Virus warning from www.puppylinux.com/manuals.htm

Puppy related raves and general interest that doesn't fit anywhere else
Message
Author
proxy
Posts: 2
Joined: Sun 09 Mar 2008, 18:01

Servage

#76 Post by proxy »

i had problems recently with servage with exploit Iframe trojan found on my websites : here i wrote about it on my blog
http://www.proxyutza.com/2008/03/07/exp ... infection/

wingruntled

#77 Post by wingruntled »

The general consensus of servage is. You get what you pay for (sarcasm) and most of the time it’s less of what they claim and more of what they refuse to acknowledge. The TYPES of some sites that they host draws a very clear picture really.

User avatar
BarryK
Puppy Master
Posts: 9392
Joined: Mon 09 May 2005, 09:23
Location: Perth, Western Australia
Contact:

Re: Servage

#78 Post by BarryK »

proxy wrote:i had problems recently with servage with exploit Iframe trojan found on my websites : here i wrote about it on my blog
http://www.proxyutza.com/2008/03/07/exp ... infection/
I got that too. I was getting the top-level index.html files in each of my domains repeatedly compromised. On other occasions it was the index.html or index.php files in each directory, and on other occasions also other html files. In other words, it seems to be different exploits at different times.

My trouble started after I installed WordPress, which you also have. I upgraded WordPress to latest version, but perhaps that was too late. I did repeatedly upload my files and I changed my control panel password.

Right now we are watching my site to see if it gets compromised. This last time, as well as re-uploading the files, and removing all scripts as well as WordPress, I also changed both control panel and ftp passwords -- I haven't changed the ftp password before, as I didn't see how anyone could discover it.

Anyway, it's interesting that we have WordPress as a common factor, and maybe Servage is not the culprit.

Anyway, if my site gets hacked this time, I'll know it is Servage's fault. So we are all waiting with bated breath (perhaps the hacker is reading this too, unfortunately -- I'm getting paranoid!).
[url]https://bkhome.org/news/[/url]

jamesbond
Posts: 3433
Joined: Mon 26 Feb 2007, 05:02
Location: The Blue Marble

#79 Post by jamesbond »

Unfortunately I have to break the bad news - puppylinux.com index page is hacked again here at 12:38pm AEDT - which is is only a few hours after Barry's last post. It contains the drugs link again ... :shock:

Sample below:

Code: Select all

<small>No part of this page is to be reproduced anywhere else. I have found
that there is a problem where parts of my web pages are being inserted
at other sites, then not updated, whereas I am updating my pages
regularly. This is not a desirable situation, so please just link to my
pages.</small></div>
      </td>
    </tr>
  </tbody>

</table>
<br>
</body></html>
<font style='position: absolute;overflow: hidden;height: 0;width: 0'>
<a href="http://csulb.edu/~jbanuelo/aaa/new/vi/tmp.php?q=buy-standing tall.htm" title="buy standing tall">buy standing tall</a> 
<a href="http://csulb.edu/~jbanuelo/aaa/new/vi/tmp.php?q=buy-standing tall-online.htm" title="buy standing tall online">buy standing tall online</a> 
<a href="http://csulb.edu/~jbanuelo/aaa/new/vi/tmp.php?q=buy-standing tall-online-standing tall.htm" title="buy standing tall online standing tall">buy standing tall online standing tall</a> 
<a href="http://csulb.edu/~jbanuelo/aaa/new/vi/tmp.php?q=standing tall-buy.htm" title="standing tall buy">standing tall buy</a> 
<a href="http://csulb.edu/~jbanuelo/aaa/new/vi/tmp.php?q=where-to-buy-standing tall.htm" title="where to buy standing tall">where to buy standing tall</a> 
<a href="http://csulb.edu/~jbanuelo/aaa/new/vi/tmp.php?q=buy-standing tall-now-online.htm" title="buy standing tall now online">buy standing tall now online</a> 
... and others follow (a very long list)
Fatdog64 forum links: [url=http://murga-linux.com/puppy/viewtopic.php?t=117546]Latest version[/url] | [url=https://cutt.ly/ke8sn5H]Contributed packages[/url] | [url=https://cutt.ly/se8scrb]ISO builder[/url]

wingruntled

#80 Post by wingruntled »

Tuuxxx better check his site too then.

Caneri
Posts: 1513
Joined: Tue 04 Sep 2007, 13:23
Location: Canada

#81 Post by Caneri »

ttuuxxx.com looks ok from here.

Servage needs to be blocked post haste from all servers that host Puppy Linux.

EDIT: my apologies to all the servage users..but I've spent too much time trying to keep up with servage and it's problems. I have put a temporary block on all of servage until I can see the host move to fix Barry's problem...I am aware most of the servers use servage...maybe time to rethink this and move on...again my apologies.

Eric
[color=darkred][i]Be not afraid to grow slowly, only be afraid of standing still.[/i]
Chinese Proverb[/color]

wingruntled

#82 Post by wingruntled »

Caneri wrote:ttuuxxx.com looks ok from here.

Servage needs to be blocked post haste from all servers that host Puppy Linux.

EDIT: my apologies to all the servage users..but I've spent too much time trying to keep up with servage and it's problems. I have put a temporary block on all of servage until I can see the host move to fix Barry's problem...I am aware most of the servers use servage...maybe time to rethink this and move on...again my apologies.

Eric
That was a very wise move, Eric.
CYPM soon

User avatar
HairyWill
Posts: 2928
Joined: Fri 26 May 2006, 23:29
Location: Southampton, UK

Re: Servage

#83 Post by HairyWill »

BarryK wrote:I haven't changed the ftp password before, as I didn't see how anyone could discover it.
plain ftp is insecure usernames and passwords are sent in plain text.
http://www.raditha.com/php/ftp/security.php
That said I think it is unlikely that you have been compromised in this way.
Will
contribute: [url=http://www.puppylinux.org]community website[/url], [url=http://tinyurl.com/6c3nm6]screenshots[/url], [url=http://tinyurl.com/6j2gbz]puplets[/url], [url=http://tinyurl.com/57gykn]wiki[/url], [url=http://tinyurl.com/5dgr83]rss[/url]

proxy
Posts: 2
Joined: Sun 09 Mar 2008, 18:01

#84 Post by proxy »

i dont think its a wordpress issue, because all my index.php files were only writable by the owner, so it couldnt been done via script, only from the server, and also not wordpress websites got it too... on my account

my websites are clean, i didnt got the code again, it must be cause by the cluster your in, everyone on the cluster that gets hacked gets their pages modified

Caneri
Posts: 1513
Joined: Tue 04 Sep 2007, 13:23
Location: Canada

#85 Post by Caneri »

thanks proxy,

Looks to me dedicated linux servers are the way to go...

Eric
[color=darkred][i]Be not afraid to grow slowly, only be afraid of standing still.[/i]
Chinese Proverb[/color]

John Doe
Posts: 1681
Joined: Mon 01 Aug 2005, 04:46
Location: Michigan, US

#86 Post by John Doe »

I'm thinking it's an Apache Buffer Overrun Error or Directory Transversal (probably the first one).

If Frontpage extensions were present, they are notorious for being poorly configured on Apache Systems. Although I think I once recall Barry saying he specifically didn't get them with his account (or else I just dreamed that up).

Perhaps even a problem with some type of control panel or other cgi they have with sites. The first would run with enough privilege to modify pages for sure, and one never knows about the others. It all depends on how much they understand about setting up users and isolating processes. Just because someone runs a hosting business doesn't mean they know.

User avatar
BarryK
Puppy Master
Posts: 9392
Joined: Mon 09 May 2005, 09:23
Location: Perth, Western Australia
Contact:

#87 Post by BarryK »

I don't have Frontpage extensions.

Well, I have told Servage, so let's see how they respond this time. I've backed them into a corner, eliminated every way in which they can blame me, so let us see if they actually do a proper investigation this time.

I had a quick look, and it seems that only the one file is compromised so far. I left it there and immediately notified Servage, but I'll login again soon and clean up.

I know, it's not good to leave the corrupted file there, but I want to give Servage time to see it. Not long though, I'll go through my site soon and clean up.
[url]https://bkhome.org/news/[/url]

John Doe
Posts: 1681
Joined: Mon 01 Aug 2005, 04:46
Location: Michigan, US

#88 Post by John Doe »

BarryK wrote:I know, it's not good to leave the corrupted file there, but I want to give Servage time to see it.
understood. don't worry at all if it's just those stupid pharmaceutical links.

my global compass isn't always the best, but i think it's mostly stupid US citizens that fall for those. due mainly to the relative price of them here.

Sage
Posts: 5536
Joined: Tue 04 Oct 2005, 08:34
Location: GB

#89 Post by Sage »

'Quote' doesn't seem to be working this morning, John? So I'll use the old fashioned method:
"it's mostly stupid US citizens that fall for those. due mainly to the relative price of them here."

If the US instituted a proper healthcare system to care for their citizens they would do the world a favour as well as themselves. These crooks would have to engage brains for a new scam. Hungary voted for healthcare, yesterday. People should be happy to pay more tax to help those who are less fortunate than themselves. Apart from which, runaway trucks can be unpredictable, so it's just a case of enlightened self-interest. Why isn't it like that in the US? The Pilgrims, Founding Fathers - all those Quakers, caring sharing Communists by any other name, must be turning in their graves.

NathanO
Posts: 210
Joined: Fri 23 Feb 2007, 00:03
Location: San Antonio, TX

#90 Post by NathanO »

Sage,

Sorry you talked about the 'great health care systems' in the world. My sister is married to a Canadian and lives up there. She has the same back problems our mother had when she was alive. My sister was on a 6 to 8 year waiting list to have the operation she needed. The drugs they were giving her did not help. My father, sister, and her husband put together the money to have my sister come back down to the states to have the operation. She is now on a four to six year wait for the second operation. Since she is now almost 60 years old, who do you think is going to get the operation, her or some one younger? Several people younger then her have only waited one to two years.

Better health care? No thanks.

Sage
Posts: 5536
Joined: Tue 04 Oct 2005, 08:34
Location: GB

#91 Post by Sage »

Huh! Jumping the queue at the expense of the poorest instead of paying more tax?! No free lunches in this world.

Sage
Posts: 5536
Joined: Tue 04 Oct 2005, 08:34
Location: GB

#92 Post by Sage »

Excuse me, I had no intention of hijacking this thread, just that the arrogance of some is overwhelming.

Concerning the substantive issue,
Quote from Barry

"I don't have any scripts left. Well, not exactly, WordPress is still there, I just renamed the directory to something no one will guess. Anyway, I shall reply to their reply.
Oh yeah, I've cleaned up my site, yet again."

Can't say I've ever encountered such a tolerant guy. The time to file suit would seem to have long past. Beating one's head against the proverbial doesn't help ( bit like MU with linuxcbon, who won't even disclose this affiliation!). I'd sue without further warning. Nothing to lose. Adverse publicity will help close them down in the long term.

big_bass
Posts: 1740
Joined: Mon 13 Aug 2007, 12:21

#93 Post by big_bass »

jamesbond wrote: Sample below:
well ,here is the latest I will update this same post
with a time stamp

************************************************************
Last-Modified: Mon, 10 Mar 2008 12:53:00 GMT

Etag: "6ab0130-326b-af092300"

Content-Length: 12907

************************************************************


still clean from Mon, 10 Mar 2008 12:53:00 GMT
until -----> Wed, 12 Mar 2008 14:50:12 GMT :D


I know many others are monitoring also :wink:
big_bass
Last edited by big_bass on Wed 12 Mar 2008, 15:09, edited 6 times in total.

wingruntled

#94 Post by wingruntled »

Barry
Thank You for looking into servage’s history a little farther.
Now you understand IN PART why I was complaining about that useless excuse of a host so much.
Do yourself a favor. Bite the bullet and get the hell out of there.
edited to add: IN PART

User avatar
HairyWill
Posts: 2928
Joined: Fri 26 May 2006, 23:29
Location: Southampton, UK

#95 Post by HairyWill »

whilst we're sticking the boot in, I just received this email
Dear Will,
SSL Certificates from only GBP 14.95
Before and After Upgrade

In addition to our focus on your account security, you can actually protect you and your visitors data even further by using a SSL certificate. This enables very strong and absolute protection from any third party gaining access to the sent data during transmission.

The use of secure communication between your website and its visitors is strongly recommended. Therefore we have reduced our prices for SSL certificates by amazingly 50% in order to enable as many people as possible to stay safe!

» Order your SSL certificate from only GBP 14.95
Why should you use SSL?
Before and After Upgrade

Did you know that any data without the use of SSL is sent in plain text? That means any personal data, credit card numbers, passwords etc. are sent to your site (for instance if you use a login form, webshop etc. on your hosting account) can be viewed (and abused) by anyone gaining access to your data transmission!

The best case scenario is your visitor submitting his confidential data via a secure line to your site using an SSL certificate. No one can read the data.
Thank you...

...very much for being with Servage Hosting. We are proud to host your site!

Best Regards,
Jakob, Servage Hosting
Oooohhh I feel all inclined to give them some more money. So I can use ssl to ensure that all traffic to the site is encrypted. I wonder how safe the data is once it gets there?
Will
contribute: [url=http://www.puppylinux.org]community website[/url], [url=http://tinyurl.com/6c3nm6]screenshots[/url], [url=http://tinyurl.com/6j2gbz]puplets[/url], [url=http://tinyurl.com/57gykn]wiki[/url], [url=http://tinyurl.com/5dgr83]rss[/url]

Post Reply