iTec Hosting Services Support Forums  

Go Back   iTec Hosting Services Support Forums > iTec News & Announcements > Server Status
Reload this Page da1a.dnsbasic.com Server Problems
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 11-04-2006, 04:06 AM
iTec Administrator iTec Administrator is offline
Administrator
  
Join Date: Mar 2003
Posts: 177
Default
Dear Valued iTec Hosting Client,

Over the past few days, we have been dealing with the severe problems being encounted on the server da1a.dnsbasic.com/da1b.dnsbasic.com which your hosted domains are on.

The problems of this server were compounded by the recent intrusion by a hacker to the server and the disabling of MySQL, the placing of orphan files on the server which caused the server to become severly overloaded.

On November 1, 2006 at 1:18 PM est, MySQL was taken down by the hacker. This has caused numerous problems, not just for users of MySQL on their websites, but for the server itself.

Login via the Direct Admin Control Panel is not possible. At all. Not even we can get in and nor can the datacenter who set up this server originally.

The MySQL pid file is gone and therefore there is absolutely no access to MySQL either from phpMyAdmin or even from "root" access using SSH. Yes, this is a severe problem.

We had attempted to correct the problem with MySQL, but could not do so. We also attempted to delete some of the files we did locate which were uploaded, but this did not alleviate the server load at all.

When we attempted to reboot the server using "root" and SSH, we found this little gem planted in the server....the domain has been edited to protect our clients from possible malicious software on the offending website

Broadcast message from root (pts/0) (Wed Nov 1 14:20:13 2006):

The system is going down for reboot NOW!
[===== SucKIT version 1.3a, Oct 24 2004 <http://sd.****.nl/sk> =====]
[====== &copy;oded by sd <sd@**cz> & devik <devik@**.cz>, 2002 ======]
RK_Init: idt=0xc03b3000, sct[]=0xc033e7f4, FUCK: Can't find kmalloc()!

okay...maybve I get get MySQL restarted until I move servers....

[root@**** root]# service mysql restart
No mysqld pid file found. Looked for /var/lib/mysql/***.dns******.com.pid.
[root@**** root]#

On November 2, 2006, after a day of trying to get this old server brought back to life, we placed our order for a new server. This server is now in place.

A email will have been sent to you at this same email address with your login information for the new server.


TIME CONSTRAINTS FOR MOVE. We are under a severe time constraint to get everyone moved off the existing server. It is November 4, 2006 3:50 AM est as I write this. This means our clients only have 7 days to complete their moves. The existing server will go offline and be shutdown by the datacenter on November 12, 2006. You MUST be moved by Midnight November 11, 2006. The average website will take 2 hours to physically move between servers. A large website can take upto 8 hours to physically move.

Unfortunately, I do not have the time to manually move your websites and as well, I would not be able to do so as I do not have access to your password on either server. Only you, our client has this information. As well, I will, no doubt, be busy trying to assist people with their support requests. So my time will be limited.

To transfer your domain to the new server, there are a few steps you have to do.

1. DOWNLOAD YOUR EXISTING SITE VIA FTP. Ensure you download via FTP, all the files on the current server your website is on (da1a.dnsbasic.com/da1b.dnsbasic.com) and prepare to upload the pages to the new server.

2. USE FRESH HTML. Before you upload any pages to the new server, ensure that all the pages you are about to upload are indeed pages you wrote. Make sure that NO pages have been added to your site you are not aware of. WE STRONGLY RECOMMEND that you use FRESH WEB PAGES on the new server.

3. DNS. Update your DNS entries for the new server with your registrar. The DNS can propagate in as little as 1 hour, but can take upto 48 hours.

4. EMAIL. There is no way at this time we can download your email from the new server. On the new server, create your email addresses as you had them on the old server, but do not keep these addresses for more than 10 days.

With the hack, we suspect that the culprits now have ALL the passwords for all the MySQL databases, as well as email logins. It is VITALLY important that within 10 days, you change your email address, as well as use a brand new password too. Once your DNS has propagated to the new server, you will once again be able to receive & SEND email from the webserver.

5. MySQL. Sorry, if you do not make a habit of downloading a copy of your db to your own off-server location, we cannot assist you. You will probably find a back-up file in the "backups" folder on the old server and this would/should have a MySQL backup within the tar.gz file.

6. FTP. This works. So use this (login via your username and password for the server) and download all your datafiles to your computer for re-upload to the new server. Mind you, we are asking that people NOT upload any php based scripts which have not been updated recently (within the last 7 days) with the latest security patches.

7. PHP SCRIPTS. These are a huge part of the problem we are having. Clients who have setup say a forum, and have not updated the software since they installed the original program and a hacker finds the insecure script and begins to exploit any hole it may have to relay email, access datafiles etc.

PHP scripts are infamous for security vulnerbilities, and some scripts (ie: phpBB) have been sought out by hackers due to their easy access to a server via an insecure php based script/site. A insecure script can possibly give a person root access to the affected server and the results are what we are experiencing now.

8. PASSWORD. Do not use the same password on the new server that you used on the existing server. This applies to your new email addresses you will be creating, MySQL databases, server logins, or anything that is requiring a password. As mentioned before, we believe the passwords have been compromised and it would not be, in our minds, prudent to continue using the same passwords on the new server.

9. SUPPORT. Support tickets submitted to our PRIMARY support area located at https://www.itechosting.com/ce will be the only ones we will have time to respond to. And it will take some time to do so as, although this email is written to indicate more than one person as part of the support, this is not the case. There is only 1 person on our support staff...and that is Glen Millar.

I will do my very best to respond to your support request as quickly as possible. However from Monday to Friday, I am only available to answer support tickets from 7:00 PM to 2:00 AM and from 10:00 AM to 11;00 AM. I work full-time outside the office from 11:00 AM to 7:00 PM.

I cannot, and from this day forward, cannot promise 24/7 support. I did try in the past to have people assist in answering tickets, but many times all they could do was "unfortunately I can't assist you myself with this but Glen can when he returns"

The above times are the times I can assist people, and on weekends I am able to look after support requests through the day Saturday & Sunday. The only exceptions to this will be the Saturday I have to DJ a party.

A "All Set" email has been sent to you. Use the information within to update your DNS, login to the server and create your email accounts, sub-domains, and Auto Responders. Once DNS has propagated, your site and all features should be working.

SECURITY OF THE NEW SERVER: A common concern for all hosting clients is the security of the webserver. The new server is protected by 2 firewalls, a brute-force detector, a dDos detection program as well as rootkit scanners to scan for malicious activity. This is as secure as one can get a server and the datacenter is confident we have done all we can to ensure the security of the webserver.

We will be doing checks of websites with php scripts and if we find one that is not up-to-date, we will suspend the offending site, and disable the script without warning.

I want to apologise to all of our clients for the inconvenience all this is causing, but please be rest assured, I am working as hard as possible to ensure that a situation like will not happen again. There is no guarantee when it comes to server security, but I have done all one can reasonably do to protect you, and all of our clients from a hack such as we just went through from happening again.

As I think of more information that you will find useful to make the transitions between servers as quick and painless as possible, I will post this information on our Support Forum which is located at http://forum.itechosting.com/index.php .

With Kindest Regards,


Glen Millar
Administrator

--
admin@itechosting.com
Reinventing Internet Support!
__________________
GJM Ventures Inc.
Internet Services Department

Visit our webhosting site at http://www.tygerhost.com
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -5. The time now is 04:13 AM.

iTec Hosting Services: Home Page - Archive - Privacy Statement - Top

Powered by vBulletin® Version 3.6.3
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
Copyright © 2001 - 2010 GJM Ventures Inc. All Rights Reserved