Server 21 is compromised and there are many files infected.
We are going to replace HDD drives and re-install the system. Your data won't be lost so your home directories are on another hard drive.
We'll keep you informed about the server status.
Sorry for the inconveniences and thank you for your patience.
Full Version: Server 21 problem
how long is this going to take to change all the info. I have five websites hosted and I really need them up and running (especially today!!) I have clients downloading information. I know that you guys are working on it but how long are we expected to be down.
We are starting reinstall in about 30 mins.
Will databases be affected by this compromise? I have 4 sites on that box with more to come.
No data will be lost.
QUOTE(Alec @ Jul 27 2004, 12:11 PM)
We are starting reinstall in about 30 mins.
How long should it take?
How can we tell which server we're on? I ask because my site is down (www.monozygotic.com), and I want to confirm that this is the issue. Thanks!
My site is finally back up I guess.
Things are SUPER SUPER SUPER FAST!
Thanks.
Things are SUPER SUPER SUPER FAST!
Thanks.
The server is restored now.
Some services may not work and we are doing tweak works now.
If you experience some pronlems with your account please post in this topic or our help desk system
Some services may not work and we are doing tweak works now.
If you experience some pronlems with your account please post in this topic or our help desk system
Alec, you guys are great.
I assume since the HDD is new, everything shuold be tons faster right?
I'm going to put up a hostony banner to advertise you guys.
I assume since the HDD is new, everything shuold be tons faster right?
I'm going to put up a hostony banner to advertise you guys.
No ftp, incase you didnt know guys, its much faster downloading now with new drives.
phil
smokiebum.com
phil
smokiebum.com
yeah ftp doesn't work right now, but at least the sites do .
QUOTE
If you experience some pronlems with your account please post in this topic or our help desk system
Apache - failed (red light)
cppop - failed (red light)
server load - 15 (red light)
Disk sdb1 - 96% (red light)
FTP not working.
Some email accounts not working.
All sites running so slowly they cannot be considered "up"
Well you did ask.
Apache Light: RED:Fail
cppop: RD:Fail
Disk sdb1: Red 96%
My E-mail is down
cppop: RD:Fail
Disk sdb1: Red 96%
My E-mail is down
QUOTE(Henry @ Jul 27 2004, 05:42 PM)
QUOTE
If you experience some pronlems with your account please post in this topic or our help desk system
Apache - failed (red light)
cppop - failed (red light)
server load - 15 (red light)
Disk sdb1 - 96% (red light)
FTP not working.
Some email accounts not working.
All sites running so slowly they cannot be considered "up"
Well you did ask.
Apache has been failing all week and the server load has been high for a while now. Everything does appear to be working though as far as I can tell.
http://www.transversestyles.com/
My Website is loading super fast and I have 3 message boards installed. =/
Not sure what is happening to the above.
My Website is loading super fast and I have 3 message boards installed. =/
Not sure what is happening to the above.
We have had consistent e-mail failures for a few weeks now as well.. Perhaps you could look into this more closely, I have had clients receive back error reports that our server domain did not exist.
I really want to exist.. please..
Thanks
I really want to exist.. please..
Thanks
lol
Down again, up again.
Down again, up again.
The server was rebooted after system reconfiguration
Now all services must are alive
Now all services must are alive
After the final reboot I sent a message to 100 members through SMTP.
35 of those messages were returned by the server as:
'unroutable mail domain'
Is this being worked on?
Lynn
35 of those messages were returned by the server as:
'unroutable mail domain'
Is this being worked on?
Lynn
Please give an example of such domain
Here are just a few of the unroutable domains.
cox.net
tecinfo.com
bigfoot.com
ntlworld.com
webtv.net
I send to all these domains often with no problem
Using PHP 'mail' function with 0.4 second delay between each email.
Lynn
cox.net
tecinfo.com
bigfoot.com
ntlworld.com
webtv.net
I send to all these domains often with no problem
Using PHP 'mail' function with 0.4 second delay between each email.
Lynn
I guess there was a problem with named during system update.
Could you try again and send email there with phpmail?
Could you try again and send email there with phpmail?
Update:
At the moment we have finished with the server. The server was compromised by the 'customer' who purchased hosting most likely with a stolen card (our merchant provider is investigating it.) He started to probe different exploits in attempt to get root privileges and launched DDOS attack on other host on the net.
In order not to make big problems and don't have server nullrouted we block it from outer world and were investigated the server for his activity.
At the moment we though that he got a root access and announce server restore but finally it turned that we were wrong and he did not manage to root the server. So we decided just to clean teh server and recompile kernel, apache, php and other critical application rather than exposing our customers to long downtime formatting and reinstalling the server.
Now we completed with clean up and kernel&software reinstalls. Server looks to be ok. I hope we did everything right. We were working for several hours on this after server was cleaned and brought online so that's why this update appeared just now.
Thank you to all you for understanding and support during the issue we had.
At the moment we have finished with the server. The server was compromised by the 'customer' who purchased hosting most likely with a stolen card (our merchant provider is investigating it.) He started to probe different exploits in attempt to get root privileges and launched DDOS attack on other host on the net.
In order not to make big problems and don't have server nullrouted we block it from outer world and were investigated the server for his activity.
At the moment we though that he got a root access and announce server restore but finally it turned that we were wrong and he did not manage to root the server. So we decided just to clean teh server and recompile kernel, apache, php and other critical application rather than exposing our customers to long downtime formatting and reinstalling the server.
Now we completed with clean up and kernel&software reinstalls. Server looks to be ok. I hope we did everything right. We were working for several hours on this after server was cleaned and brought online so that's why this update appeared just now.
Thank you to all you for understanding and support during the issue we had.
Before I send out the emails again, I just noticed that a single email from the
server to my home email is taking about 3 minutes to arrive.
This is usually instantaneous.
I will send out the batch of 100 emails after your next response.
Lynn
server to my home email is taking about 3 minutes to arrive.
This is usually instantaneous.
I will send out the batch of 100 emails after your next response.
Lynn
Thanks Serge.
Thanks for the update Serge. I for one really appreciate the straight forward answer and explaination of what happend.
newearth
Email from PHP program still not working.
Many 'unroutable' domains, and not all are the same as before.
Lynn
Email from PHP program still not working.
Many 'unroutable' domains, and not all are the same as before.
Lynn
QUOTE(newearth @ Jul 27 2004, 10:04 PM)
newearth
Email from PHP program still not working.
Many 'unroutable' domains, and not all are the same as before.
Lynn
Email from PHP program still not working.
Many 'unroutable' domains, and not all are the same as before.
Lynn
I need the exact link to your script that is not sending mail via PHP.
Stanly,
Here is the emailing script that I was using today.
newearthnews.net/nen/nen_emailmem.php
The script runs as soon as you call it, so be careful.
I have been using this script successfully for over 3 months. Right now it
tries to send out an email to about 105 members of a MySQL database.
As I said earlier, a single email version of this script which sends one email
to my home address is taking much longer to deliver the email than before today.
I appreciate your looking into this.
Lynn
Here is the emailing script that I was using today.
newearthnews.net/nen/nen_emailmem.php
The script runs as soon as you call it, so be careful.
I have been using this script successfully for over 3 months. Right now it
tries to send out an email to about 105 members of a MySQL database.
As I said earlier, a single email version of this script which sends one email
to my home address is taking much longer to deliver the email than before today.
I appreciate your looking into this.
Lynn
I've just made and runned a sample php script with only 1 function - sending mail to our support address.
And the mail was successfully delivered. So as I can see php sending is working.
And the mail was successfully delivered. So as I can see php sending is working.
Yes, the PHP script works, it is just much slower than before.
The script I gave you also works, but now 25-30% of the addresses are
not routed by the server.
If I send myself an email from Neomail, I get it immediately. If I use a PHP
script for the same email, it takes a few minutes to get it.
Lynn
The script I gave you also works, but now 25-30% of the addresses are
not routed by the server.
If I send myself an email from Neomail, I get it immediately. If I use a PHP
script for the same email, it takes a few minutes to get it.
Lynn
How do you think what is faser: to send 1 mail or to send 100 mails?
When your script is running all messages are coming to mail queue.
When your script is running all messages are coming to mail queue.
If I send 100 emails, the 'unroutable' notices come very quickly.
Except for the delay ( usleep() ) in the program, 1 email and 100 emails seem
to take about the same time.
I may not be understanding your question completely.
L.
Except for the delay ( usleep() ) in the program, 1 email and 100 emails seem
to take about the same time.
I may not be understanding your question completely.
L.
PHP mail scripts not working at all now, I have waited over 15 minutes
for emails I sent to myself from two different svripts.
Neomail is still instantly received
for emails I sent to myself from two different svripts.
Neomail is still instantly received
Tell me the examples of domain names that your script send mail to.
Also provide me with full error text that you get.
Also provide me with full error text that you get.
A few examples:
cox.net
tecinfo.com
bigfoot.com
ntlworld.com
webtv.net
If I run the script again, many of the rejected emails are different.
This is what is returned to me:
______
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
anderson2939@rogers.com
unrouteable mail domain "rogers.com"
------ This is a copy of the message, including all the headers. ------
Return-path: <newearth@newearthnews.net>
Received: from nobody by server21.fastbighost.com with local (Exim 4.34)
id 1BpZs7-0004ND-8B
for anderson2939@rogers.com; Tue, 27 Jul 2004 21:52:31 +0000
To: anderson2939@rogers.com
Subject: Susie, Web Server problem. Update
From: New Earth News <newearth@newearthnews.net>
Message-Id: <E1BpZs7-0004ND-8B@server21.fastbighost.com>
Date: Tue, 27 Jul 2004 21:52:31 +0000
Dear Susie,
We are still sorting out some emailing problems, so many
of you did not receive the message below.
I'm sending it again to everyone just to test the system.
_______
We have had a major web server problem over the past
24 hours. It looks like it is finally sorted out, and
the system is running again.
The effect on us was a few hours of slow response
and 'website not found'. We have wasted some
advertising resources, yet all the data remains
intact.
If any of your subscribers contact you, please let
them know that it is under control. I am monitoring
the system closely.
Lynn
cox.net
tecinfo.com
bigfoot.com
ntlworld.com
webtv.net
If I run the script again, many of the rejected emails are different.
This is what is returned to me:
______
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
anderson2939@rogers.com
unrouteable mail domain "rogers.com"
------ This is a copy of the message, including all the headers. ------
Return-path: <newearth@newearthnews.net>
Received: from nobody by server21.fastbighost.com with local (Exim 4.34)
id 1BpZs7-0004ND-8B
for anderson2939@rogers.com; Tue, 27 Jul 2004 21:52:31 +0000
To: anderson2939@rogers.com
Subject: Susie, Web Server problem. Update
From: New Earth News <newearth@newearthnews.net>
Message-Id: <E1BpZs7-0004ND-8B@server21.fastbighost.com>
Date: Tue, 27 Jul 2004 21:52:31 +0000
Dear Susie,
We are still sorting out some emailing problems, so many
of you did not receive the message below.
I'm sending it again to everyone just to test the system.
_______
We have had a major web server problem over the past
24 hours. It looks like it is finally sorted out, and
the system is running again.
The effect on us was a few hours of slow response
and 'website not found'. We have wasted some
advertising resources, yet all the data remains
intact.
If any of your subscribers contact you, please let
them know that it is under control. I am monitoring
the system closely.
Lynn
I just received an email that I sent to myself with PHP over an hour ago.
Others sent earlier have not arrived yet.
L
Others sent earlier have not arrived yet.
L
Help!
My entire program is very dependent on PHP emails. Until this is fixed there are
100 people wasting their time. Is there something I can do??
Lynn
My entire program is very dependent on PHP emails. Until this is fixed there are
100 people wasting their time. Is there something I can do??
Lynn
Resolving at HelpDesk.
my server (www.monozygotic.com) was down earlier, then back up, and now it's down again (can't see it on the web, can't ssh into it). should i open a support ticket?
Your server is server 21
It's fine. Your site is also up.
Can't you access it? Try to ping monozygotic.com
It's fine. Your site is also up.
Can't you access it? Try to ping monozygotic.com
I can ping it, but I can't load the website.
newearthnews.net
Also getting nothing from Server 21.
No websites. No FTP
Also getting nothing from Server 21.
No websites. No FTP
Main domains and FTP returned.
Still can't find subdomains.
Too much for 1 day.
Still can't find subdomains.
Too much for 1 day.
You should open a ticket.
Maybe your local IP is blocked by our antiDoS system...
Maybe your local IP is blocked by our antiDoS system...
looks like everything is back up.
thanks!
thanks!
Can you confirm 2 of my email accounts seem to be down
xbetonline.net
odysseyit.com.au
although the site is up, just no emails?
Cheers
Xbetonline
xbetonline.net
odysseyit.com.au
although the site is up, just no emails?
Cheers
Xbetonline
No, I can't, 'cause they're up.
Stanley.
No they are both down.. only the site is up , all email down
No they are both down.. only the site is up , all email down
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.