WIN13 clients hacking each other !?

Discussion in 'H-Sphere Shared Hosting' started by des, Mar 13, 2006.

  1. des

    des Guppy

    I have just noticed some parts of my forum site stopped working. It was giving 404 error on some pages. I connected to my account via FTP and saw that 2 files were renamed, for example "forum_posts.asp" was renamed to "forum_posts.asp-old".

    I am suspicious that some of your clients on win13 server did this. I know you can do this kind of things with a web file manager. However I checked and it seems I can't acces other clients' folders with my file manager. This means you have different anonymous user for each client instead of IUSR_machinename. But I haven't checked the access permissions of the user ASPNET. So can you please tell me how this is possible? I guess your staff wouldn't do this kind of things but I am pretty sure it was an internal attack.

    What do you think about this? I want a safe web hosting, please advise on the reason.
  2. Stephen

    Stephen US Operations Staff Member

    Des,

    Each user is locked to their own username.

    However, submit a ticket and I will see if a TECH did this, we had an issue with a spammer abusing some asp scripts on a site, and they told me about it, but prehaps did not notify the customer. Techs will occasionally do this, and I know the site in question was a forum site ending in .tv or including tv in the name.
  3. des

    des Guppy

    Hi Stephen,
    Thanks for the response.

    I have already submitted a ticket. Actually my site is a forum site ending in .tv so I suppose it should be my site but what's this spamming thing? Is someone trying to abuse my site. Actually I started to notice some slow response few days ago.

    Is there any precautions I can take?
  4. Stephen

    Stephen US Operations Staff Member

    Des,

    Ok, this was done by techs, it was someone abusing these pages to send spam, that is what was causing problems, many megs of spam went out from this, we stopped it with some software, but it was quite a disturbance for the mail delievery.

    With the server itself, there was a very high CPU/RAM use site that was suspended, that played a lot in the server delays, and has been resolved.
  5. foxmen

    foxmen Guppy

    hi DES

    PLease tell us,

    what forum scripts do you use?

    thanks
    foxmen
  6. des

    des Guppy

    You are constantly shutting down my forum site. This is the third time that I find out you renamed the index file default.asp file to 1default.asp.

    Why are you doing this? Control panel shows that I have used just 4.1 GB of 10.0 GB bandwith so what is the exact problem?

    My site has been down for 7 DAYS because you haven't notified me, it would be down for longer if I didn't find out by chance.

    If you do this again I will definately change my hosting.

    Foxmen,
    I am using Web Wiz Forums v7.96.
  7. Stephen

    Stephen US Operations Staff Member

    We have notified you, and I have CCs of the mails, you have a 81MB Access database! This is causing the whole server to stop working while parsing your scripts.

    Since renaming the file on your site and sending you the notice, the win13 server has done so much better, you can even see it in the cpu load graphs on SNMP. The site will not be allowed to continue running on JH servers if you don't move to SQL.

    Here is a copy of the mail sent to you May 2nd, 2006 at 5:13am CDT:

    Hello USER NAME,

    Hope you are doing good. This is regarding domain edited. I found that one of your page is taking 23% cpu, I have renamed that page to 1Default.asp. URL is given below:
    http://www.EDITED/forum/default.asp
    I found that its using 81.2227 megabytes MS Access DB which could be the main reason, as using MSAccess DB having size more than 4MB is not good for site and server. So, I would like to suggest you convert it to MSSQL/MySQL.

    Thanks,
    Prakash
    Windows Team

    This was a notice sent to you on 4/25/2006 at 5:39am CDT:

    Hello,

    This is regarding the domain edited. Its any of these three pages are creating 23-25% CPU Usage, which is crashing that pool. I have renamed these pages. Please check that page for its coding and its connectivity with databases.

    \edited\forum 1default.asp, 1forum_posts.asp, 1forum_topics.asp

    I found that you are using MS Access as DB which is 53.2 MB, MS Access can use only 4 MB as DB. More than 4MB can make site sluggish. I would like to suggest you to transfer your DB to either MSSQL or MySQL.

    Thanks,
    Prakash


    So as you can see, the forum grew almost 30MB in a short few days, and we supplied friendly notice each time, we will be forced to turn the site off in a manner you can not restart it if this abuse continues.
  8. Stephen

    Stephen US Operations Staff Member

    Just since you have renamed the default.asp again, it it now 84.01MB in size, 3MB in a few minutes, and the server is up on cpu usage again, this is really not acceptable and you must take steps to correct it.
  9. So any .asp database can't be over 4mb? I am building a WebWiz forum if it gets over 4mb is it going to be a problem?
  10. Stephen

    Stephen US Operations Staff Member

    Not ASP, MS Access :)

    Start with SQL please we and other customers will thank you!
  11. Oh, Yea its MsSQL...
  12. InTheMarket

    InTheMarket Perch

    I have a fairly large database that was converted from Access to MS SQL...and I couldn't agree more. While I still know and understand very little about SQL..it really wasn't all that hard to convert. If you are starting out a new web wiz version 8.x application..going SQL from the very beginning should be fairly easy to do.
  13. mcarolan

    mcarolan Guppy

    A short term solution until you can upgrade to MSSQL might be to do a compact & restore on the database. That should shave a few megabytes off the database
  14. Stephen

    Stephen US Operations Staff Member

    It is still being access so much it is causing high cpu and ram usage, we did this once already :(
  15. Underdog

    Underdog Perch

    c\\\'mmon, there is only so many notices you can give.
    Boils down to: if you want to do whatever you want, then have your own server.
    Sorry, you cannot pay for roller-blades and go out as a Ferrari.

    I was forced to move too... and never looked back.
    Go for it man... your clients will thank you.

Share This Page

JodoHost - 26,000 hosting end-users in 100 countries
Plesk Web Hosting
VPS Hosting
H-Sphere Web Hosting
Other Services