Stan Posted May 29, 2012 Report Share Posted May 29, 2012 Did anyone get a mail from patriot@emergency-planet.com? Link to comment Share on other sites More sharing options...
Kermit Posted May 29, 2012 Report Share Posted May 29, 2012 I didn't get one.Is it something bad? Link to comment Share on other sites More sharing options...
Stan Posted May 29, 2012 Author Report Share Posted May 29, 2012 We are currently investigating an attack on our server. We got complaints of several people that have never heard of us or our site and from our ISP.Failure to resolve this issue from our side will result in a shutdown of Emergency-planet by our ISP. Results of the investigation will be forwarded to American authorities.More details will be released soon. At this time we can guarantee no email addresses where stolen as we only got used to send out bulk spam. Link to comment Share on other sites More sharing options...
Guest Posted May 29, 2012 Report Share Posted May 29, 2012 oh noooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo Link to comment Share on other sites More sharing options...
Stan Posted May 29, 2012 Author Report Share Posted May 29, 2012 Update:I informed the provider of the possible reason this happened. I am still checking the system to close every psosible way they came in. At this time i was able to stop delivery of 700000 emails by cutting the connection.As soon we exactly know what has happened, full details will be posted Link to comment Share on other sites More sharing options...
Kermit Posted May 29, 2012 Report Share Posted May 29, 2012 Good luck! Link to comment Share on other sites More sharing options...
Stan Posted May 29, 2012 Author Report Share Posted May 29, 2012 Update: Wrong reason, issue still persistentAfter removing 700k emails in queue and checking back 10minute later i found out 32k new emails where added to the queueNew registrations will be shutdown until resolved since I took the mailserver down Link to comment Share on other sites More sharing options...
RedHawk504 Posted May 29, 2012 Report Share Posted May 29, 2012 Go get em stan! Link to comment Share on other sites More sharing options...
DMC Posted May 29, 2012 Report Share Posted May 29, 2012 Book 'm stanno Link to comment Share on other sites More sharing options...
Stan Posted May 29, 2012 Author Report Share Posted May 29, 2012 Another update: Issue still persists, eta of a fix is now unknown Link to comment Share on other sites More sharing options...
Stan Posted May 29, 2012 Author Report Share Posted May 29, 2012 As long i don't know where the slightly terroristic mails come from no mails will go through Link to comment Share on other sites More sharing options...
Dakota Posted May 29, 2012 Report Share Posted May 29, 2012 Is it going through the IPB or an external source? You may want to do a quick sweep of the FTP for unknown files that have been added to the server and obviously password changes to your cPanel. Link to comment Share on other sites More sharing options...
griffy Posted May 29, 2012 Report Share Posted May 29, 2012 ive had this happen to me before i had to close my account it was so bad but i believe that stan will get this issue addressed and please dont be afraid to take this to the american government they will track down the guy Link to comment Share on other sites More sharing options...
Voodoo_Operator Posted May 29, 2012 Report Share Posted May 29, 2012 Or please don't be afraid to contact Sparta...we don't need some government...Let's not kick people down bottomless wells just yet, mmmkay? Link to comment Share on other sites More sharing options...
Dakota Posted May 30, 2012 Report Share Posted May 30, 2012 ive had this happen to me before i had to close my account it was so bad but i believe that stan will get this issue addressed and please dont be afraid to take this to the american government they will track down the guyThey aren't as proactive as you might think when it comes to spam, it gets put on a very long to do list by FBI's cyber security division to be handled when they get to it. Only the really big stuff gets any attention these days. Link to comment Share on other sites More sharing options...
Stan Posted May 30, 2012 Author Report Share Posted May 30, 2012 Dakota it's not coming from IPB, the mails are send out from the user www-data. This makes www-data@srv1.ictwereld which is quite strange because this user has not even right to login.My guess is they uploaded a file and got that file to auto-run the second issue is...i can't fine that file anywhere.However, a few hours after I disabled the main site and removed two websites from the server the queue began fill slower then first and then it stopped, now the thing I am currently wondering about it....whas it that? Or did the attack just end?But i got a mail tonight...Warning: The file '/usr/sbin/unhide' exists on the system, but it is not presentin the rkhunter.dat file.Warning: The file '/usr/sbin/unhide-linux26' exists on the system, but it is notpresent in the rkhunter.dat file.Warning: Suspicious file types found in /dev: /dev/shm/7gbhujb54g8z9hu43jre8: dataOne or more warnings have been found while checking the system.Please check the log file (/var/log/rkhunter.log) Link to comment Share on other sites More sharing options...
met police999 Posted May 30, 2012 Report Share Posted May 30, 2012 Wtf? This is mental btw I haven't had any emails Link to comment Share on other sites More sharing options...
Stan Posted May 31, 2012 Author Report Share Posted May 31, 2012 ** Mails are working again **Data has been forwarded to the FBI Link to comment Share on other sites More sharing options...
met police999 Posted May 31, 2012 Report Share Posted May 31, 2012 good to hear Link to comment Share on other sites More sharing options...
Xplorer4x4 Posted August 28, 2012 Report Share Posted August 28, 2012 Those people gonna get busted lolYeah...... right...keep thinking that.i had a quick glance over but that really freaks me out the numbers,states,all the names i hope the FBI get this guy they'll surly treat this as a terror threat wont they?I would highly doubt it. If, big if, they catch the suspect, I suspect they could throw it under some sort of bs terrosit litegation given the sumarized statments I managed to find from a quick google.Is it going through the IPB or an external source? You may want to do a quick sweep of the FTP for unknown files that have been added to the server and obviously password changes to your cPanel.cPanel=rip off. Webmin is not quite as user friendly but it is FOSS. Plus cPanel usually does not come with dedicaited servers or VPSes.They aren't as proactive as you might think when it comes to spam, it gets put on a very long to do list by FBI's cyber security division to be handled when they get to it. Only the really big stuff gets any attention these days.Well said. Very well said Dakota.Meh wrong thread. My bad. So I will just add this, this is what happens when you neglect updates to your source code. This is why every web site needs a technical adminidtrator/owner that can devote enough time to keep things up to date. Link to comment Share on other sites More sharing options...
bigal Posted August 28, 2012 Report Share Posted August 28, 2012 The FBI has more important things to worry about. Link to comment Share on other sites More sharing options...
Stan Posted September 12, 2012 Author Report Share Posted September 12, 2012 The FBI has more important things to worry about.Youre wrong about that budy 1 Link to comment Share on other sites More sharing options...
