Thanks for all the advice folks.
Over the last 7 years, I've kept myself up to date on the most common, appropriate and effective ways to keep our servers secure. I've implemented pretty much all the advice given in this forum which is why I was shocked to see this happen. As I said, its the first time that we've had a whole server compromised. I was caught napping and its been a reminder to continue to pay close attention to keeping everything as tight as possible.
Last edited by 4u123; 12-01-2009 at 03:51 AM.
Just...wow.There is several new exploits in the wild the past week that has kept me psychotically busy the past few days with clients all over the world as I'm right at the top of the call list for most data centers and many hosts particularly where it comes to security but I'll squeeze you into my schedule if you would like me to take a look.
Without even spending more then 30 seconds looking at Spirals setup I can tell you now I wouldn't even bother he cant even secure his own DNS server.
I thought i was the only one got hacked like this. Same kernel 2.6.9-78.0.22.ELsmp and centos 4.8. suPHP.
It was the last server to be migrated to the latest Centos 5, we had around 100 mini accounts in that server.
I found out the root password got changed through shell history.
We got locked out but managed to log in using key and changed back the password.
from history they wget Perl script (as root) and defaced index files in all directories.
We secured the server with tmp noexec, not offering shell, mod_security, disabled functions in php.ini etc. Chkrootkit said nothing being modified.
For more info check out this link http://www.webhostingtalk.com/showthread.php?t=590726
Last edited by neutro; 12-01-2009 at 02:02 PM.
You seem to be a little bit confused!Originally Posted by rejected
1. My DNS is quite secure! (you have absolutely no idea!)
2. What the hell are you looking at anyway?
I find it kind of interesting that you say your "looking at Spirals setup" when you don't even know my address!
If you are so sure of yourself, let's see you hack my DNS?
This ought to be quite amusing!
(Oh and for the record, I'm not using BIND or any Cpanel option either
and that is the biggest up front hint I'll give you)
What exactly is your problem anyway?
Note I didn't say "ALL" data centers, I said "MOST" major data centers!
Just for your FYI --- that is most certainly NOT b/s! ---
I have more than 33+ years active security experience in the field and am very good at what I do far more than you could possibly imagine
and I would caution you to the wise not to under estimate anything!
And to jpetersen, for your information I have many private individual, corporate, web hosting, and data center clients (actively on retainer for 18 data centers + 26 others on a "as needed" basis) many who have been with me for a great many years, and also a number of government clients as well from all parts of the world and all my clients consistently through the years and even decades speaking nothing but praise about me continually and quite often (sometimes even to my own dismay)
always want me specifically and demand that there be "no one else" but me and "me alone no matter the price" and that should probably say something in and of itself!
In fact, if you go though all the posts here over the years and elsewhere, exactly how many do you see talking negatively aside from yourself (and this thread) over all the years I've been here! You don't!
And that is precisely my very point indeed!
Jpetersen, you don't even know who I am, don't know anything about me whatsoever and yet you alone continue to blindly make false statements you know absolutely nothing about!
It is one thing to say there are other consulting options out there and that is perfectly fine and I even make alternative recommendations myself sometimes but it's another to flat out call me a liar when you have absolutely no basis whatsoever and don't know your facts!
Is it jealousy? Rub you wrong in a former life?
Enjoy making wrong assumptions?
Are you assuming that I'm overly inflating myself?
I'm not! And you will find I very much tell things like they are openly!
In more than 3 decades, I've only had one unhappy client and I will tell you right now that was a guy earlier this year in Canada who kept sabotaging his own servers to the point he actually prevented me from being able to get any real work done and then turned around and blamed me for his own screw ups! Every time I tried to work on something, he'd go and stop the processes or change something to break everything and force me to keep doing the same things over and over again. He cost me thousands of dollars in lost jobs because I had to keep postponing other clients because he'd keep sabotaging me over and over again. Basically just a bad client .... it happens now and then
no matter how well you do your job.
My real point is that outside of that one blemish, I have had nothing but continuous non-stop praise from the thousands upon thousands of clients I have served over the many, many long years and decades I have spent working in this specialty field!
In 33+ years and more clients than I can count, those who I would were in any way unhappy could be numbered on my fingers!
That is a true testament! I openly challenge anyone to match that!
So again I ask, what exactly is your problem?
Oh wait --- that's it --- let me guess, you are Mr. Canada!
That's it? Isn't it! Isn't it?
Uh huh .... that would be the rub! If that is you, get a life!
By the way, here is something you also may not realize ...
In 2006, I became very ill and was later diagnosed with terminal stage IV cancer and not given more than a few weeks to live but I beat my chances though due to a complication of the treatment, I ultimately ended up in a coma on life support with severe lung damage unable to breath on my own. Against all odds, I eventually recovered fully and after going offline and away from the world for very nearly 2 years, I was finally well and healthy enough to return to work and what was most amazing is that not that I had survived or that the cancer was cured.
The most amazing thing is what happened upon my return ...
Upon my reappearance in the technology world, I was shocked and surprised to find hundreds of requests, email messages, and phone calls from all corners of the world, most all of my old former clients begging me to to come back and telling me that they would switch back to having me handle all their issues in a heartbeat if I were really truly returning like they heard --- after nearly 2 years totally gone without a trace, that kind of a response should speak much for itself!
And to 4u123, when I offered to help you, I sincerely meant that!
My post was not a sales pitch and I don't want your money!
There are absolutely no strings attached!
I am very selective about who I offer to help in that manner but every once in a while, someone will post something that that gets my attention enough that it is clear that the poster needs real help or the problem is one that the poster really need to be careful not to make any mistakes.
Your post was such a post and I just want to help make sure your situation is handled properly and effectively to the best possible!
Last edited by Spiral; 12-02-2009 at 11:13 PM.
I disagree with using dishonesty to gain trust, hence my posts.
Last edited by jpetersen; 12-03-2009 at 12:21 AM.
Wait you had your Skype on the last post AXFR google it and test your DNS server...You seem to be a little bit confused!
1. My DNS is quite secure! (you have absolutely no idea!Enjoy! <3 BSD if you had half a brain you would be using it
I absolutely and wholeheartedly agree 100% with that statement!
In my business, there is nothing more important than trust and honesty!
The problem here is that you made some wrong assumptions and then chose to attack me based solely on those assumptions and the sad thing is that you couldn't be any more wrong! Just because something sounds "unbelievable" to you doesn't necessarily make it so and to that extent I can say with a clean and clear conscience that I have never been dishonest, misled, or lied to anyone!
The bottom line is you should try to get your facts in order before going on a campaign to accuse a person of lying or trying to hurtfully attack someone whom you clearly know absolutely nothing about whatsoever!
On the flip side of that statement, I personally would not blindly believe everything I read either. In my business, it is not uncommon to be the target of slander campaigns, those making up false rumors or publishing false facts or gossip all because some little script kiddie somewhere is unhappy that he got caught and looking for a way to strike back! In fact, speaking of assumptions flying around, that is my first impression and assessment of yourself!
Regarding your posted hyperlinks -- you ironically just made the very same mistake yet again!
Wrong assumptions, wrong facts, and in the case of your current post, even the wrong identity as well!
I don't know about yourself but I myself am a member of this community first and foremost to help people who need help by providing thoughtful answers to their questions and offering my knowledge, skills, and experience where it might be of real help to someone.
If you have something positive to contribute to the topics and questions in this community then by all means do so! Some days I work nearly 24 hours per day helping hosting my clients and I'm not always 100% at my peak so if I miss something every now and then, please by all means do chime in as the more information and feedback a forum member gets to their questions, the better equipped they'll be to handle their problems!
However, enough with the personal attacks, blind assumptions, and mangling of facts!
It is one thing to say "Hey Spiral -- care to look at that again?" which is perfectly reasonable but to say something along the lines of "Don't listen to Spiral! He doesn't know what he's talking about!", that is something entirely different and in my book uncalled for and completely out of line!
It just so happens, in your earlier attacks regarding the quick 10 second script to help the user with the permission problems, I had just come off of a 74 hour marathon rebuild session with a data center helping them recover from a really nasty hacking situation and was barely awake, not really in a good position to be online but I did my best to try to help the cpanel user with their question and gave them a quick script that was not really mean for major production but rather to illustrate how to deal with their issue. Yes, I forgot a few "--" but instead of pointing that out or being clear of yourself, you chose to flat out attack me and treat me like a moron.
The next day and after some much needed sleep, I saw what you should of originally said and revised my posts with better code and apologized for not seeing the coding error the night before. However, either you or someone must have pulled some strings with administrators here because someone other than me later again rewrote the posts changing the code back and adding comments I never said!
You have been continually attacking me since!
To that regard, I do believe you owe me an apology!
Aww! Okay .... Well that explains a lot!
My Skype and MSN addresses have no bearing on my actual sites!
(You didn't pickup on any of that having those posted publicly when there are spam bots around to see that?)
BSD? Are you kidding me? The things I could show you about BSD!
Anyway, to both of you ---
Why don't we all agree to put an end to this nonsense!
Enough with all the wrong assumptions, off topic posts, and unfounded personal attacks!
As for myself, I intend to get back to the real issues of this forum community and it's users and this will be my last final comment on this matter!
Good Day
Last edited by Spiral; 12-03-2009 at 03:28 PM.
I try to stay out of this sort of thing most of the time, but this comment was a bit too far over the top to ignore. I have access to see who has edited a post, how many times and the date on each and every edit made.The next day and after some much needed sleep, I saw what you should of originally said and revised my posts with better code and apologized for not seeing the coding error the night before. However, either you or someone must have pulled some strings with administrators here because someone other than me later again rewrote the posts changing the code back and adding comments I never said!
Those scripts posted by you in the other thread were never touched by anyone other than you, Spiral. They were in fact edited multiple times, over a period of a month from the first edit to the most recent. One of them over 10 times, all by you. No one else made any revisions to your revisions.
This thread is going nowhere fast and so is now closed.
LinkBack URL
About LinkBacks