mydediserver
10-04-09, 11:40 PM
Dear All,
One of our server ( Shared SERVER , Centos with ProFTPd ) had massive FTP attacks last week, FTP username and password was compromised and taken for Hacking. One of the sites who had a great place in google ranking got tarnished, incidentally it was just a static HTML site with no scripts .We could restore it from our backup. Google and stopbadware.org listed the site in their malware database. We removed the malware code and restored the site back to normal and the removal was also reported to Google and stopbadware.
Before the hackers could get into other sites , we changed the FTP password but the hackers were found to have used the OLD ftp username and password of 2-3 sites more and they were trying from numerous locations. The attacking IPs originated from Romania , Bulgaria and Hungary.
As they were targeting only some sites of one of our client we understood it was only from his machine that information was leaked (as his sites were hacked) . We contacted him (Also this happened after his Kaspersky 2009 which he had installed went into inactive mode after the trial period. ) and as the client was a novice we made him install teamviewer and removed Kaspersky 2009, and installed Kaspersky 2010 ( trial version ) , we also installed SUPERAntiSpyware Free Edition in his machine. Kaspersky was put on scan , it caught the Trojans and Keyloggers . The virus scanner kills the logger each time again it comes up in memory ( it was like in a loop ) , we could see from Msconfig , the startup entries , we disabled and restarted again. Again the same problem , Kaspersky blocks ,it appears again , again in an endless loop.
Then we used " TuneUp Utilities 2009 " to delete the start up entries , TuneUp Utilities removed entries from registry.Then we ran kaspersky , it also cleaned trojans. Then we ran SUPERAntiSpyware to clean up all malwares , it also did an excellent job in removing the trojans.
Thanks to Kaspersky , SuperAntiSpyware and TuneUp Utilities for helping our client out from his virus infected Windows XP machine.
Thanks
MyDediServer Server Support
Australia’s Premium Server Provider
A PCRange Group Company
One of our server ( Shared SERVER , Centos with ProFTPd ) had massive FTP attacks last week, FTP username and password was compromised and taken for Hacking. One of the sites who had a great place in google ranking got tarnished, incidentally it was just a static HTML site with no scripts .We could restore it from our backup. Google and stopbadware.org listed the site in their malware database. We removed the malware code and restored the site back to normal and the removal was also reported to Google and stopbadware.
Before the hackers could get into other sites , we changed the FTP password but the hackers were found to have used the OLD ftp username and password of 2-3 sites more and they were trying from numerous locations. The attacking IPs originated from Romania , Bulgaria and Hungary.
As they were targeting only some sites of one of our client we understood it was only from his machine that information was leaked (as his sites were hacked) . We contacted him (Also this happened after his Kaspersky 2009 which he had installed went into inactive mode after the trial period. ) and as the client was a novice we made him install teamviewer and removed Kaspersky 2009, and installed Kaspersky 2010 ( trial version ) , we also installed SUPERAntiSpyware Free Edition in his machine. Kaspersky was put on scan , it caught the Trojans and Keyloggers . The virus scanner kills the logger each time again it comes up in memory ( it was like in a loop ) , we could see from Msconfig , the startup entries , we disabled and restarted again. Again the same problem , Kaspersky blocks ,it appears again , again in an endless loop.
Then we used " TuneUp Utilities 2009 " to delete the start up entries , TuneUp Utilities removed entries from registry.Then we ran kaspersky , it also cleaned trojans. Then we ran SUPERAntiSpyware to clean up all malwares , it also did an excellent job in removing the trojans.
Thanks to Kaspersky , SuperAntiSpyware and TuneUp Utilities for helping our client out from his virus infected Windows XP machine.
Thanks
MyDediServer Server Support
Australia’s Premium Server Provider
A PCRange Group Company