Results 1 to 15 of 15
Thread: Urgent help
-
03-05-2012, 04:22 PM #1Junior Guru
- Join Date
- Mar 2010
- Posts
- 186
Urgent help
Hello guys,
Can someone help me?
OVH disabled my server because of a copyright complaint and received this message from them:
--------------------------------------------
Good morning,
We had to act with urgency on your dedicated server ns000000.ovh.net to block an attack. It seems that your dedicated server has a security flaw or a malicious user has gained access.
We were forced to deactivate your server. The magnitude of the failure is such that we most likely carry the complete reinstallation of the server.
We ask you to reply to this message in order to contact one of our directors.
Found below information related to the ongoing process and the open ports on your server when we intervened.
------- BEGIN ABOUT THE ATTACK -------
Pornographic material without disclaimer to prevent children to access such contents and copyright infringement :
My name is Nate Glass, and I am a person authorized to act on behalf of
the owner of an exclusive right that is being infringed.
Authorized DMCA Agent:
Nate Glass
8900 Topanga Canyon Blvd.
Canoga Park, CA
91304
(818) 730-4666
nate@*******************
Proof of Authorization:
http://*******************/auth/evasiveauth.tif
Copyright Holder:
Bubble Butt Inc.
1050 Northfield Ct. Ste 300
Roswell, GA
30076
The following works are the copyrighted property of Bubble
Butt Inc.:
http://www.domainhere.com/movies-eng...her-made-me-2/
A representative list of these works is available at
http://www.evasiveangles.com
Under penalty of perjury:
I have a good-faith belief that use of the material in the manner
complained of is not authorized by the copyright owner, its
agent or the law.
The information in the notification is accurate.
I am authorized to act
on behalf of the owner of an exclusive right that is
allegedly infringed.
This notice is also to inform the allegedly infringing
service provider
that the copyright holder listed above has not licensed, to
the
allegedly infringing website, any works to be used in the
manner
depicted above. Furthermore, copyright holder strongly
encourages
the operators of the allegedly infringing site to not allow
the
continued use of copyright holders works without the
expressed
written consent of the copyright holder. This includes,
but is not
limited to, filtering of content as well as prohibiting the
use of
copyright holders content in an infringing manner.
As per DMCA law section 512(i) to be eligible for Safe
Harbor a
service provider must meet certain requirements. One of
these
requirements is:
"(service provider)...has adopted and reasonably
implemented,
and informs subscribers of the service of, a policy
for the
termination of subscribers of the service who
are repeat infringers"
For this reason, copyright holder strongly
encourages the recipient
of this notice to adopt and implement a repeat
infringer policy.
In order to make the content removal process
easier in the future,
Takedown Piracy suggests that you add the
copyright holder listed
in this notice to a list of Prohibited or
Banned Content on your site
and filter and/or remove any content owned by
this copyright owner.
Please note that all DMCA notices sent by
Takedown Piracy are checked
to ensure compliance by the allegedly
infringing website.
Notices that have not been satisfied will be
escalated to,
including but not limited to, webhost and
upstream provider.
In the event of non-compliance, Takedown Piracy
can and will
confer with the clients legal representatives
and/or specialists in
copyright infringement law.
--
Nate Glass
Authorized DMCA Agent
Email:nate@*******************
------- END ABOUT THE ATTACK
-------
--------------------------------------------
Their replies:
]] Good morning,
]]
In fact ]] have "closed" the server, since it contained copyrighted files and still be related to a porn site (required have a "disclaimer" to notify people who are content to see over 18).
]]
Unfortunately you can not ]] the accommodation of that content, copyrights, on our servers and as such we have locked the server.
]]
You can ask the ]] ticket that will provide access to the SSH server, since for now only have access to the rescue mode FTP, expressly stating that it will fix the problem, removing links and sites listed.
]]
If possible ]] they will provide access to the server to correct the problem, checking and correcting the complaint whichever indicates there.
]]
After corrected ]] position, can then be introduced in HD mode in order to keep the server back online.
]]
Unfortunately here in the ]] support we can not help with these changes, and indeed has to check with management for the unlock.
]]
]] For further questions please contact us.
]]
Thank you for choosing ]] OVH,
]]
Sincerely ]]
]]
Ricardo ]]
OVH Portugal ]]
Good morning,
The SSH access you will be given to you to correct the problem before putting the server in HD mode.
Yes, I'm talking about the ticket incident. At this point should have been released and sent him the access codes by SSH.
At this point you can then correct the situation and can only ask the server to pass the HD after having corrected the situation, although it has to do just and only for ssh.
For further questions please contact us.
Thank you for choosing OVH,
Do not forget to visit our forum (http://forum.ovh.pt) and if you want to leave a message.
graciously
Ricardo
OVH Portugal
And now I received this email:
Your mode server restarted 'Rescue', which means that the
Linux / BSD is released on the server through the network. It is not
system that is usually installed on your server, no
of the partitions is mounted.
A web interface is available to allow you to make a
diagnosis of your server (hard disk, raid, ram, CPU) and
traverse the entire tree of your file system:
http://xx.xxx.xxx.xxx:xx
- User name: xxx
- Password: xxx
You can connect via SSH to your server (xx.xxx.xxx.xxx)
with the following parameters:
- User: xxx
Password: xxx
You can now perform the maintenance required
the restoration of your server, for example, you can:
- Check and update their files, network configuration,
- Check and eventually disable its firewall,
- Check and update your LILO (or configure other boot
through the network: http://guias.ovh.pt/KernelNetboot/
- Conduct manual scan of your system files,
- Make a backup or restore data,
- Etc.
If you think you have identified the source of the problem and want to reboot
your server should normally set the netbooted its
on the server hard disk or on the OVH kernel:
http://guias.ovh.pt/KernelNetboot/ reboot and do the "SOFT"
your server (to avoid reboot through manager - reboot HARD).
You will find further information in our guide:
http://guias.ovh.pt/ModeRescue/
Sincerely,
OVH Customer Support
Can someone please teach me how to delete a wordpress post via SSH?
I need to delete the wordpress post to solve this issue, but they cant put my server online until I solve this... They said to solve only via SSH.
Waiting for your help. Thank you!
Regards,
Divvy
-
03-06-2012, 03:42 AM #2Temporarily Suspended
- Join Date
- Sep 2011
- Location
- Hamilton
- Posts
- 12
If you are using cPanel the try following command to suspend the account which have copyrighted materiel.
/scripts/suspendacct <accountname>
Youc an just delete the post via SSH because you need to get into database and most likely you will break the whole WordPress.
**I'm not 100% sure if you can execute above command in rescue mode.
-
03-06-2012, 05:52 AM #3Junior Guru
- Join Date
- Mar 2010
- Posts
- 186
Hello Bilal-Ahmed, thank you for your reply!
But your suggestion didn't worked:
http://screensnapr.com/v/pVgfhp.png
-
03-06-2012, 06:40 AM #4Web Hosting Master
- Join Date
- Apr 2009
- Posts
- 1,321
type these:
mount /dev/sda1 /mnt
/mnt/scripts/suspendacct spicy
-
03-06-2012, 07:21 AM #5Junior Guru
- Join Date
- Mar 2010
- Posts
- 186
Thank you for your reply chasebug.
I tried that command but appears this message:
root@rescue:/# mount /dev/sda1 /mnt
mount: unknown filesystem type 'linux_raid_member'
http://screensnapr.com/v/L1ZLuS.png
-
03-06-2012, 07:23 AM #6Hello World
- Join Date
- Nov 2009
- Location
- /etc/my.cnf
- Posts
- 10,657
I think you need some server management to audit that box of yours...
If you want to simply punch-in commands from random people on a forum then thats your game but I wouldnt advise it to be honest...Last edited by Server Management; 03-06-2012 at 07:28 AM.
-
03-06-2012, 07:31 AM #7Junior Guru
- Join Date
- Mar 2010
- Posts
- 186
chasebug, I think this happened because the server have RAID Software right?
What is the command that I need to run?
Please help... thank you!
-
03-06-2012, 08:40 AM #8Junior Guru
- Join Date
- Mar 2010
- Posts
- 186
I run this commands:
root@rescue:~# mount /dev/md1 /mnt
root@rescue:~# mount /dev/md2 /mnt2
mount: mount point /mnt2 does not exist
root@rescue:~# chroot /mnt
But the /mnt/scripts/suspendacct spicy command still doesn't worked:
root@rescue [/]# /mnt/scripts/suspendacct spicy
bash: /mnt/scripts/suspendacct: No such file or directory
ls command: http://screensnapr.com/v/XFK8Xw.png
What I did wrong?
-
03-06-2012, 08:43 AM #9Junior Guru Wannabe
- Join Date
- Mar 2011
- Posts
- 67
If you chroot, the command should not start with /mnt
Your second mount fails because there is not directory named mnt2
-
03-06-2012, 08:46 AM #10Junior Guru
- Join Date
- Mar 2010
- Posts
- 186
primed, thank you!
spicy's account has been suspended
Solved
-
03-06-2012, 08:51 AM #11Junior Guru
- Join Date
- Mar 2010
- Posts
- 186
Hmmm or not?
http://screensnapr.com/v/1gnm5D.png
-
03-06-2012, 09:13 AM #12Junior Guru
- Join Date
- Mar 2010
- Posts
- 186
!!!!!! Failed to disable spicy's website !!!!!!!!
Their account will continue to be publically
accessible. To disable the website, create an
htaccess file with the following contents at
/home/spicy/public_html/.htaccess:
RedirectMatch .* /cgi-sys/suspendedpage.cgi
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Thank you
-
03-06-2012, 09:22 AM #13
it's not
Code:mv /home/spicy/public_html/.htaccess /home/spicy/public_html/.htaccess.old echo "RedirectMatch .* /cgi-sys/suspendedpage.cgi" >> /home/spicy/public_html/.htaccess
Tom Whiting, WHMCS Guru extraordinaire
Linux problems? WHMCS Problems? Give me a shout
Check out my WHMCS Addons
-
03-06-2012, 10:13 AM #14Junior Guru Wannabe
- Join Date
- Mar 2011
- Posts
- 67
is your /home on another partition/raid than the root ?
cat /etc/fstab in chroot (or cat /mnt/etc/fstab outside chroot)
(If it is, you need to mount it inside the other)
ie.
mount /dev/md1 /mnt
mount /dev/md2 /mnt/home
mount points should look like what you have in fstab, plus the /mntLast edited by primed; 03-06-2012 at 10:18 AM.
-
03-06-2012, 10:33 AM #15Junior Guru
- Join Date
- Mar 2010
- Posts
- 186
Thank you linux-tech and primed
Similar Threads
-
Validating a project Vs PHP coding structure - URGENT URGENT !!!!!!!!!!!!!!
By helpwanted123 in forum Programming DiscussionReplies: 6Last Post: 12-21-2006, 05:30 PM -
[urgent]Uh, I think I filled my hard drive up[/Urgent]
By FULLAMHRD in forum Hosting Security and TechnologyReplies: 3Last Post: 05-01-2005, 08:26 PM -
Real Urgent ... need urgent windows 2003 administrator
By kamyana in forum Employment / Job OffersReplies: 2Last Post: 10-23-2004, 02:04 PM