January 16, 2021, 08:59:46 PM

Author Topic: Cerberus X website down  (Read 1016 times)

Offline MikeHart

  • Hero Member
  • *****
  • Posts: 756
  • Cerberus X developer
    • Cerberus X
Cerberus X website down
« on: July 25, 2020, 10:27:48 AM »
Hi folks,


thanks to some a..hole, our website is down and I don't know how long it will take to come back, if the database is damaged and so forth.

Offline MikeHart

  • Hero Member
  • *****
  • Posts: 756
  • Cerberus X developer
    • Cerberus X
Re: Cerberus X discord server
« Reply #1 on: July 25, 2020, 11:34:46 AM »
Of course, this place here is fine too.

Offline iWasAdam

  • Hero Member
  • *****
  • Posts: 2057
Re: Cerberus X website down
« Reply #2 on: July 25, 2020, 11:56:28 AM »
my faith in you and my thoughts - It will take as long as it takes ;)

Online Derron

  • Hero Member
  • *****
  • Posts: 3331
Re: Cerberus X website down
« Reply #3 on: July 25, 2020, 11:57:09 AM »
Managed hosting = daily backups (most often).
Just in case you did not think of (login and check if you can "restore" something).

Also some hosting setups allow to do daily backups on your own (including mailing stuff to you) depending on what you set up in the past (and forgot about it) you might even have backups here and there.


All the best.

Ron

Offline MikeHart

  • Hero Member
  • *****
  • Posts: 756
  • Cerberus X developer
    • Cerberus X
Re: Cerberus X website down
« Reply #4 on: July 25, 2020, 12:15:53 PM »
Ron,


guess what. My ISP does these backups automatically. Webspace AND DB. Webspace is restored, all faulty files removed, passwords changed. The DB will be restored if I notice any damages.


BUT...


for this I need my ISP to reanable the domains/Webspace. They have deactivated ALL my domains. And from what I gathered in the net, that can be a lengthy progress. IF I will succeed.

I am not even able to reroute my domains to a different place. Well I set them too, but nothing happens.

Online Derron

  • Hero Member
  • *****
  • Posts: 3331
Re: Cerberus X website down
« Reply #5 on: July 25, 2020, 12:25:34 PM »
Hmm this stuff of "deactivation" ... I once received a letter (not an email) from Strato (must be ~10 years ago) in which they informed me that my webhost is used to send out malicious content (someone dropped a backdoor/shell script). I needed to sign that I do whatever is possible for me to have it fixed and that it wont happen anymore.

Normally it is up to you what you do with your webhost (assuming it is "legal" in the hosters country) but they might hav TOC (or AGB ;D) allowing them to suspend your account when they identify "doubtful" actions.


You could meanwhile create a "cerberusx.us.to" domain or another dynamic ip service which points to the IP of your webhost (assume you run a (v)server, not just webspace). In the hosting you needed to setup what website to "show" when using this domain (you can have virtual hosts - so depending on the domain you use another "directory" is served - this way you only have one IP but eg 10 different domains and websites).


Nonetheless: good to have a restored backup. I would urgently check your scripts for vulnerabilities. Find out how they intruded your system (I think of either your forum software or one of its addons). Especially if it was a "automatic hack" (script checked your website, found a vulnerability, exploited it and placed some automatic malicious scripts ----- compared to a manual hack which did some indidivual stuff to you like "greeting all cerberus users" or so). These "hack bots" will just return and do it again if you do not fix the security holes.

bye
Ron

Offline Qube

  • Administrator
  • Hero Member
  • *****
  • Posts: 2587
  • I mostly code at night... Mostly.
    • SyntaxBomb - Indie Coders
Re: Cerberus X website down
« Reply #6 on: July 25, 2020, 02:22:16 PM »
That's really crappy for some twat to hack a site that has zero benefit to them for doing so. Probably some script kiddy who's got a script looking for that particular forum all over the web so he can boast to his "online friends" that he's hacked a site ( using someone else's tools ). Such a legend :(

Hope you get it all up and running soon again and find / fix the way they got in.

Wonder if we're next  ::)
Mac mini ( 2018 / 2020 ), 3 GHz 6-Core Intel Core i5, 16 GB 2667 MHz DDR4, 1TB NVMe, eGPU Radeon Pro 580 8 GB, LG Ultragear 27GL83A-B 27 Inch
Commodore VIC-20, 1.1Mhz MOS 6502 CPU, 5KB RAM, VIC ( 6560 ) GPU

Until the next time...

Offline MikeHart

  • Hero Member
  • *****
  • Posts: 756
  • Cerberus X developer
    • Cerberus X
Re: Cerberus X website down
« Reply #7 on: July 25, 2020, 03:24:54 PM »
Hmm this stuff of "deactivation" ... I once received a letter (not an email) from Strato (must be ~10 years ago) in which they informed me that my webhost is used to send out malicious content (someone dropped a backdoor/shell script). I needed to sign that I do whatever is possible for me to have it fixed and that it wont happen anymore.

Normally it is up to you what you do with your webhost (assuming it is "legal" in the hosters country) but they might hav TOC (or AGB ;D ) allowing them to suspend your account when they identify "doubtful" actions.


You could meanwhile create a "cerberusx.us.to" domain or another dynamic ip service which points to the IP of your webhost (assume you run a (v)server, not just webspace). In the hosting you needed to setup what website to "show" when using this domain (you can have virtual hosts - so depending on the domain you use another "directory" is served - this way you only have one IP but eg 10 different domains and websites).


Nonetheless: good to have a restored backup. I would urgently check your scripts for vulnerabilities. Find out how they intruded your system (I think of either your forum software or one of its addons). Especially if it was a "automatic hack" (script checked your website, found a vulnerability, exploited it and placed some automatic malicious scripts ----- compared to a manual hack which did some indidivual stuff to you like "greeting all cerberus users" or so). These "hack bots" will just return and do it again if you do not fix the security holes.

bye
Ron


1. Webhosting, so they control the domain routing. I just can wait or move everything to a different provider and move the domain.
2. They took all domains down because they had to "wegen Mitstörerhaftung verpflichtet".


How automatic it was I don't know. On my webspace I had several folders. One for CX, one for a static website, 2 for Strato hosted Wordpress sites. All domains are routed to the corresponding folders. But another unused domain was routed to the root folder. Anyway, in the root folder there was an updating.php script. The content looks like it is related to wordpress and had some big crytic strings. Then they planted some other php scripts within the cgi-bin and cgi-data folder. One looked the same like this updating.php file. The same files were inside the CX installation. The CX files and wordpress files itself were all untouched.
The none of the sites have a contact form.


According to strato they sending mass spam emails from my webspace. How I don't know. Normally they should have had access to my user login details, or? And wouldn't they need my email passwords for this?

Offline MikeHart

  • Hero Member
  • *****
  • Posts: 756
  • Cerberus X developer
    • Cerberus X
Re: Cerberus X website down
« Reply #8 on: July 25, 2020, 03:28:33 PM »
Good news is, I was able to download the forum installation and now the DB. And it looks like no harm was done to it. But that is just judging by a look via phpmyadmin.

Offline 3DzForMe

  • Hero Member
  • *****
  • Posts: 1177
Re: Cerberus X website down
« Reply #9 on: July 25, 2020, 08:06:43 PM »
Any publicity s good publicity, opened up my Cerberus 64 today and she compiles a treat 😁👍, Kudos for keeping and evolving MonkeyX spirit. 👍

Offline Qube

  • Administrator
  • Hero Member
  • *****
  • Posts: 2587
  • I mostly code at night... Mostly.
    • SyntaxBomb - Indie Coders
Re: Cerberus X website down
« Reply #10 on: July 26, 2020, 02:08:39 AM »
Quote
Good news is, I was able to download the forum installation and now the DB. And it looks like no harm was done to it. But that is just judging by a look via phpmyadmin.
That's good news from bad at least.

Also if things look like they're going to take a while then I'm happy to host on our server in your own private corner. Just give me a slap if needed :)
Mac mini ( 2018 / 2020 ), 3 GHz 6-Core Intel Core i5, 16 GB 2667 MHz DDR4, 1TB NVMe, eGPU Radeon Pro 580 8 GB, LG Ultragear 27GL83A-B 27 Inch
Commodore VIC-20, 1.1Mhz MOS 6502 CPU, 5KB RAM, VIC ( 6560 ) GPU

Until the next time...

Offline MikeHart

  • Hero Member
  • *****
  • Posts: 756
  • Cerberus X developer
    • Cerberus X
Re: Cerberus X website down
« Reply #11 on: July 26, 2020, 05:39:17 AM »
Any publicity s good publicity, opened up my Cerberus 64 today and she compiles a treat 😁👍, Kudos for keeping and evolving MonkeyX spirit. 👍
That is good to hear.

Offline MikeHart

  • Hero Member
  • *****
  • Posts: 756
  • Cerberus X developer
    • Cerberus X
Re: Cerberus X website down
« Reply #12 on: July 26, 2020, 05:39:46 AM »
Quote
Good news is, I was able to download the forum installation and now the DB. And it looks like no harm was done to it. But that is just judging by a look via phpmyadmin.
That's good news from bad at least.

Also if things look like they're going to take a while then I'm happy to host on our server in your own private corner. Just give me a slap if needed :)


Thanks buddy, lets wait and see what Strato does.

Offline Amon.

  • Full Member
  • ***
  • Posts: 208
  • What? There's no ceiling outside?
    • Amon.Pro
Re: Cerberus X website down
« Reply #13 on: July 26, 2020, 08:20:36 AM »
I hope everything gets back online. Cerberus-X is a wonder to use thanks to mike. The website and forums were perfectly maintained and the community has some really cool members.

I never understood why people deface/hack websites. I guess the only logical conclusion would be the these types of people suffer from small penis problems.
Windows 10 Pro - 64GB DDR4 RAM - GEFORCE RTX 2080 TI 11GB - AMD RYZEN 9 3950X

Online Derron

  • Hero Member
  • *****
  • Posts: 3331
Re: Cerberus X website down
« Reply #14 on: July 26, 2020, 08:46:56 AM »
Strato is a mess these days ... we vserver users had veeeeery slow IO sometimes. So slow that processes started hanging in dead loops and whatever, the guys of holarse linux gaming (running a multitude of game servers and the likes - on strato) had even more serious issues :D.
Strato then finally announced publically (1 or 2 months ago) that they have issues which they investigate .... wow ... you know I opened a ticket for this in last year ? and since then reinstalled my server (assumed a malicious script hiding from me), rebooted every 1-2 weeks to resolve issues for a while as even the mailserver stopped working randomly.

They "fixed" it then (after the public announce) and since then it "almost" works, I just get randomly Apache2 no longer responding (mail server works, plex as admin tool still works, ... ftp and all works, just apache is running but no longer reacting, logs do not show any error). Yeah, as the IO stuff is creeping back I assume they will "fix" it later "again".



@ Mitstörerhaftung
Yeah, this is something what I described, needed to send a letter (maybe they even accepted a "Fax").

Surely they used a vulnerability in either wordpress, wordpress plugins or forum, forum plugins. Once they have this (most often an upload or remote execution vulnerability) they place scripts and they allow to execute whatever they want (according to the restrictions of your webhost).

So similar to your forum or wordpress installation these scripts could send mails .. and mails .... and mails.


Also take this into consideration: your domains (the ones they used for spamming) will now be listed on zenhaus and other "black lists". Other webservers (like mine) contact these black lists when they receive a mail of your domain ... and if the black lists contain it, they (the mails) get rejected.

It takes a while until all the lists remove you from the active spammer list. for some you can (or even must) apply to be no longer "a spammer".

https://mxtoolbox.com/blacklists.aspx
http://www.anti-abuse.org/multi-rbl-check
....
(both do not list you ... which is GOOD!)


Writing this just in case your websites get reactivated and you wonder why eg some people cannot "register".

Also ensure: do only use forum addons which gets updates, use less but secure ones. Same for wordpress. The forum software and word press core are often well maintained (but also target of vulnerability checks ... :D) but the addons/extra modules by 3rd party are checked too while not maintained so properly in all cases.



@ why they hack
Bots ... automatic spam host take overs.


@ Qube
As good as your offer is: what happens if his websites get taken over again? Your ISP might approach to you for spamming - and even close down your line (depends on TOC of course - and your local laws). Take this into consideration.


@ MIKE
What I suggest to you is the following: move your domain to a different hosting service. First of all: domains are cheaper elsewhere than with strato, 1und1 ... etc
Second: you can just redirect your domain to a different IP / website easily.
so instead of https://h123443543.stratoserver.net (or similar) you point to a different spot on the web. Dunno if that is really feasible with "webspace" packages. I think Strato is one of the hosters now allowing "external Domains" ("Aufschaltung externer Domains"). And if they offered it I am sure they would ask some money for it.

All the cheaper hosts (https://wint.global  https://www.netcup.de) allow such stuff but might struggle with other issues. Yet having "domains" on A and "space/servers" on B allows to react on emergency cases like "B" shutting down your services for violating the TOC (eg by being hacked - or by doing dumb stuff on your own).



bye
Ron

 

SimplePortal 2.3.6 © 2008-2014, SimplePortal