Well, you can see for yourselved by going to http://66.28.242.106/admin
This would normally redirect me to the Ensim admin login. Whatever the ******* put on there, it's slowing the rest of the server down to a grind. I've had a look for suspicious files on the server, but I can't see any. Anybody have a vague idea where I might find them, or would it be better to request an OS restore and start from scratch? To my knowledge I did have the server reasonably patched up, obviously not patched up enough though :(

Life goes on I guess...

Looks like his calling card isn't even loading now :/

Originally posted by Tazzman
Well, you can see for yourselved by going to http://66.28.242.106/admin
This would normally redirect me to the Ensim admin login.

I see nothing wrong. But maybe I'm just a fool.

Weird, I'd make a screenshot of what I got, at least if the page would even bother to load...

Maybe not a hacked, just a seriously screwed up connection to the server (the Cogent connection has been up and down for the past 4 hous :/ )

Finally got that screenshot.

EDIT: OK, it's not the server that's been hacked. Somebody has been sticking some very nasty scripts etc. on my PC. The slow down could be on my end of the line. Looks like I'll be reinstalling windhose tomorrow to clear all this sheisse out. Just to humour me, could somebody try visiting www.digital-grey.com (site hosted on the server) and tell me what the loading speed is like.

Thanks.

Loading speed is good.

Nice looking site btw.


Lats...

Heh.... your site loads pretty quick on my box, but then again I'm not running XP. :D

Everything appears to be working ok...

Hi Tazzman,

What version of what OS were you running? And what services? Any particular thing you did to lock the box down or harden it before this happened?


Best wishes,

Louis

Works fine for me.

I'm also thinking that if you look at the taskbar on the sceenshot, your admin window is not the one that is open.. The only thing that is a thrower is that it does show your ip addy... I'm wondering if this is just an IE6 POS goof..

Maybe nothing to worry about..

Are you firewalled??? Lock everyone out of the cp and ssh but your ip if so.. if not firewalled.... GET FIREWALLED!

Shortz

Yes I'm firewalled, and I think this is just some stupid script running on my computer that somehow got stuck on while visiting some rather doubtfull sites. I did get a lot of warnings, but I rejected every download etc. Still it looks that somehow some of this bull**** got put on my PC. If you read the korean (or whatever it is) you'll see the letters DNS several times, which makes me think this is nothing more than some kind of DNS error page that somebody has forced on my computer :angry:

What OS you are running? :) thx

On your screenshot there is a small logo right next to zone alarm. I could be wrong but I think that is LOP. (Scumware that gets stuck on your computer when you visit some sites) It installs a DLL into IE which redirects DNS lookups. If you want to get rid of it download the newest version of ad-aware and do a clean, it should find LOP and get rid of it for you.

IT redirects to https://core.section5.net:19638/webhost/rollout/welcome

Seems fine to me...

tulax24 the green icon is ICQ I believe....

that green icon is ICQ in invisible mode..... gosh :)