Portal Home > Knowledgebase > Articles Database > Planet security issues, I need help
Planet security issues, I need help
| Posted by Longshoreman, 10-22-2010, 11:51 PM |
| I host a server at the Planet, have been for about 7 years. Lately users on one of our forums have been getting blasted with AV warnings about trojans, viruses, hacks, take your pick. My abilities to handle this are limited to html, setting up forums, and such, so I contacted the Planet Advance Services to look into this problem. I have no problem paying them their extra fees, but so far they have not found any problems at all. And of course, so far the issues my users are seeing have gotten massively worse. Today I got over 104 emails from people saying
QUOTE: What happened when Google visited this site?
Of the 461 pages that we tested on the site over the past 90 days, 16 page(s) resulted in malicious software being downloaded and installed without user consent. The last time that Google visited this site was on 2010-10-22, and the last time that suspicious content was found on this site was on 2010-10-21.
Malicious software includes 11 exploit(s), 8 trojan(s). Successful infection resulted in an average of 1 new process(es) on the target machine.
Malicious software is hosted on 6 domain(s), including tyqudaf. co. cc/, rrcch. com/, vifyxoq. co. cc/.
This site was hosted on 1 network(s) including AS21844 (THEPLANET).
|
| Posted by Longshoreman, 10-22-2010, 11:54 PM |
| and this
QUOTE I don't know who maintains your ultimate (my domain) com web site but every time I visit it I get warnings from Norton that it is trying to hack my PC. 1 is MSIE JDE Input Validation and the other is HTTP Crime Pack Tookit. Just an FYI it gets blocked but you may want to have your web guys look into this.
*************************************************
For gods sake, what could be causing this and why can't Planet Advance Services help?
What would you do? Is there a reputable server security company you can recommend? This cannot be a new thing, someone out there must have seen stuff like this before.
Desperate and worried.
|
| Posted by fabin, 10-23-2010, 02:08 AM |
| Most probably there might be PHP shell scripts in your hosting accounts, which are used to upload malicious contents. You can have your entire server scanned with clamav and remove all malicious files.
These can happen if the web applications hosted in your server is vulnerable.
|
| Posted by Syslint, 10-23-2010, 02:27 AM |
| You must check the php scripts hosted in your server. You can also check the domlogs which scripts are trying to access. Check for world writable files . Also upgrade your forums and other php scripts. Some times some third party plugins will make issues like this
|
| Posted by LnxtecH, 10-23-2010, 02:27 AM |
| Check the accounts for viruses. You may use clamav for the same
- See if any iframes are injected into the php pages.
If you are not an expert in the admin stuff, I would suggest to get someone to do this job for you.
|
| Posted by prashant1979, 10-23-2010, 03:13 AM |
| I would not say it is ThePlanet security issue. The world knows such types of attacks are usually SQL Injection or Gumblar. While SQL Injection is because of insecure code, the gumblar attack is due to compromised FTP password through a virus on local computer. In either ways, a hosting provider or Datacenter cannot be termed as the culprit. It is best you diagnose what kind of exploit you have on your website and take action accordingly to resolve it.
|
| Posted by Longshoreman, 10-23-2010, 08:13 AM |
| I would love to. Who? I would be happy to hire an expert, as I said in post 1.
I understand, but the problem is, I cannot "diagnose what kind of exploit you have on your website", it is beyond my abilities. I have hired Planet advance tech services to find this problem. They have run a clamscan, found nothing. I appreciate all the technical suggestions, that's the kind of stuff I hope Planet is doing. If they are unable to find the problem, who can?
|
| Posted by khunj, 10-23-2010, 09:55 AM |
| Antivirus are almost useless. They can detect virus, trojan, shell scripts based on signatures but that's all. Assuming that someone injected code inside your page (ie:
|
Shared Hosting
Shared Hosting
