NO site, No emails- hacked!!

Discussion in 'Dorry Pets Pretoria' started by lanzo, 18 Jan 2010.

  1. lanzo

    lanzo Sponsor

    Joined:
    10 Sep 2007
    Posts:
    9,396
    Likes Received:
    26
    Location:
    Centurion
    Hi Guys

    Our server is being hacked at the moment....no emails or DP site will be active until we sorted out the problem.

    Sorry for the inconvenience

    Regards
    Lanzo
     
  2. AdS Guest




    to hide all adverts.
  3. FransSny

    FransSny

    Joined:
    16 Oct 2008
    Posts:
    5,697
    Likes Received:
    67
    Location:
    Hermanus
    bliksem....give me a call if you get a chance
     
  4. RiaanP

    RiaanP Moderator

    Joined:
    11 Aug 2008
    Posts:
    23,142
    Likes Received:
    1,228
    Location:
    Centurion
    just as I'm looking for some pumps....
     
  5. maj

    maj

    Joined:
    13 Oct 2009
    Posts:
    2,054
    Likes Received:
    17
    Location:
    Cape Town
    hope u still got all your old email...my order is on ther......
     
  6. lanzo

    lanzo Thread Starter Sponsor

    Joined:
    10 Sep 2007
    Posts:
    9,396
    Likes Received:
    26
    Location:
    Centurion
    drop me a call frans


    still got it;)
     
  7. jacquesb

    jacquesb Retired Moderator

    Joined:
    29 May 2007
    Posts:
    17,868
    Likes Received:
    69
    Location:
    Cape Town
    Lanzo - is your site hosted on a MS Windows Server server? Or a unix/linux server?
     
  8. lanzo

    lanzo Thread Starter Sponsor

    Joined:
    10 Sep 2007
    Posts:
    9,396
    Likes Received:
    26
    Location:
    Centurion
    MS Windows Server server i think...way?
     
  9. mandarin

    mandarin

    Joined:
    28 Oct 2009
    Posts:
    423
    Likes Received:
    6
    Location:
    Vanderbijlpark
    I'm still waiting for the quote or you forget/got;)
     
  10. jacquesb

    jacquesb Retired Moderator

    Joined:
    29 May 2007
    Posts:
    17,868
    Likes Received:
    69
    Location:
    Cape Town
    Nah - just want to know whether someone was really actually indeed ABLE to crack a unix/linux server. It's really not done on the average day! ;)

    But, sorry to hear of your problems - perhaps you should ask the hosting company's support people if they (and when last did they) apply the latest security patches from Microsoft?
     
  11. vatso

    vatso

    Joined:
    3 Dec 2007
    Posts:
    1,733
    Likes Received:
    9
    Location:
    JHB
    Anything can be hacked! They normally do it using PHP loop holes there are tons of them!

    remember they normally don't have the server as such but the applications that have open ports to the internet & that allows them a back door into the server then.

    Mark
     
  12. jacquesb

    jacquesb Retired Moderator

    Joined:
    29 May 2007
    Posts:
    17,868
    Likes Received:
    69
    Location:
    Cape Town
    Vatso - it depends as what unix user you run your PHP server as, and usually it is definitely not common practice to run any applications as the root-superuser in an unix/linux environment.

    So - even if there are holes in the PHP environment, on a Unix server, they would not be able to bring the server down. Yes - perhaps possibly the PHP server, or perhaps the web-server application - but never the server itself.

    (Sorry - talking from 20 years IT/Unix and Unix security experience).
     
  13. Singularity

    Singularity Hmmm amper!

    Joined:
    3 Apr 2008
    Posts:
    2,496
    Likes Received:
    32
    Location:
    Potch/Centurion/Brooklyn
    well dorry seems to be back online :p
     
  14. jacquesb

    jacquesb Retired Moderator

    Joined:
    29 May 2007
    Posts:
    17,868
    Likes Received:
    69
    Location:
    Cape Town
    Cool! Seems like the Windows Server Security patches have now been applied ;)
     
  15. FransSny

    FransSny

    Joined:
    16 Oct 2008
    Posts:
    5,697
    Likes Received:
    67
    Location:
    Hermanus
    Hi mandarin, do I owe you a qoute or lanzo
     
  16. mandarin

    mandarin

    Joined:
    28 Oct 2009
    Posts:
    423
    Likes Received:
    6
    Location:
    Vanderbijlpark
    My goeie friend LANZO.
     
  17. FransSny

    FransSny

    Joined:
    16 Oct 2008
    Posts:
    5,697
    Likes Received:
    67
    Location:
    Hermanus
    LOL mandarin...you know he tends to "forget" :biggrin: ,will remind him as well when I speak to him
     
  18. Munky82

    Munky82

    Joined:
    11 Oct 2008
    Posts:
    397
    Likes Received:
    3
    Location:
    Port Elizabeth
    And there I was... thinking you're updating the site with some even more AWESOME specials/basicly giving stuff away kinda thing.
    One can only dream.:p
     
  19. seank

    seank

    Joined:
    24 May 2007
    Posts:
    11,984
    Likes Received:
    119
    Location:
    North of Durban and South of Mozambique
    What happened to my order then?????
     
  20. lanzo

    lanzo Thread Starter Sponsor

    Joined:
    10 Sep 2007
    Posts:
    9,396
    Likes Received:
    26
    Location:
    Centurion
    Sorry man....can you please resend the email please man....thwe last couple of days has been hectic on me....im very sorry mandarin.

    ill make it up:)

    :yeahdude: woop woop damn hackers!!!

    looks like it...damn i dont like when things like this happens...luckily nothing got deleted!

    :razz: you are a good college:thumbup:

    yip....will probably happen.....one day:p

    No ways bud....cant be...did you send it to the right person this time?:biggrin:
     
  21. vatso

    vatso

    Joined:
    3 Dec 2007
    Posts:
    1,733
    Likes Received:
    9
    Location:
    JHB
    All Server connected to a network are at risk - Unfortunately



    Most Hosting Company's don't offer proper protection from the outside world & I do not think they patch the servers as much as needed


    Some reading material - always best when it's from some one else



    Securing PHP
    Well PHP is one of the most popular applications that run on Linux and Windows servers today. It's also one of the main sources for servers and user accounts getting compromised. I want to go over some of the things you can do to help lock down PHP, securing php and securing php.ini

    First off you want to figure out how you can edit php.ini This is the main configuration file for PHP. You can find it by logging into shell and typing in the following:

    # php -i |grep php.ini

    Turn on safe_mode


    Safe mode is an easy way to lock down the security and functions you can use. PHP.net explains php safe_mode as, "The PHP safe mode is an attempt to solve the shared-server security problem. It is architecturally incorrect to try to solve this problem at the PHP level, but since the alternatives at the web server and OS levels aren't very realistic, many people, especially ISP's, use safe mode for now."

    I highly recommend you enable safe_mode on production servers, especially in shared environments. This will stop exec functions and others that can easily prevent a security breach.


    See our article on Customizing PHP Safe Mode


    Disable Dangerous PHP Functions

    PHP has a lot of potential to mess up your server and hack user accounts and even get root. I've seen many times where users use an insecure PHP script as an entry point to a server to start unleashing dangerous commands and taking control.

    Search the php.ini file for:
    disable_functions =

    Add the following:

    disable_functions = dl,system,exec,passthru,shell_exec


    Turn off Register Globals

    Register_globals will inject your scripts with all sorts of variables, like request variables from HTML forms. This coupled with the fact that PHP doesn't require variable initialization means writing insecure code is that much easier.
    See PHP: Description of core php.ini directives - Manual

    register_globals = On

    Replace it with

    register_globals = Off

    Run PHP through PHPsuexec Preventing Nobody Access

    The biggest problem with PHP is that on cPanel servers is that PHP will run as nobody. When someone sets a script to 777 access that means the nobody user has write access to that file. So if someone on the same shared server wrote a script to search the system for 777 files they could inject anything they wanted, compromising the unsuspecting users account.

    PHPsuexec makes PHP run as the user so 777 permissions are not allowed. There are a few downfalls to PHPsuexec but I think it's required on a shared environment for the security of everyone. Safe_mode doesn't prevent you from compromising other users files. This is where PHPsuexec comes in, it stops the user from being able to read another users files. It also makes it easier for you, the administrator, to track PHP mail function spamming and lots of other issues caused by PHP scripts because now you can easily track it ot the users account responsible.

    For this you will need to recompile PHP with suexec. On cPanel /scripts/easyapach has this build in.


    I hope this has summed up some of the things you can do to help secure PHP on your server. There's also open_base protection which you can use to prevent users from reading other users files.
    About the Author:
    Steven Leggett is the editor of the server resource and hosting tutorial site, www.webhostgear.com and specializes in system administration and web development.
     
Recent Posts

Loading...
Similar Threads - site emails hacked Forum Date
New website and emails Idol Marine 11 Dec 2014
Website Shopping Cart not Working Reef Aquatics 29 Oct 2016
MPS Website Majestic Pets Solutions 9 Oct 2016
Catching sites near George Beginner Discussions 16 Aug 2016
New Website Facelift Aquarium World 4 Dec 2015
No, we not closing down, we are doing the opposite. Reef Aquatics 13 Nov 2015
Coral ID website? Beginner Discussions 11 Apr 2015