[論壇公佈]發現有2個網頁檔案被插入程式碼問題已修復，用戶請即採取下列措施 [復制鏈接]

freezefox:定係我地自己都可以攪得掂。 (2013-05-02 21:37) 

呢D 野, 唔想自己搞~ 始終人地先係專家~

ecko:呢D 野, 唔想自己搞~ 始終人地先係專家~ (2013-05-02 22:06) 

重有~ 有D 野唔係我地自己可以做到~

ecko:重有~ 有D 野唔係我地自己可以做到~ (2013-05-02 22:07) 

但頭先你又話你有COCERN？

freezefox:但頭先你又話你有COCERN？ (2013-05-02 22:22) 

係有少少concern~
不過佢出到 reset a/c 黎搞我地d server, 咁我不如比佢啦~

ecko:係有少少concern~
不過佢出到 reset a/c 黎搞我地d server, 咁我不如比佢啦~
[表情] (2013-05-02 22:24) 

RESET 左啦？定係建議咋？

Dear Daniel,
We have already secured your server. Please note several changes have been made in DirectAdmin Control Panel
1) Brute Force Monitor - This is to monitor the past 4 days of Brute Force. Only monitors, it won't do anymore than this
2) ConfigServer Firewall&Security - This is a firewall and login failure daemon, what it does it will monitor any brute force and send to the firewall for blocking. You can also key in IP address and click "Block" in a very convenience way.
Additionally, we have made some further security
1) PHP - disable some basic dangerous function - shell_exec(), dl() and etc...
2) Port Change - From 22 into xxxx to minimize brute force into SSH
3) Renamed /home/admin/public_html/index.php into virus.index.php. This is because it is scanned to have virus linkage by Norton.
The new Directadmin password is sent to you, please change accordingly.

For 大家 information

最初 send 比support 既 email:

Dear Geeks Concepts's Support,

We currently using Geeks Concepts Dedicated Server Service. However, we found there is "brute force ssh attack" to our server. There are hugh number of failed SSH login attempts to our server and they are trying to "guess" our account and password. Please find the access log in the attachment (Access Log.png).

Unfortunately, unauthorized access from anonymous has been done and some of our webpage has been changed by hacker.
We had removed the webpage and password had been changed to prevent their access. However, the hacker can access our server again and change webpage again.

I am sure that you must be the expert to solve the similar problem in other server. Would you please help to suggest if there is any tool (block the ip from accessing the server after several failed login attempts) from your side to implement in our server to prevent unauthorized access?

I have some idea to prevent the unauthorized access but I am sure that your solutions will be better. Please help to check if the following can be implemented to our server.

1. Change SSH port from port 22 to another port
2. Configure CentOS to drop packets from anyone but some trusted ip address

原來佢已經reset左

跟進一下，供應商個邊己經作出數個改動。如果問題仍然得唔到改善，請通知。

我地會keep mon住個情況

另外有封咁既電郵，關於供應商改名事宜。

Dear Customer

Regarding to Company Name Change

In order to our company to move forward and to offering a lot more services, we would like to announce starting 1st May 2013, we will change our company name as follow:

GEEKS CONCEPTS LIMITED >>>> GEEKS

Apart from our company name changed, our bank account will also be changed. We will notify you by another email and will be posted by letter for verification of our identity. Our new bank account will begin active on 1st May 2013 and we hope all customers to transfer to our new account accordingly. If you accidentally paid to our old account, it is fine, we will stop receiving payment of our old account on 14th May 2013.

您好

有關轉公司名稱事宜

讓我們繼續提供更多服務，我們將會在五月一日起使用以下新的公司名稱
GEEKS CONCEPTS LIMITED >>>>> GEEKS
除了轉公司名字外，我們也會更改銀行帳戶號碼。新的帳戶號碼將會以另一電郵及郵件寄給客戶。
請閣下從五月一日起使用我們新的銀行帳戶號碼支付服務費用。如客戶將費用支付到舊的銀行帳戶，我們會繼續收集直至五月十四日。


Thanks
Geeks Concepts Limited

2013-05-09 Update

暫時冇再發現可疑既access log