Hello,

The Inbreco node was compromised by a kiddy client which was hosted. All of our clients services remain up and running with no error, but the main Inbreco website was cleared and we are working to resolve this.

With Regards,
Jason S

Clearly you didn't install security.. I would work on that

Clearly you didn't install security.. I would work on that

Hey,

It appears as an SQL attack, but thank heavens it has not affected clients.

With Regards

Skylars right, if a script kiddy can do that to the main site :(
More work on security is a must.

Skylars right, if a script kiddy can do that to the main site :(
More work on security is a must.

Hey,

Kiddy by age, not by knowledge. We're working on tighter security now. We will also cease to provide Shared & Reseller services.

Hey,

Kiddy by age, not by knowledge. We're working on tighter security now. We will also cease to provide Shared & Reseller services.

Regardless, it should show you need tighter security.

http://hostsocial.net/showthread.php?t=14 -- ELS, very nice to use, this should help you out a lot with security.

Kiddy by age, not by knowledge.

Unless they were using some pretty neat tools/methods (in other words if you can find what they did on the internet) it makes them a script kiddy :wink2:

Unless they were using some pretty neat tools/methods (in other words if you can find what they did on the internet) it makes them a script kiddy :wink2:

Hehe,

SSH Logs reckons that is could have been through WHM Sonic, not too sure right now. Still investigating!

Again with shell access :wink2:

Hehe,

SSH Logs reckons that is could have been through WHM Sonic, not too sure right now. Still investigating!

You really need to install security, firewalls, etc, and not give out shell access. if you give out Shell, give them jailshell

You really need to install security, firewalls, etc, and not give out shell access. if you give out Shell, give them jailshell

Hey,

I dont give out root logins or anything like that. I've installed that ELS and looking for a firewall from the data center now :)

EDIT:

About to install IPTables as a firewall on the node.

Hey,

I dont give out root logins or anything like that. I've installed that ELS and looking for a firewall from the data center now :)

EDIT:

About to install IPTables as a firewall on the node.

You never had a firewall :eek2:

You never had a firewall :eek2:

Hey,

We had IPTables setup originally, it was just not configured correctly.

What a great start! :)

Install a firewall, brute force detection, and other neat little tools i won't reveal.

Hey,

We had IPTables setup originally, it was just not configured correctly.

Fup me! :eek2:

And shell doesn't need root to do some nasties if you don't at least jail it.

Script kiddies are pretty crafty.

I don't think it is a good idea to post on your main site that you have been compromised.

He'll learn :wink2:

Hmmm... That is a scary thought! A host has their server compromised... Makes your clients feel all warm and fuzzy ;)

Seriously though... If I were you I would remove that placeholder page and put down for maintenance instead...

Also, take a look at CSF/LFD if you are running cPanel... That is what I use and it works awesome, if configured properly.

BTW, I seriously thought this was a belated April Fool's joke at first.

BTW, I seriously thought this was a belated April Fool's joke at first.

Well you were wrong :)

The IP has been located and the issue is being resolved. The site will be up momentarily.

Also, take a look at CSF/LFD if you are running cPanel... That is what I use and it works awesome, if configured properly.

CSF/LDF is really bad if under ddoss attacks. If you have anti-ddoss protection in place, plus CSF, CSF will block out other IP's if they have too many connections for too long, to help against the attacks. Now with the anti-ddoss scripts such as Mod_Deflate, the CSF Firewall will end up blocking out the loopback and main IP as it has "too many connections" attempting to combat the attack -- just to keep that in mind.

I don't think it is a good idea to post on your main site that you have been compromised.
Or a public forum viewed by 1000s of people ;)

http://www.google.com.au/search?q=Inbreco++Compromised+&hl=en&client=firefox-a&rls=org.mozilla:en-US:official&hs=QlW&filter=0

Or a public forum viewed by 1000s of people ;)

http://www.google.com.au/search?q=Inbreco++Compromised+&hl=en&client=firefox-a&rls=org.mozilla:en-US:official&hs=QlW&filter=0

Even worse the first result;

The Inbreco node was compromised by a kiddy client