| Author |
Message |
KOMAPA
New Member
Joined: Sep 11, 2004
Posts: 20
|
 Posted:
Mon Jul 18, 2005 11:50 pm |
|
My site was stopped by hosting company because of spaming and server attack try...
Here is some (I thing telnet) log, but I dont understand what is this?!?!
Can somebody help me and do thet more explicably for me?| Quote: | root@nadia:~ on ttyp1
#:> ps auxw |grep domainname
loginname 14258 7.0 0.6 14600 10164 ?? R 8:36PM 0:00.10 /usr/bin/php modules.php
loginname 14215 0.0 0.3 6716 4072 ?? S 8:36PM 0:00.00 /usr/local/sbin/exim -Mc 1DuZXW-0003g3-Tx (exim-4.51-0)
loginname 14231 0.0 0.3 6716 4072 ?? S 8:36PM 0:00.00 /usr/local/sbin/exim -Mc 1DuZXY-0003hD-Ci (exim-4.51-0)
root 14262 0.0 0.1 2696 932 ?? R 8:36PM 0:00.01 /usr/local/apache/bin/suexec loginname loginname modules.php
loginname 42074 0.0 0.3 5012 4416 ?? S 12:29PM 1:33.10 inetd (perl)
loginname 42146 0.0 0.1 3092 1764 p0 Is 12:29PM 0:00.08 /bin/bash
loginname 53851 0.0 0.1 2652 1896 p0 S+ 12:56PM 0:27.59 perl vv.txt mic.txt rdante@dce.unicamp.br eu de novo rafael2.htm
|
Or maybe it's a server security problem?....
Sorry for my bad english.
Tanx in advance! |
| |
|
|
|
Guardian2003
Site Admin
Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam
|
| Posted:
Tue Jul 19, 2005 3:59 am |
|
I would ask them to provde some evidence of their claims. I see nothing in your post above that indicates the server was being compromised.
Do you have any error logs or better still raw access logs - was the server subject to sudden bandwidth useage?
did you have any of Chatserv's 'patches' installed or Sentinel? |
| |
|
|
|
KOMAPA
|
| Posted:
Wed Jul 20, 2005 1:57 am |
|
It's old story....
I use phpnuke 6.0 with all posible patches I thing....
I have a lot hard hand working in the code myself and if I try to upgrade I will lost much unfo from 2,5 years.
Now i download a raw access log, but it's very big... were I can to put it or send it to?... |
| |
|
|
|
|
Guardian2003
|
| Posted:
Wed Jul 20, 2005 2:50 am |
|
You shouldnt lose anything by upgrading but it would take some time by using a file comparison utility.
You didnt say whether or not you had a version of Sentinel or other system installed.
Are you by any chance using a host who provides unlimited bandwidth/ disc space?
Perhaps it is time to change hosts if they cannot provide evidence of server attacks.
You mention 'spamming' - did you still have the old Webmail module installed? |
| |
|
|
|
|
KOMAPA
|
| Posted:
Fri Jul 22, 2005 2:37 am |
|
| Quote: |
You shouldnt lose anything by upgrading but it would take some time by using a file comparison utility.
|
I'l do that this couple of days with 6.0Patched files:
http://www.nukeresources.com/downloadview-details-787-Nuke_6.0_Patched.html
What comparison utility I must to use?
| Quote: |
You didnt say whether or not you had a version of Sentinel or other system installed.
Are you by any chance using a host who provides unlimited bandwidth/ disc space?
|
I use SQL Injection Hack Alert:
http://www.ravenphpscripts.com/download-file-88.html
(there is no Sentinel for PHPNuke v 6.0)
| Quote: |
You mention 'spamming' - did you still have the old Webmail module installed?
|
I'm not using it (not active), but it was there... I delete it. |
| |
|
|
|
|
Guardian2003
|
| Posted:
Fri Jul 22, 2005 12:01 pm |
|
There are a number of file comparison utilities available and I think everyone has a *favourite* depending on the features and complexity they need.
My own 'must have' is a utility called 'Beyond Compare2' http://www.scootersoftware.com/ although it is a 30 day trial it would suit your needs as it compare whole sites in one go including sub folders etc.
I'm not sure what thoughts others have but I would definitely try to upgrade your nuke to 6.9.
If you have back-ups of your files, you have nothing to lose and everything to gain and there is always someone to guide and assist you. |
| |
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Fri Jul 22, 2005 12:33 pm |
|
I have licensed copies of CompareIT, Beyond Compare2 (I think), and most recently, ExamDiff Pro. My preference is ExamDiff Pro (It has a 30 day trial also). I switched to ExamDiff Pro about a month ago as it seems to find the like code better than the others. Just my opinion; ymmv.
As to my hack-alert script, it is outdated, unfortunately. If you had a spamming/server attack, outside of phpnuke, NukeSentinel and Chatserv's patches wouldn't help you there. If you'd like to discuss updating your site (contract work), PM me and we can see what can be negotiated. |
| |
|
|
|
|
KOMAPA
|
| Posted:
Sat Jul 23, 2005 12:59 pm |
|
Tanx guys!
I found this KDiff3 - I use soft like this for fist time, but it works fine for me 
| Quote: | KDiff3 Version 0.9.88
Tool for Comparison and Merge of Files and Directories
(c) 2002-2005 Joachim Eibl
Homepage: http://kdiff3.sourceforge.net/
Licence: GNU GPL Version 2 |
I use the Chatserv's patches and remove the old unused webmail module...
I thik it resolve the problem.
Tanx again ! |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
