Virus warning from www.puppylinux.com/manuals.htm

[Caneri]

ttuuxxx.com looks ok from here.

Servage needs to be blocked post haste from all servers that host Puppy Linux.

EDIT: my apologies to all the servage users..but I've spent too much time trying to keep up with servage and it's problems. I have put a temporary block on all of servage until I can see the host move to fix Barry's problem...I am aware most of the servers use servage...maybe time to rethink this and move on...again my apologies.

Eric

[wingruntled]

ttuuxxx.com looks ok from here.

Servage needs to be blocked post haste from all servers that host Puppy Linux.

EDIT: my apologies to all the servage users..but I've spent too much time trying to keep up with servage and it's problems. I have put a temporary block on all of servage until I can see the host move to fix Barry's problem...I am aware most of the servers use servage...maybe time to rethink this and move on...again my apologies.

Eric

That was a very wise move, Eric.
CYPM soon

[HairyWill]

I haven't changed the ftp password before, as I didn't see how anyone could discover it.

plain ftp is insecure usernames and passwords are sent in plain text.
http://www.raditha.com/php/ftp/security.php
That said I think it is unlikely that you have been compromised in this way.

[proxy]

i dont think its a wordpress issue, because all my index.php files were only writable by the owner, so it couldnt been done via script, only from the server, and also not wordpress websites got it too... on my account

my websites are clean, i didnt got the code again, it must be cause by the cluster your in, everyone on the cluster that gets hacked gets their pages modified

[Caneri]

thanks proxy,

Looks to me dedicated linux servers are the way to go...

Eric

[John Doe]

I'm thinking it's an Apache Buffer Overrun Error or Directory Transversal (probably the first one).

If Frontpage extensions were present, they are notorious for being poorly configured on Apache Systems. Although I think I once recall Barry saying he specifically didn't get them with his account (or else I just dreamed that up).

Perhaps even a problem with some type of control panel or other cgi they have with sites. The first would run with enough privilege to modify pages for sure, and one never knows about the others. It all depends on how much they understand about setting up users and isolating processes. Just because someone runs a hosting business doesn't mean they know.

[BarryK]

I don't have Frontpage extensions.

Well, I have told Servage, so let's see how they respond this time. I've backed them into a corner, eliminated every way in which they can blame me, so let us see if they actually do a proper investigation this time.

I had a quick look, and it seems that only the one file is compromised so far. I left it there and immediately notified Servage, but I'll login again soon and clean up.

I know, it's not good to leave the corrupted file there, but I want to give Servage time to see it. Not long though, I'll go through my site soon and clean up.

[John Doe]

I know, it's not good to leave the corrupted file there, but I want to give Servage time to see it.

understood. don't worry at all if it's just those stupid pharmaceutical links.

my global compass isn't always the best, but i think it's mostly stupid US citizens that fall for those. due mainly to the relative price of them here.

[Sage]

'Quote' doesn't seem to be working this morning, John? So I'll use the old fashioned method:
"it's mostly stupid US citizens that fall for those. due mainly to the relative price of them here."

If the US instituted a proper healthcare system to care for their citizens they would do the world a favour as well as themselves. These crooks would have to engage brains for a new scam. Hungary voted for healthcare, yesterday. People should be happy to pay more tax to help those who are less fortunate than themselves. Apart from which, runaway trucks can be unpredictable, so it's just a case of enlightened self-interest. Why isn't it like that in the US? The Pilgrims, Founding Fathers - all those Quakers, caring sharing Communists by any other name, must be turning in their graves.

[NathanO]

Sage,

Sorry you talked about the 'great health care systems' in the world. My sister is married to a Canadian and lives up there. She has the same back problems our mother had when she was alive. My sister was on a 6 to 8 year waiting list to have the operation she needed. The drugs they were giving her did not help. My father, sister, and her husband put together the money to have my sister come back down to the states to have the operation. She is now on a four to six year wait for the second operation. Since she is now almost 60 years old, who do you think is going to get the operation, her or some one younger? Several people younger then her have only waited one to two years.

Better health care? No thanks.

[Sage]

Huh! Jumping the queue at the expense of the poorest instead of paying more tax?! No free lunches in this world.

[Sage]

Excuse me, I had no intention of hijacking this thread, just that the arrogance of some is overwhelming.

Concerning the substantive issue,
Quote from Barry

"I don't have any scripts left. Well, not exactly, WordPress is still there, I just renamed the directory to something no one will guess. Anyway, I shall reply to their reply.
Oh yeah, I've cleaned up my site, yet again."

Can't say I've ever encountered such a tolerant guy. The time to file suit would seem to have long past. Beating one's head against the proverbial doesn't help ( bit like MU with linuxcbon, who won't even disclose this affiliation!). I'd sue without further warning. Nothing to lose. Adverse publicity will help close them down in the long term.

[big_bass]

Sample below:

well ,here is the latest I will update this same post
with a time stamp

************************************************************
Last-Modified: Mon, 10 Mar 2008 12:53:00 GMT

Etag: "6ab0130-326b-af092300"
Content-Length: 12907

************************************************************


still clean from Mon, 10 Mar 2008 12:53:00 GMT
until -----> Wed, 12 Mar 2008 14:50:12 GMT


I know many others are monitoring also
big_bass

[wingruntled]

Barry
Thank You for looking into servage’s history a little farther.
Now you understand IN PART why I was complaining about that useless excuse of a host so much.
Do yourself a favor. Bite the bullet and get the hell out of there.
edited to add: IN PART

[HairyWill]

whilst we're sticking the boot in, I just received this email

Dear Will,
SSL Certificates from only GBP 14.95
Before and After Upgrade

In addition to our focus on your account security, you can actually protect you and your visitors data even further by using a SSL certificate. This enables very strong and absolute protection from any third party gaining access to the sent data during transmission.

The use of secure communication between your website and its visitors is strongly recommended. Therefore we have reduced our prices for SSL certificates by amazingly 50% in order to enable as many people as possible to stay safe!

» Order your SSL certificate from only GBP 14.95
Why should you use SSL?
Before and After Upgrade

Did you know that any data without the use of SSL is sent in plain text? That means any personal data, credit card numbers, passwords etc. are sent to your site (for instance if you use a login form, webshop etc. on your hosting account) can be viewed (and abused) by anyone gaining access to your data transmission!

The best case scenario is your visitor submitting his confidential data via a secure line to your site using an SSL certificate. No one can read the data.
Thank you...

...very much for being with Servage Hosting. We are proud to host your site!

Best Regards,
Jakob, Servage Hosting

Oooohhh I feel all inclined to give them some more money. So I can use ssl to ensure that all traffic to the site is encrypted. I wonder how safe the data is once it gets there?

[prehistoric]

@HairyWill,
Already explained. Servage is staffed with 'bots. Time to reject the null hypothesis?

[Th3_uN1Qu3]

Time to drop Servage, definitely. Check this out:

http://www.hammersound.net/

Just found this when i was looking for some soundfonts for use with Fluidsynth. Site was hacked and the hacker left a message, saying "Servage - where security is no security."

Any of this could happen to us too.

[bobwrit]

I wonder whether the black hats have been on the forums and hence are aware of the counter mesures in place. I know that servage is a bad host and am not denying that.

[alienjeff]

I wonder whether the black hats have been on the forums and hence are aware of the counter mesures in place.

Don't wonder. Presume yes. Fortify accordingly. Compute wisely.

[BarryK]

After arguing with Servage, I cleaned up my site, made sure all scripts were gone, checked dir/file permissions, changed passwords, then waited. Servage indicated they were trying to fix it, myself and guys in this thread were monitoring my site. Then on 9th March, just one file got hacked, puppylinux.com/index.html. I got the feeling that the hacker just wanted to show that he/she could still do it, but was cautious in just hacking one file.

I cleaned it immediately, but I renamed the hacked file to index.htlHACKED-9MAR08, just in case Servage admin wanted to see it.

Well, guess what, today that same index.html has been hacked, and the index.htmlHACKED-9MAR08 has been removed. Just the one file again, the hacker is showing that he can delete any file on my site.

Someone is toying with me.

Today I received an email from someone who came across my news page and was relieved as he has also been plagued with his site (hosted by Servage) being hacked, and being told by Servage customer support that no one else has that problem.

It is interesting that puppylinux.org, which is hosted on another Servage account, appears to be uncompromised. Perhaps it is just a particular "cluster" that is compromised. I'm on Sevage's cluster 39.

I've paid for one year with Servage, just used 3 months of that. They only have a 5 day money back guarantee, and from stories I've read even that is hard to get.

I have decided that even if Servage fix my security problem, I'm leaving, simply on principle. Their customer support tell outright lies.

Also a comment about my experiences with their technical support: they don't seem to have the ability nor the authority to actually fix anything. They just have a set of standard replies to send, and that's it. Probably the penalty paid from out-sourcing the customer support (I read somewhere that's what Servage has done). I need customer support where you talk to an actual admin guy.

Thanks to recent donations from Ian and pakt (Ian in particular, a quiet guy who doesn't say much on this forum, but he is very keen on Puppy and supports me by sending a cheque every now and then), I can afford to signup with another host. I've had some recommendations, I'll have a bit of a look around tonight.