Dynadot

Hackers - From Comapnies!

Spaceship Spaceship
Watch
G

Gnet

VIP Member
VIP
★★★★★★★★★★
Impact
9
I posted this in web hosting discussion but i think its a legal dispute now.


Recently i started my new project: www.my200mb.com a free subdomain hosting site, in a week i got heavy traffic, with in the last 2 days the cpanel and whm got really really slow i always wondered what was going on....never really thought i was being hacked...then last night i saw " last login from : NOT MY IP "

I was shocked like hell i changed all passwords and then took up some articles at www.webhostgear.com, installed Brute Force Detection via SSH and then got 16 emails from it that had information of ips trying to getin....that was terrifying...then to ban those ips i got APS its a firewall taht bans ips.

And the person that got in messed up my database on my200mb.com and i have to re install the whole thing and delete each account i was doing so good in adsense......

But ive learned a lesson never leave a server unsecure and now ill install a heck lot of more mods for server security and bandwidth monitoring...

If any more ideas, i would love to listen.

Regards

Edit:

One more thing that mod gives you the ip of the hacker i just got this dude: 209.216.227.60

and to get his location just whois him its easy

Whois Record


American Digital Network ADN-WEST-3 (NET-209-216-192-0-1)
209.216.192.0 - 209.216.255.255
Tech Assist, Inc. ADN-TECHASSIST-NETBLK14 (NET-209-216-227-0-1)
209.216.227.0 - 209.216.227.255

Its a compani something like Assist Tech and ill be giving them a call as well as calling my lawyer.
 
Click to expand...
Reply
0
0 Like
0 Thanks
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
Sort by date Sort by points
Click to expand...
Reply
0
0 Like
0 Thanks
•••
Thanks Kev!

Will check them out.
 
Click to expand...
Reply
0
0 Like
0 Thanks
•••
That Ip you found might be of a proxy that the hacker was using
Or it might have been pointing to the hacker's isp (for some reason some isps
never show the details of their users)

Also you should disable users from uploading any form of scripts (specially
php) on their free accounts, its too risky

Good luck ;)
 
Click to expand...
Reply
0
0 Like
0 Thanks
•••
Get rid of cpanel that's my advice. Run a real server without a control panel and just use SSH.
 
Click to expand...
Reply
0
0 Like
0 Thanks
•••
American Digital Network ADN-WEST-3 (NET-209-216-192-0-1)
209.216.192.0 - 209.216.255.255
Tech Assist, Inc. ADN-TECHASSIST-NETBLK14 (NET-209-216-227-0-1)
209.216.227.0 - 209.216.227.255
Click to expand...

ADN is an isp. I would suggest calling them and asking for logs for the ip(209.216.227.60). The "hacker" might have stolen a legitimate account from the isp too.
 
Click to expand...
Reply
0
0 Like
0 Thanks
•••
Log in or sign up to reply here.

Similar threads

Ben3Verse
Hello from Ben3verse
11 replies
657 views
xynames
xynames
LaurentV
My domain & Me, a story since 2001
7 replies
486 views
LaurentV
LaurentV
A1EX
discuss I need to vent, this site needs a general vent thread... so here it is...
15 replies
1K views
johnn
johnn
A1EX
security WARNING: Stay away from Namecheap for Domains, Web, and E-Mail Hosting!
2 replies
2K views
alcy
A
vast
status-resolved Content removal policy feedback
5 replies
501 views
vast
vast

We're social

Escrow.com

New posts

Auction activity

Domain Recover

What non .com extensions have you sold in 2024?

Polls of interest

Popular this week

Catchy

Community favorite

Popular this month

Blog favorites

  • The sidebar remains visible by scrolling at a speed relative to the page’s height.
Back