How is security of the sever

[deep]

How is security of the server ? is it safe against hacking ?
a group of hackers told me we can hack the server win1 ,

[hairyfreak]

I don't think it is the security of the server that would be at fault, rather your website hosting. I am sure that the server has the appropriate modules installed to protect against such attempts, but you may have scripts running on your website hosting that are vunerable to attacks, hence your website hosting may be at risk to a hacking attempt.

May I ask, what is your website hosting? Also, who were the group of hackers that told you they could hack the server, and what is their reason for doing so?

[Rock]

Deep,
Such incidents are most of the time rumours/hoaxes, nothing to worry about them.
Our servers are well equipped to fight against such hack attempts & to keep them at bay. We have various tools (firewalls) running on our servers to monitor such events. None of our servers have been yet hacked, but unfortunately (as hairyfreak said) few website hostings are hacked due to insecure permissions set on files by their owners/webadmins.
If you received any such email from the hackers, please have it forwarded to our support dept.

[DavidAllen]

For the past 3 weeks website hostings on jaguar have had files changed - pornography, pharmaceuticals, shell scripts and even ring tones have all been added. Now i have been 'communicating' with support over these 'intrusions' the whole time. They have been polite and occasionally helpful - however there suggestions as to the causes have not been satisfactory.
Explanation 1. "It's individual website hostings where a weak password has been set and the hackers are using brute force methods." This is indeed posssible - however today following support's latest response I reset the password on 3 of my accounts (I'm a reseller with over 60 domains on this server) Within a couple of hours (less than 30mins in one case) the files had been altered to include links to woficlub.com. From my experience over Xmas, (see elsewhere in the forum) when a website hosting wide attack occured, I have a list of other domains on this same server that are nothing to do with me (300+ domains). I've just checked a random sample and yes they too have had the same links added.
Explanation 2 "There was trojan on server due to which the website hosting got infected.
We have updated the required security patches on server, so that such problem wont happen in future" - well it has - several times now. The most common has been to add a hidden iframe at the bottom of the index.html page.
I am at my wits end with all this. Every time i report infections and clean website hostings up another one happens. It has got so bad that yesterday I ordered reseller hosting from another provider - once that is set up and working properly I intend to migrate all my website hostings over and so after many years of reliable service (and i do think you guys geniunely try) and invaluable help all this time - not to mention this forum - i will have to bid adiou
If anyone else is on the jaguar server (64.38.20.21 you might like to check your website hosting and pay particular attention to the dates when files were last changed and check them (the code not just the look of the page in your browser)
Please sort this out EUK
Regards
David

[eUKhost.com]

someone was managing to use BFD on 64.38.20.218 to hack FTP passwords and individual website hostings were injected on the server. Logs show that ftp service was used to download webpages and injected webpages were uploaded again.

This server had such problems in November 2006 and the attackers have become aggressive in last 3 weeks. We have mirrored all data on this server on another server setup in same subnet and right now we are swapping IPs of both servers.

None of your website hostings will go down nor they will face any problems with any service as the reboot process will take less than 2 mins only.

[DavidAllen]

Other than changing the ip - how will that help. And how come the passwords are cracked so quickly? As I said it was less than 30 mins for one website hosting and I used a random 8 char password (generated by http://www.angel.net/~nic/passwd.html)
Also website hostings did go down for a while (minor quibble i know)

[ChrisMcQuillan]

I've had exactly the same problem, DavidAllen.

My index.php files have had code injections of pornography and pharmaceutical links exactly how you described.

Support have assured me before that its been fixed, but yesterday my index.php was wiped and new links injected.

I was told the attacker IP has been blocked from the server, but I don't think this is acceptable (for the website hosting to be hacked 2 or 3 times).

[DavidAllen]

Chris - you don't know how happy that makes me. All the time I've been getting fob off from support - along the lines of Rocks original reply

Quote:

Such incidents are most of the time rumours/hoaxes, nothing to worry about them.
Our servers are well equipped to fight against such hack attempts & to keep them at bay. We have various tools (firewalls) running on our servers to monitor such events. None of our servers have been yet hacked

Which has done little for my sanity as it IS worrying.
Anyway - hope you have cleaned the lates one up - looks to be some script from jsp.gomyron.com god knows what it is meant to do - i've given up following these things to find out.
Regards
David

[ChrisMcQuillan]

We need some decent customer support on this. I want one of the senior admins to start talking.

Unless I'll join you in moving my hosting elsewhere.

My cPanel was offline for a while there, and I can no longer access my email.

[ChrisMcQuillan]

Lol.

My index files got hit again today, this time by the jsp.gomyron stuff you mentioned.

There's obviously a trojan running somewhere on eUKhost's server, or something.

[eUKhost.com]

Servers has been swapped now and your website hostings are running from new server. All services are running smoothly from the new server so if you have any old injections then replace those.

New server has got latest version of pure-ftp and new version is highly secure as per updates on website hosting of pureftp.

Let me know if you see any kind of problems in next 24 - 48 hours as there should be absolutely no problems now on the new server.

[DavidAllen]

Email is not working properly accross all my accounts (both catchall and specific names) - my WHM shows 0 accounts
Please can you fix this
Regards
David

[ChrisMcQuillan]

Ditto on the email problem. Can access inside cPanel, but Thunderbird still seems to want to connect to Jaguar.

[eUKhost.com]

name of new server is jaguar and its IP is 64.38.20.218 so thunderbird should have no problems in connecting. Please provide me with the exact error and I will look into it.

Alex is working on David's problem and I will look into your problem if you provide me with the error you get in thunderbird. I think you should logout from thunderbird and connect again as it might be looking to continue with old session which is not there on new server.

[ChrisMcQuillan]

I get the message:

Sending the password did not succeed. Mail server mail.scifiheaven.net responded: Maildir invalid (no 'cur' directory).

My password is correct, cause an incorrect password returns "Login failed".

[eUKhost.com]

Quote:

Originally Posted by ChrisMcQuillan

I get the message:

Sending the password did not succeed. Mail server mail.scifiheaven.net responded: Maildir invalid (no 'cur' directory).

My password is correct, cause an incorrect password returns "Login failed".

please logout and relogin. If that doesnt work then change the password for your mailbox from the control panel and check if that works. If that doesnt work then let me know the email address in question and I will take a look into it.

[DavidAllen]

I did that (changed the password from cpanel/whm) and still get the same error as Chris

[ChrisMcQuillan]

Changed the password. Still no effect. Have tried from two separate machines.

Email is chris.mcquillan @ scifiheaven.net

Cheers

[ChrisMcQuillan]

Problem seems to have been rectified.

Thank you for your help.

Best,
Chris

[Brian]

My last few problems have been the same David. I got an email from Google saying i was removed from the search engine due to URL's in the source code. I checked, and low and behold there was tonnes of the usual porn, viaga etc etc in my source code. I have been trying to reupload my HTML pages daily as a result, untill EUK can guarentee that this bout of attacks is over.

However, they did mess up my Coppermine gallery and EUK have been great in restoring it twice. In my gallery/albums/ directory there are tonnes of anal fisting yada yada folders there that when i deleted one of em, the whole website hosting borked up. EUK has done pretty good in regards to this and ill open a ticket about it if its not fixed.