hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : preventing being hacked by "V4 team"
Reply

Hosting Security and Technology Configuring and optimizing web hosting servers and operating systems, developing administration scripts, building servers, protecting against hackers, and general security (SSL certificates, etc.)
Forum Jump

preventing being hacked by "V4 team"

Reply Post New Thread In Hosting Security and Technology Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 11-10-2007, 06:02 PM
chamelion chamelion is offline
Web Hosting Evangelist
  
Join Date: Aug 2005
Posts: 528

preventing being hacked by "V4 team"

just got some sites hacked for a second time by this V4 team.

Quote:
Hack3d

Your System 0wned By V4 TeAm

V.4 Crackers

Contact :

Dj_moad@hotmail.fr

Attack Method : uid=0(root) gid=0(root) groups=0(Root)

Attack Reason : Revenge against that websites

GrEetz To All V4 TeAm Members

==>>V4 TeaM<<==

links to http://members.lycos.co.uk/moadis


i've run every security setting i can picture, including CSF, firewalls, restricting php access, suexec and what not.

any ideas how these a**holes keep coming in? using WHM11.

Reply With Quote


Sponsored Links
  #2  
Old 11-10-2007, 06:13 PM
Servax Servax is offline
Aspiring Evangelist
  
Join Date: Mar 2005
Posts: 399
What kernel are you running, and which OS?

__________________
|| Dennis Liang,
|| ServaxNet LLC

Reply With Quote
  #3  
Old 11-10-2007, 06:17 PM
chamelion chamelion is offline
Web Hosting Evangelist
  
Join Date: Aug 2005
Posts: 528
centos
2.6.9-55.ELsmp

Reply With Quote
Sponsored Links
  #4  
Old 11-10-2007, 06:51 PM
sh4ka sh4ka is offline
Web Hosting Evangelist
  
Join Date: Apr 2006
Posts: 466
Well.. that kernel is old, that may be one reason to explain why you were exploited.

Reply With Quote
  #5  
Old 11-10-2007, 07:05 PM
optikalus optikalus is offline
WHT Addict
  
Join Date: Jun 2004
Location: San Diego, CA
Posts: 136
Have you ran a rootkit checker?

Is your /tmp filesystem executable?

If you've not run a rootkit checker since the first attack, then it is possible that even though you've secured the server better, they're still getting in through the backdoor they created.

__________________
Matt Bloom
AngryHosting - Load balanced/redundant shared hosting solutions

Reply With Quote
  #6  
Old 11-10-2007, 07:20 PM
IH-Chris IH-Chris is offline
Junior Guru
  
Join Date: Jun 2007
Posts: 217
I recommend contacting a firm to actually go through your server. It would be impossible to tell you how it was done without looking at it.

Contact Rack911.com and ask for Steve. He always seems to be eager to assist for reasonable rate. They may be booked up, but worth a shot.

Reply With Quote
  #7  
Old 11-17-2010, 12:08 AM
askjim askjim is offline
New Member
  
Join Date: Nov 2010
Posts: 1
Thumbs up Solution found for my V4 team hack
Had the same problem where all the websites under my hosting package were compromised by these annoying *r*eholes.

After going through log files and checking for rootkits etc it was discovered that one of the sites under my hosting package was running an old 2007 version of OS Commerce which had a security hole.
After a forced attack to gain access to the admin console, the hacker was able to modify the logoff.php file which enabled him to go up a directory to the main root of where all my sites were.
Luckily for me, mostly all files were still there however they had replaced the index.htm files with their own or added an index.html file or an index.php file.

I'm in the process of rebuilding the OS Commerce site with a more secure and up to date version however deleting the site (or deleting the logoff.php file) removed the threats.

I hope this helps...

Reply With Quote
Reply

Related posts from TheWhir.com
Title Type Date Posted
Whistleblower Site Cryptome Hacked, Infects PCs with Drive-By Exploits Web Hosting News 2012-02-14 14:48:24
Dutch Security Firm Gemnet and Certificate Authority Division Gemnet CSP Offline Following Hack Web Hosting News 2011-12-09 15:33:53
Bangladeshi Hacker TiGER-M@TE Targets InMotion Hosting Web Hosting News 2011-09-26 15:24:05
South Korean Domain Registrar Gabia, Epson Korea Websites Hacked Web Hosting News 2011-08-24 14:04:01
Hackers Crack Fox News Twitter, Post False Report of Obama's Death Web Hosting News 2011-07-05 14:08:59


« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:

cPanel Addresses User Concerns of Transfer and Backup Restore System Security

US Attorney says Government Should Have Warrants to Search Email

8kMiles Acquires Cloud Security Firm FuGen Solutions for $7.5 Million

Name.com Resets Customer Passwords After Security Breach

Outbound Spam Causing Sleepless Nights?

Malwarebytes Launches Data Scan-and-Backup Service

Commtouch Report: Spam, Malware Continues to Increase in Q1 2013

Researchers Urge System Admins to Check for New Apache Web Server Backdoor Malware

APWG Study Finds Phishers Increasingly Target Shared Virtual Servers

Man Arrested in Connection to Spamhaus DDoS Attacks



 

Learn more about advertising opportunities across the iNET Interactive Network.

LiquidWeb
X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?