Display posts from previous
Sort by

Ongoing Injection Attacks on the Server

1 by Hunter
Founder
This is from the people who run the server which SG is hosted on:
Dear Customers,

We have disabled remote FTP access on all servers. Recently all our servers were targeted by a server based in Gnax datacenter ( US based ) and index page of certain websites who had weak FTP password were injected.

We have executed mass replacement scripts which have removed those injection but we cannot open FTP port unless cpanel finds a solution on this problem. those who need FTP access should request support team to add their IP address in allowed list for FTP access for respective username.

If you still see the injected code in your files then there's no need to panic. remove it using file manager in your control panel or request our support team to do so. I will post link to a form which should be used to request FTP access.

There's a long discussion going on cpanel forum regarding this injections but there has been no solution so far. this injection has occurred due to vulnerability in pure-ftp service and nothing else could be done besides injection of iframe code.

so far no solution. We will need to keep global FTP access disabled till cpanel replies with a solution.

All customers are request to choose a complicated FTP password of at least 10 characters. You can reset your password from control panel.
We have managed to communicate with the 14 year old boy from New Zealand whose server was used for this injection attack. We are not able to trace if he is the actual person who did it but he has given all the scripts and available ftp passwords he had on his server.

we are sending an email to customers whose passwords were on his server and our phone support team will be calling all those customers in next 2 days time.

he used ftp_exec function to initiate this injection and he managed to get list of passwords for those accounts which had weak password without any numbers or Caps in them. We have modified our password policy on the signup page and now every customer will need to choose a password with minimum 10 characters.

I will update with further information as we are trying to trap the actual culprit.
Last edited by Hunter on Fri Jun 01, 2007 3:15 pm, edited 1 time in total.

6 by d3jake
Elite SG Elder
Heh, as long as people have a back up of what's on the Pavilion FTP we're good. I don't think I"ll get a 23 character password though...
"If toast always lands butter-side down, and cats always land on their feet, what happens if you strap toast on the back of a cat and drop it?"
-Steven Wright

10 by ghhyrd
Elite SG Admiral
Do you have it set to 'remember me' on your computer to log you in as soon as you access the site?
'Memory and imagination are but one thing, which for diverse considerations, have diverse names'
¦- F R E D E N T H U S I A S T -¦

12 by ghhyrd
Elite SG Admiral
Well this happened to me once, but I think that was because I had recently accessed Me on here from a different computer.

Have you been on here from a different computer than your normal one before?
'Memory and imagination are but one thing, which for diverse considerations, have diverse names'
¦- F R E D E N T H U S I A S T -¦

13 by Kietotheworld
SG Fanatic
ghhyrd wrote:Well this happened to me once, but I think that was because I had recently accessed Me on here from a different computer.

Have you been on here from a different computer than your normal one before?
Not that I can remember. Its not a big issue anyway, no-one's making unusual posts in my name, I just have to log in again.
Post Reply

Return to “General Discussion”