Quote:
Originally posted by TheSaint
Yeah I know. You can't mention ServerMatrix or EV1 without somebody saying they suck. Nevertheless, they are the two largest and most sucessful hosting companies in the world, and if you are in that elite group that neither need or want ANY support from the hosting cmpany than they rock, yes, otherwise, they suck...
|
Well this is one of 15 supports tickets:
Here is some of the reason that i thing servermatrix (theplanet) Sucks:
(I have removed some things, but replaced them with XXX)
From:
Ticket Number: XXXXPLNT
Ticket Type: Technical Support
Status: CLOSED
Opened By: Master User
Summary: Server down - possibly compromised.
Last Updated: 10/23/2004 06:02:26
Details: Please look at XXXXPLNT. That was yesterday, now the server has been down for at least 4 hour and this time i dont get any emails on problems.
As i told the supporter yesterday, i dont care if it cost me money for me to get you guys to secure the server is up, becouse i have no idea on how a server works, just get it up and running.
I will request a reboot right after i have submitted this ticket.
Please use the needed time to get the server up
Thanks
Carl
(aparidy-10/16/04-03:37):
i am currently able to ping your server and access via SSH. Also, I tested a few of your domains and was able to browse to all that I tested without issue. Please let us know if you are still having an issue.
--------------------------------------
(XXXXXXsexz-10/16/04-03:56):Right now it is up, becouse i requested a reboot. There is something wrong, becouse it has gone down 2 times in a row and i cant monitor the server 24/7 myself. That is why i need you to check everything on the server. I dont care how much it cost get you to make it stable, it just has to be stable.
The last 2 days has cost me over XXX$ and right now i only have 1/3 of the traffic i had 3 days ago. So it still cost me money that the server has been down.
That is why i want you to check the WHM to secure erverything is as it suppose to be
Thanks
Carl
(aboey-10/16/04-10:05):
The logs on your server have not been rotated for one of the domains:
root@1 [/usr/local/apache/domlogs]# du -h * | grep G
1.1G XXXX
2.1G XXXX
root@1 [/usr/local/apache/domlogs]#
For us to do this for you, it is $75 an per hour at a minimum of one hour. However i've discovered another problem regarding up2date that needs to be resolved by us (free of charge). I am fowarding this ticket to resolve the up2date problem and then, with your authorization we can rotate your logs to make apache more stable.
--------------------------------------
(XXXXXXsexz-10/16/04-10:28):Please allso get the logs rotate and add it to my next bill
Thanks
Carl
(dschmoll-10/18/04-10:03):
Customer,
Up2date is now working properly. I am returning this ticket to our technical support team to complete this request.
Thank you!
(ahaynes-10/18/04-18:42):
I am looking into this now. I am also rebooting your server into an updated kernel.
(ahaynes-10/18/04-23:26):
I have tried to update your kernel with no success to helping the issue. I am going to send this to our Level II so they can continue with the admin time.
(jerickson-10/19/04-10:01):
It apears that your system is missing a few system libraries:
top: error while loading shared libraries: libncurses.so.4: cannot open shared object file: No such file or directory
And it also apears to be compromised, attached is a copy of a chkrootkit ran on this machine, I am going to forward this to our security department for further analysis, however it apears the only way to make this system function correctly would be an OS Reload.
(mfarmer-10/19/04-15:23):
root@1 [~/theplanet/chkrootkit-0.44]# ./chkrootkit | grep INFECT | grep -v bindshell
Checking `ifconfig'... INFECTED
Checking `login'... INFECTED
Checking `pstree'... INFECTED
root@1 [~/theplanet/chkrootkit-0.44]# ls
/bin/ls: unrecognized prefix: do
/bin/ls: unparsable value for LS_COLORS environment variable
./ README chklastlog.c ifpromisc.c
../ README.chklastlog chkproc.c strings.c
ACKNOWLEDGMENTS README.chkwtmp chkrootkit*
COPYRIGHT check_wtmpx.c chkrootkit.lsm
Makefile chkdirs.c chkwtmp.c
root@1 [~/theplanet/chkrootkit-0.44]#
Note the error from ls and the three files found to be infected. These are symptoms of an installed rootkit. As jerickson noted above, the best course of action would be to back up your data and have the OS reinstalled. This is the only way you can be sure that you have a clean system. From there, you can take steps to secure your system to prevent this from happening in the future. I recommend our OS Hardening service; it will reduce the chances of intrusion.
(awood-10/20/04-20:49):
Please update us as soon as possible with your intended course of action. We strongly recommend performing an OS Reload once a rootkit has been installed on the server.
----------------------------------
Just do what ever to get that server stable!
Thanks
Carl
(ahaynes-10/24/04-17:56):
It appears that you need to perform an OS Reload on this server because you were compromised. We strongly recommend that you try backup any data you can and then issue an OS Reload ticket once you are ready for an OS Reload. If you need anything else please let us know.
(I wrote to the sales and asked them to help me out, becouse it seems like support didt do anything, but costing me money. Then they wrote) :
(scameron-10/24/04-19:05):
I am sorry but for liability reasons we cannot backup your data. You do have the option of adding NAS backup to your server. It is $10 a month with a $25 setup fee for 10GB of space and it will backup whatever you tell it to. You would then be able to do an OS reload. An OS reload is a one time fee of $25. Please let us know what you would like to do.
---------------------------------------------------