Can you SMS your root password to 9017XXXX. We will access your server and diagnose the issue. We will also put in some security measure and update the firewall system to drop the brute force. In regarding to the webpages being hacked over and over again, you will also need ot go through folders to see if there is any file doesnt seem to be yours, you can see it easily by the folder's last changes (date). There must be a PHP file that acting as a "web upload" that can send commands. I will access PHP file to disable common executive commands such as exec() and shell_exec() but this will cause some program to fail, do alert us if you experience issue.
Dear Daniel, We have already secured your server. Please note several changes have been made in DirectAdmin Control Panel 1) Brute Force Monitor - This is to monitor the past 4 days of Brute Force. Only monitors, it won't do anymore than this 2) ConfigServer Firewall&Security - This is a firewall and login failure daemon, what it does it will monitor any brute force and send to the firewall for blocking. You can also key in IP address and click "Block" in a very convenience way. Additionally, we have made some further security 1) PHP - disable some basic dangerous function - shell_exec(), dl() and etc... 2) Port Change - From 22 into xxxx to minimize brute force into SSH 3) Renamed /home/admin/public_html/index.php into virus.index.php. This is because it is scanned to have virus linkage by Norton. The new Directadmin password is sent to you, please change accordingly.
Dear Daniel, We have already secured your server. Please note several changes have been made in DirectAdmin Control Panel 1) Brute Force Monitor - This is to monitor the past 4 days of Brute Force. Only monitors, it won't do anymore than this 2) ConfigServer Firewall&Security - This is a firewall and login failure daemon, what it does it will monitor any brute force and send to the firewall for blocking. You can also key in IP address and click "Block" in a very convenience way. Additionally, we have made some further security 1) PHP - disable some basic dangerous function - shell_exec(), dl() and etc... 2) Port Change - From 22 into xxxx to minimize brute force into SSH 3) Renamed /home/admin/public_html/index.php into virus.index.php. This is because it is scanned to have virus linkage by Norton. The new Directadmin password is sent to you, please change accordingly.
ecko
2013-05-02 22:41
For 大家 information
最初 send 比support 既 email:
Dear Geeks Concepts's Support,
We currently using Geeks Concepts Dedicated Server Service. However, we found there is "brute force ssh attack" to our server. There are hugh number of failed SSH login attempts to our server and they are trying to "guess" our account and password. Please find the access log in the attachment (Access Log.png).
Unfortunately, unauthorized access from anonymous has been done and some of our webpage has been changed by hacker. We had removed the webpage and password had been changed to prevent their access. However, the hacker can access our server again and change webpage again.
I am sure that you must be the expert to solve the similar problem in other server. Would you please help to suggest if there is any tool (block the ip from accessing the server after several failed login attempts) from your side to implement in our server to prevent unauthorized access?
I have some idea to prevent the unauthorized access but I am sure that your solutions will be better. Please help to check if the following can be implemented to our server.
1. Change SSH port from port 22 to another port 2. Configure CentOS to drop packets from anyone but some trusted ip address
freezefox
2013-05-03 00:52
原來佢已經reset左
freezefox
2013-05-06 17:10
跟進一下,供應商個邊己經作出數個改動。如果問題仍然得唔到改善,請通知。
垃圾桶
2013-05-06 20:55
我地會keep mon住個情況
freezefox
2013-05-06 21:13
另外有封咁既電郵,關於供應商改名事宜。
Dear Customer
Regarding to Company Name Change
In order to our company to move forward and to offering a lot more services, we would like to announce starting 1st May 2013, we will change our company name as follow:
GEEKS CONCEPTS LIMITED >>>> GEEKS
Apart from our company name changed, our bank account will also be changed. We will notify you by another email and will be posted by letter for verification of our identity. Our new bank account will begin active on 1st May 2013 and we hope all customers to transfer to our new account accordingly. If you accidentally paid to our old account, it is fine, we will stop receiving payment of our old account on 14th May 2013.
