WIN13 clients hacking each other !?

D

des

Guppy
I have just noticed some parts of my forum site stopped working. It was giving 404 error on some pages. I connected to my account via FTP and saw that 2 files were renamed, for example "forum_posts.asp" was renamed to "forum_posts.asp-old".

I am suspicious that some of your clients on win13 server did this. I know you can do this kind of things with a web file manager. However I checked and it seems I can't acces other clients' folders with my file manager. This means you have different anonymous user for each client instead of IUSR_machinename. But I haven't checked the access permissions of the user ASPNET. So can you please tell me how this is possible? I guess your staff wouldn't do this kind of things but I am pretty sure it was an internal attack.

What do you think about this? I want a safe web hosting, please advise on the reason.
 
Des,

Each user is locked to their own username.

However, submit a ticket and I will see if a TECH did this, we had an issue with a spammer abusing some asp scripts on a site, and they told me about it, but prehaps did not notify the customer. Techs will occasionally do this, and I know the site in question was a forum site ending in .tv or including tv in the name.
 
Hi Stephen,
Thanks for the response.

I have already submitted a ticket. Actually my site is a forum site ending in .tv so I suppose it should be my site but what's this spamming thing? Is someone trying to abuse my site. Actually I started to notice some slow response few days ago.

Is there any precautions I can take?
 
Des,

Ok, this was done by techs, it was someone abusing these pages to send spam, that is what was causing problems, many megs of spam went out from this, we stopped it with some software, but it was quite a disturbance for the mail delievery.

With the server itself, there was a very high CPU/RAM use site that was suspended, that played a lot in the server delays, and has been resolved.
 
You are constantly shutting down my forum site. This is the third time that I find out you renamed the index file default.asp file to 1default.asp.

Why are you doing this? Control panel shows that I have used just 4.1 GB of 10.0 GB bandwith so what is the exact problem?

My site has been down for 7 DAYS because you haven't notified me, it would be down for longer if I didn't find out by chance.

If you do this again I will definately change my hosting.

hi DES

PLease tell us,

what forum scripts do you use?

thanks
foxmen
Click to expand...
Foxmen,
I am using Web Wiz Forums v7.96.
 
We have notified you, and I have CCs of the mails, you have a 81MB Access database! This is causing the whole server to stop working while parsing your scripts.

Since renaming the file on your site and sending you the notice, the win13 server has done so much better, you can even see it in the cpu load graphs on SNMP. The site will not be allowed to continue running on JH servers if you don't move to SQL.

Here is a copy of the mail sent to you May 2nd, 2006 at 5:13am CDT:

Hello USER NAME,

Hope you are doing good. This is regarding domain edited. I found that one of your page is taking 23% cpu, I have renamed that page to 1Default.asp. URL is given below:
http://www.EDITED/forum/default.asp
I found that its using 81.2227 megabytes MS Access DB which could be the main reason, as using MSAccess DB having size more than 4MB is not good for site and server. So, I would like to suggest you convert it to MSSQL/MySQL.

Thanks,
Prakash
Windows Team

This was a notice sent to you on 4/25/2006 at 5:39am CDT:

Hello,

This is regarding the domain edited. Its any of these three pages are creating 23-25% CPU Usage, which is crashing that pool. I have renamed these pages. Please check that page for its coding and its connectivity with databases.

\edited\forum 1default.asp, 1forum_posts.asp, 1forum_topics.asp

I found that you are using MS Access as DB which is 53.2 MB, MS Access can use only 4 MB as DB. More than 4MB can make site sluggish. I would like to suggest you to transfer your DB to either MSSQL or MySQL.

Thanks,
Prakash


So as you can see, the forum grew almost 30MB in a short few days, and we supplied friendly notice each time, we will be forced to turn the site off in a manner you can not restart it if this abuse continues.
 
Just since you have renamed the default.asp again, it it now 84.01MB in size, 3MB in a few minutes, and the server is up on cpu usage again, this is really not acceptable and you must take steps to correct it.
 
Not ASP, MS Access :)

Start with SQL please we and other customers will thank you!
 
I have a fairly large database that was converted from Access to MS SQL...and I couldn't agree more. While I still know and understand very little about SQL..it really wasn't all that hard to convert. If you are starting out a new web wiz version 8.x application..going SQL from the very beginning should be fairly easy to do.
 
A short term solution until you can upgrade to MSSQL might be to do a compact & restore on the database. That should shave a few megabytes off the database
 
It is still being access so much it is causing high cpu and ram usage, we did this once already :(
 
c\\\'mmon, there is only so many notices you can give.
Boils down to: if you want to do whatever you want, then have your own server.
Sorry, you cannot pay for roller-blades and go out as a Ferrari.

I was forced to move too... and never looked back.
Go for it man... your clients will thank you.
 
You must log in or register to reply here.
Back
Top