www.digitalmars.com         C & C++   DMDScript  

digitalmars.D.announce - dblog.aldacron.net is Clean Again

reply Mike Parker <aldacron gmail.com> writes:
Google has cleared the dblog.aldacron.net domain from the blacklist, so 
it's safe to visit The One With D and the Derelict forums again.

Ultimately, I had to root everything out myself. Tech support was 
friendly enough, but very little help (they advised me that I needed to 
find the problem, which is what I asked for help with in the first 
place). It turns out there was a hidden executable which was completely 
invisible to my ftp client. I was able to see it only through the CPanel 
File Manager, but I was unable to delete it. Every attempt succeeded, 
only for the file to come back again. But once I eliminated all sorts of 
php files and fixed a number of static html files that had been 
modified, the problem went away even if the executable did not. Tech 
support did, finally, tell me they would remove the offending file.

Because of this experience, I've decided it's time to move away from 
shared hosting. I'm going to transfer everything over to a VPS (either 
with Digital Ocean or Linode) so that I can always have shell access.
Apr 11 2014
next sibling parent reply Nick Sabalausky <SeeWebsiteToContactMe semitwist.com> writes:
On 4/11/2014 9:10 AM, Mike Parker wrote:
 Google has cleared the dblog.aldacron.net domain from the blacklist, so
 it's safe to visit The One With D and the Derelict forums again.

 Ultimately, I had to root everything out myself. Tech support was
 friendly enough, but very little help (they advised me that I needed to
 find the problem, which is what I asked for help with in the first
 place). It turns out there was a hidden executable which was completely
 invisible to my ftp client. I was able to see it only through the CPanel
 File Manager, but I was unable to delete it. Every attempt succeeded,
 only for the file to come back again. But once I eliminated all sorts of
 php files and fixed a number of static html files that had been
 modified, the problem went away even if the executable did not. Tech
 support did, finally, tell me they would remove the offending file.
Ouch! At least it's all sorted out.
 Because of this experience, I've decided it's time to move away from
 shared hosting. I'm going to transfer everything over to a VPS (either
 with Digital Ocean or Linode) so that I can always have shell access.
Yea, shared hosting can be a pain. TBH, all my biggest web server problems have always been directly related to one shared host or another. I got fed up and switched to VPS a few years and haven't looked back. I haven't looked closely at the other VPS companies, but in my experience you can't go wrong with Linode. They're amazing. I'm ultra-critical of freaking everything, and yet I don't have a single, even minor, complaint about Linode. (But then I'm a control freak, so VPS is a natural fit for me anyway, so "FWIW".)
Apr 11 2014
next sibling parent reply simendsjo <simendsjo gmail.com> writes:
On 04/11/2014 03:41 PM, Nick Sabalausky wrote:
(...)
  I haven't looked closely at the other VPS companies, but in my
 experience you can't go wrong with Linode. They're amazing. I'm
 ultra-critical of freaking everything, and yet I don't have a single,
 even minor, complaint about Linode. (But then I'm a control freak, so
 VPS is a natural fit for me anyway, so "FWIW".)
Been using Linode for ~3 years, but a couple of months ago my node had a HW problem and was down for a couple of minutes. In other words - Linode is pretty good.
Apr 11 2014
parent Nick Sabalausky <SeeWebsiteToContactMe semitwist.com> writes:
On 4/11/2014 10:01 AM, simendsjo wrote:
 On 04/11/2014 03:41 PM, Nick Sabalausky wrote:
 (...)
  I haven't looked closely at the other VPS companies, but in my
 experience you can't go wrong with Linode. They're amazing. I'm
 ultra-critical of freaking everything, and yet I don't have a single,
 even minor, complaint about Linode. (But then I'm a control freak, so
 VPS is a natural fit for me anyway, so "FWIW".)
Been using Linode for ~3 years, but a couple of months ago my node had a HW problem and was down for a couple of minutes. In other words - Linode is pretty good.
Yea. *I've* caused far more downtime to my linode server than linode has :)
Apr 11 2014
prev sibling parent reply "Mike Parker" <aldacron gmail.com> writes:
Seems I spoke too soon. Tech support has yet to remove the file, 
the problem is back, and the site has been blacklisted again. 
What's more, it seems that the support guy who offered to delete 
the file overstepped his authority. Because now I get this from 
them:

"If you need assistance cleaning your account and fixing the 
security holes for you site, we offer a low cost service option 
called Managed Shared Hosting. For the service fee of $39.95, we 
can create a work order to investigate and fix your issue."

Screw these guys. Looks like I'll have to get the VPS set up and 
transfer the domain before I can get off the blacklist for good.
Apr 11 2014
parent reply Andrej Mitrovic <andrej.mitrovich gmail.com> writes:
On 4/12/14, Mike Parker <aldacron gmail.com> wrote:
 "If you need assistance cleaning your account and fixing the
 security holes for you site, we offer a low cost service option
 called Managed Shared Hosting. For the service fee of $39.95, we
 can create a work order to investigate and fix your issue."
Unbelievable. 40$ to delete a file.
Apr 11 2014
next sibling parent Nick Sabalausky <SeeWebsiteToContactMe semitwist.com> writes:
On 4/12/2014 2:38 AM, Andrej Mitrovic wrote:
 On 4/12/14, Mike Parker <aldacron gmail.com> wrote:
 "If you need assistance cleaning your account and fixing the
 security holes for you site, we offer a low cost service option
 called Managed Shared Hosting. For the service fee of $39.95, we
 can create a work order to investigate and fix your issue."
Unbelievable. 40$ to delete a file.
Sounds about on par with some of the the crazy shit I've seen shared hosts do.
Apr 12 2014
prev sibling parent reply "Kagamin" <spam here.lot> writes:
On Saturday, 12 April 2014 at 06:38:16 UTC, Andrej Mitrovic wrote:
 Unbelievable. 40$ to delete a file.
Sounds like the virus opposes naive deletion. One should first need to find its guard. Well, anyway, such things require security specialist, so they cost money. Mike should delete everything from the current site. Hope that will stop further distribution of the virus.
Apr 12 2014
parent reply "Vladimir Panteleev" <vladimir thecybershadow.net> writes:
On Saturday, 12 April 2014 at 09:36:42 UTC, Kagamin wrote:
 On Saturday, 12 April 2014 at 06:38:16 UTC, Andrej Mitrovic 
 wrote:
 Unbelievable. 40$ to delete a file.
Sounds like the virus opposes naive deletion. One should first need to find its guard. Well, anyway, such things require security specialist, so they cost money. Mike should delete everything from the current site. Hope that will stop further distribution of the virus.
I think the question should be asked, "How did that file got there?" Was there a security hole in the blog software? Was the password guessed, sniffed or stolen? (There exists Windows malware that steals saved FTP/SCP passwords...) Until the security hole is closed for good, the file may reappear again. I would suggest looking at the file's modification time, and checking the HTTP / FTP access logs for suspicious activity around that time.
Apr 13 2014
parent "Mike Parker" <aldacron gmail.com> writes:
On Monday, 14 April 2014 at 03:13:31 UTC, Vladimir Panteleev 
wrote:

 I think the question should be asked, "How did that file got 
 there?"

 Was there a security hole in the blog software?

 Was the password guessed, sniffed or stolen?
 (There exists Windows malware that steals saved FTP/SCP 
 passwords...)

 Until the security hole is closed for good, the file may 
 reappear again.
On shared hosting, situations like this (in my experience) follow a check list. You remove any infected files and malware from your directories, update the passwords, reinstall or update the software and, if the problem persists, tech support will dig into it to find the holes. In seven years of running the site, I had previously only had one script injection problem which came down to a bug in Wordpress and was fixed in the next update. Never had a malware problem before, but given that these guys instructed me to delete it ( a no-brainer) or risk suspension of my account, I would not expect them to charge me $40 when it proves impossible for me to remove.
 I would suggest looking at the file's modification time, and 
 checking the HTTP / FTP access logs for suspicious activity 
 around that time.
One can wish. The file time is Jan 1, 1970 8:59. It's zero bytes and has full permissions. Its name is a jumbled mess (blocks and symbols). The only clue I had was the modification times of the mysterious php files (all of which also showed up as 0 bytes) and the infected html files, but I don't know if they're related to the malware or something completely different.
Apr 13 2014
prev sibling parent reply Nick Sabalausky <SeeWebsiteToContactMe semitwist.com> writes:
On 4/11/2014 9:10 AM, Mike Parker wrote:
 Because of this experience, I've decided it's time to move away from
 shared hosting. I'm going to transfer everything over to a VPS (either
 with Digital Ocean or Linode) so that I can always have shell access.
If you do go with Digital Ocean, I'd be interested in hearing how it works out. Their $5/mo option might be a good way out next time I have a client who's trying to use a shared PHP-oriented host. If you don't want to post here my email is nick1 (and the email's domain name is semitwist.com).
Apr 12 2014
parent reply Mike Parker <aldacron gmail.com> writes:
On 4/13/2014 6:39 AM, Nick Sabalausky wrote:
 On 4/11/2014 9:10 AM, Mike Parker wrote:
 Because of this experience, I've decided it's time to move away from
 shared hosting. I'm going to transfer everything over to a VPS (either
 with Digital Ocean or Linode) so that I can always have shell access.
If you do go with Digital Ocean, I'd be interested in hearing how it works out. Their $5/mo option might be a good way out next time I have a client who's trying to use a shared PHP-oriented host. If you don't want to post here my email is nick1 (and the email's domain name is semitwist.com).
I wound up going with Linode. I had used them before when I needed a short-term VPS and already had an account.
Apr 13 2014
next sibling parent reply "Vladimir Panteleev" <vladimir thecybershadow.net> writes:
On Sunday, 13 April 2014 at 11:44:50 UTC, Mike Parker wrote:
 On 4/13/2014 6:39 AM, Nick Sabalausky wrote:
 On 4/11/2014 9:10 AM, Mike Parker wrote:
 Because of this experience, I've decided it's time to move 
 away from
 shared hosting. I'm going to transfer everything over to a 
 VPS (either
 with Digital Ocean or Linode) so that I can always have shell 
 access.
If you do go with Digital Ocean, I'd be interested in hearing how it works out. Their $5/mo option might be a good way out next time I have a client who's trying to use a shared PHP-oriented host. If you don't want to post here my email is nick1 (and the email's domain name is semitwist.com).
I wound up going with Linode. I had used them before when I needed a short-term VPS and already had an account.
Sorry for arriving late in this thread, but if you need hosting for D-related projects, I'd be glad to offer some on my server. You get a limited Linux user with full shell access, and your choice of httpd.
Apr 13 2014
parent "Mike Parker" <aldacron gmail.com> writes:
 I wound up going with Linode. I had used them before when I 
 needed a short-term VPS and already had an account.
Sorry for arriving late in this thread, but if you need hosting for D-related projects, I'd be glad to offer some on my server. You get a limited Linux user with full shell access, and your choice of httpd.
Thanks for the offer. I'd take you up on it, but now that I've broken away from shared hosting I plan to make use of the resources on this VPS for more than just D stuff.
Apr 13 2014
prev sibling parent Rory McGuire <rjmcguire gmail.com> writes:
On 13 Apr 2014 1:45 PM, "Mike Parker" <aldacron gmail.com> wrote:
 On 4/13/2014 6:39 AM, Nick Sabalausky wrote:
 On 4/11/2014 9:10 AM, Mike Parker wrote:
 Because of this experience, I've decided it's time to move away from
 shared hosting. I'm going to transfer everything over to a VPS (either
 with Digital Ocean or Linode) so that I can always have shell access.
If you do go with Digital Ocean, I'd be interested in hearing how it works out. Their $5/mo option might be a good way out next time I have a client who's trying to use a shared PHP-oriented host. If you don't want to post here my email is nick1 (and the email's domain name is semitwist.com).
I wound up going with Linode. I had used them before when I needed a
short-term VPS and already had an account. I've been using digitalocean and I quite like them. Unfortunately I haven't had any problems so I could say how they handle that. I use them for work and for quick trials.
Apr 14 2014