My server was breached by a fuckin Russian

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • pradaboy
    sell me your banners
    • Dec 2003
    • 12931

    #1

    My server was breached by a fuckin Russian

    So I noticed one of my pages was down, turns out some dirtbag hacked my account somehow and inserted iframe redirects into some of my pages.

    Checked the whois for the domain he was redirecting to:

    Registrant Name: Boriskin Gleb
    Registrant Organization: Boriskin Gleb
    Registrant Address1: vesekaya 4-155
    Registrant City: Novosibirsk
    Registrant State/Province: Novosibirsk
    Registrant Postal Code: 109880
    Registrant Country: Russian Federation
    Registrant Country Code: RU
    Registrant Phone Number: +7.3098098911
    Registrant Facsimile Number: +7.3098098911

    Hope he freezes his bitch ass off.
    Media Buyer - Sell me your traffic!
    FREE to register domains...
    Better than 99% of the crap sold here!
  • fris
    Too lazy to set a custom title
    • Aug 2002
    • 55679

    #2
    should limit the connections per ip, i block off everyone except my ip to ssh/ftp in.
    Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence.

    Comment

    • pradaboy
      sell me your banners
      • Dec 2003
      • 12931

      #3
      Originally posted by Fris
      should limit the connections per ip, i block off everyone except my ip to ssh/ftp in.
      Excellent idea, thanks
      Media Buyer - Sell me your traffic!
      FREE to register domains...
      Better than 99% of the crap sold here!

      Comment

      • Phoenix
        BACON BACON BACON
        • Nov 2002
        • 35475

        #4
        Privet.all your domains are belonging to Us
        Spassibo
        Telegram PhoenixBrad
        https://quantads.io

        Comment

        • thunder99
          Confirmed User
          • Nov 2003
          • 503

          #5
          Russians go crazy for Prada, change your nick to discountboy and they'll leave you alone.
          yeah, yeah

          Comment

          • bizarredollars
            Confirmed User
            • Mar 2006
            • 1582

            #6
            What kind of server is it (without giving too much away)... A lot of security packs are available that could save you a shit load of work.

            [email protected]
            icq: 205-252-550

            Comment

            • pradaboy
              sell me your banners
              • Dec 2003
              • 12931

              #7
              Originally posted by bizarredollars
              What kind of server is it (without giving too much away)... A lot of security packs are available that could save you a shit load of work.
              what specs do you need?
              Media Buyer - Sell me your traffic!
              FREE to register domains...
              Better than 99% of the crap sold here!

              Comment

              • Star 69
                Confirmed User
                • Nov 2005
                • 8602

                #8
                Originally posted by Fris
                should limit the connections per ip, i block off everyone except my ip to ssh/ftp in.
                That's sounds smart
                e-mail star69

                Comment

                • directfiesta
                  Too lazy to set a custom title
                  • Oct 2002
                  • 30135

                  #9
                  install their free firewall :

                  http://www.configserver.com/

                  you can then config all your accesses ...

                  It is pretty good, I myself got blocked by it for entering wrtong password ...

                  And also make sure to :

                  - delete all php install folders
                  - chmod your files to a security safe level, mainly the phpconfig files. :2 cents
                  I know that Asspimple is stoopid ... As he says, it is a FACT !

                  But I can't figure out how he can breathe or type , at the same time ....

                  Comment

                  • thonglife
                    So Fucking Banned
                    • Oct 2004
                    • 1566

                    #10
                    deny from .ru
                    deny from .cn

                    Comment

                    • MicDoohan
                      Confirmed User
                      • Apr 2003
                      • 791

                      #11
                      Originally posted by thunder99
                      Russians go crazy for Prada, change your nick to discountboy and they'll leave you alone.
                      haha that made me laugh

                      Comment

                      • _Rush_
                        Confirmed User
                        • Dec 2006
                        • 742

                        #12
                        Originally posted by thonglife
                        deny from .ru
                        deny from .cn
                        Rather than a blacklist, I'd use a whitelist, especially for stuff like SSH and FTP.

                        Also, you can set your server to email you immediately when any user logs in via SSH or FTP, that way you're alerted instantly that something is going on.

                        At command prompt type:
                        pico .bash_profile

                        Scroll down to the end of the file and add the following line:

                        echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access from `who | awk '{print $6}'`" [email protected]

                        Save and exit.
                        Make sure to disable Telnet as well.

                        Also, turn off Apache ID by editing httpd.conf and change ServerSignature to OFF.

                        Thats pretty much the main stuff I do on a new box. There are several others too, but this should do unless you're specifically targeted.
                        No sig.

                        Comment

                        • thonglife
                          So Fucking Banned
                          • Oct 2004
                          • 1566

                          #13
                          PHP Code:
                          At command prompt type:
                          pico .bash_profile
                          
                          Scroll down to the end of the file and add the following line:
                          
                          echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access from `who | awk '{print $6}'`" your@email.com
                          
                          Save and exit. 
                          
                          That is good stuff man.. Thanks!!!

                          Comment

                          • Scott McD
                            Too lazy to set a custom title
                            • Nov 2002
                            • 67798

                            #14
                            Damn Russians...


                            I Buy My High Quality Traffic Here, You Should Too!

                            Comment

                            • _Rush_
                              Confirmed User
                              • Dec 2006
                              • 742

                              #15
                              Originally posted by thonglife
                              PHP Code:
                              At command prompt type:
                              pico .bash_profile
                              
                              Scroll down to the end of the file and add the following line:
                              
                              echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access from `who | awk '{print $6}'`" your@email.com
                              
                              Save and exit. 
                              
                              That is good stuff man.. Thanks!!!
                              np...

                              Please note that that's only for root.
                              No sig.

                              Comment

                              Working...