[adampetnebula]

Look this is going to sound really odd but someone just warned me that someone is trying to hack our server. They have already been able to post messages on our forums from a different server spamming them to pieces, i have fixed that oversight that allowed them to do it. but i obviously have concerns as i wouldnt even be able to imagine what they might try next. Any ideas on what i can do for extra security? (IP ban does not work, he is a proxy user).

[Gareth]

are you on a dedicated server or shared?

If you are on a shared server I would contact support giving as much info as possible.

If you are on a dedicated server make sure it is as secure as possible.

If it's linux some good guides are
A Beginners Guide to Securing Your Server
Top Tips For Stopping Hackers
Webhostgear (recommended)

I would also recommend Rf networks scripts (firewalls etc)

[adampetnebula]

Thanks for the Info Gareth ill look into it asap. (dedicated server). Not being a hacker puts me at a disadvantage as im not sure the kind of approach they may take. Any light on the subject would be greatly appreciated. And no im not daft enough to go looking for hacker sites to pick up tips and give them my ip ETC

[XILO]

Adam,

Just to reconfirm what Gareth has wisely said. You will need to look into some further protection.

Also, if you want us to take a look, raise a ticket and if you can give any information as to where these messages are posted or what "scripts" you are using; it will help us identify how they are doing this without your consent.

Tom

[adampetnebula]

I have reworked my forum script with an $HTTP_REFER check so now they cannot spam our forum without actualy being on our site. I am changing the name of 2 of our include files so anything they may currently have will break if they try to use it. I am very interested to know if my server has any kind of sofware or hardware firewall and if not how much it will cost to get one put on. I hear smoothwall is very good and Hardware firewalls i know are an expensive breed so a little re budgeting may be in order. If you guys havent heard of Trustix you might want to look into it as an alternative linux OS for your servers as it is much more secure than CentOS, Fedora etc. As for the scripts we use, well they are mostly created by me, a few of the scripts are left over from a template i started off with and it appears that its the old scripts that give way. I will re write them as soon as i can.

So if you could give me a price for securing up our server i would be greatfull, Thanks

Adam

[adampetnebula]

I have just found the page on their server that they used to spam our forums with if this helps at all.

http://revo.darkfiregames.com/pixelpets/pntest.php

The person who runs revopets was apparantly put upto it by the owner of pixelpets.net who just so happens to be revopets host. We have had problems from pixelpets before because they feel we are stealing their members. We do not visit other petsites and post on their forums or anything else untoward. So looking at the source of the page i can see how it was done. But the owner of pixelpets is the one that we have been warned about, i managed to get my information from the guy who runs revopets so i still dont trust it 100% and think they are both dodgy or the same person.

Adam

[Gareth]

Quote:

revo.darkfiregames.com

The server seems to be supplied by peer1.net (see dnstuff.com, traceroute), you could contact them giving them as much information as possible, logs showing the attack etc.,

The IP address is 65.39.211.105
Nameservers are ns7.bravehost.com which is part of bravenet.com I would suggest contacting them first.

Before you do so though I would suggest installing a firewall, a good one for linux is APF (Advanced Policy Firewall) by r-fx Networks. Be careful when installing a firewall you can quite easily lock yourself out. I would also recommend BFD (Brute Force Detection), also by the same guy.

And something not to be overlooked is ensure that your passwords are not easily guessed something like "Ng65VcTfe6BGH" is harder to guess than "tommy" (one of my clients got hacked cause his password was his first name)

If you want a hand installing APF/BFD let me know

[XILO]

Adam,

We have sent you an email this morning regarding your server.

Thanks

Tom

[adampetnebula]

Thankyou Gareth,

I have a feeling you have been dealing with dedicated servers a little longer than me Xilo have offered to help me with the security side of things and seeing as they already know my user and pass i will let them get on with it as i dont fancy giving those kind of details out.

Yes i use alfanumerical combinations for usernames/passwords etc (I have seen to many people have their accounts hacked on similer sites to mine so i wouldnt have them any other way).

And the reason ive not installed a firewall myself is because im quite confident i could lock myself out of the server without even trying.

Again id just like to thank you for your offer though, its very good of you.

Regards

Adam

[XILO]

Adam,

If you can quickly drop us a support ticket - we'll start the securing of your server immediately.

Tom