local time: 3:58 PM
Location: St Pete, FL
|
|
|
|
|
|
fishead wrote:
|
I think I will delete both my website emails. I need to change my password for cp too. I don't want to lock you out nr, but what if the hacker comes back in before I change it...
|
You can go ahead and change everything. If need be, you can give me the new information. I really am doubting that the hacker has your login information though. That seems to be a lame excuse that IX is using to pass the blame instead of taking responsibility and fixing the problems on their end...
|
|
|
|
|
Back to Top |
|
|
| Re: what is yahoo counter? | |
Posted: 01/27/2009 4:48 PM |
|
|
|
|
Site Admin |
Posts |
30756 |
Word Cnt. |
2,628,678 |
BDay |
Jul 28 |
Sign |
Leo |
Sex |
|
|
|
|
Joined: Sep 25, 2004
Local time: 3:58 PM
Location: St Pete, FL
|
|
|
|
|
|
fishead wrote:
|
BTW, thias may mean nothing but IX and your forum are very slow loading today,. My forum loads ok and others sites, but when I went to IX and here it almost stalls out.
|
The server we are on is not stable. It really has nothing to do with the hacker or anything else. IX just updated our ticket claiming that they fixed the problem, so it will be interesting to see if the slowness and the lockups continue. I don't have any faith in IX tech support anymore, so I will not be surprised if the problems continue on the server we are on right now...
|
|
|
|
|
Back to Top |
|
|
| Re: what is yahoo counter? | |
Posted: 01/27/2009 5:14 PM |
|
|
|
|
Citation |
Posts |
4813 |
Word Cnt. |
427,864 |
BDay |
Oct 23 |
Sign |
Scorpio |
Sex |
|
|
|
|
Joined: Feb 09, 2005
Local time: 3:58 AM
Location: Sterling IL
|
|
|
|
|
|
wow, maybe we should be looking for a new host. Darn I just paid two years too.
I did a search in two places, cp and everything in there plus images in forum and it didn't find anything.
OK I will do that later, change my passwords. I agree, I don't think anyone hacked in to the server. I don't need those emails, don't use them much anyway. |
|
|
|
|
Back to Top |
|
|
| Re: what is yahoo counter? | |
Posted: 01/27/2009 11:19 PM |
|
|
|
|
Site Admin |
Posts |
30756 |
Word Cnt. |
2,628,678 |
BDay |
Jul 28 |
Sign |
Leo |
Sex |
|
|
|
|
Joined: Sep 25, 2004
Local time: 3:58 PM
Location: St Pete, FL
|
|
|
|
|
|
We already attempted to move to Host Monster (Bluehost) but I didn't like their server setup and the limitations in phpMyAdmin and with the FTP connections. We will continue to look for a host that is worthy of our business. I am really sick of dealing with IX...
|
|
|
|
|
Back to Top |
|
|
| Information | |
|