| Posted by XhostingGuy, 02-05-2013, 01:37 PM | | Its been more then a year i am with semoweb. But since last 2 months every 4-5 days i find they suspends one of my site without any notification, when i ask why they says ur site was being used for phishing.
I asked them to investigate the issue in starting but they keep on saying like robot that i need to update scripts (How if i am using only html files) .. change passwords (did that every other day.) . Noting is working on this server.
Whats hackers do
1) All the sites that was hacked having only html files
2) Hacker manage to upload php files anywhere they want.
3) Hacker make subdomains too.
I have been suffering from loss of business and got stucked in a case of cyber crime that my client filed with local authorities. I asked them you should inform and give a few hours before suspending so that i can take action to clean. I even dont know why when they suspended. They dont even let you know that ur site has been suspended.
All i am saying move me to different physical server because this server looks to have backdoor.
If you know how hackers upload scripts files in html only files. Isnt it fault of server side security ?
|
| Posted by SajanP, 02-05-2013, 01:46 PM | | Not always. I've never had any experience with Semoweb, but if they claim that the issue is in fact with something on your site, you need to definitely rule that out. I'm not entirely sure of your technical abilities, but you need to check things outside your site itself. It's possible that there's something on there, unrelated to what you consider your site that is causing this.
I would hire someone to take a look for you.
Another thing to do is take a look at Google Webmasters. If you verify your site, Google will alert you of any phishing, vulnerabilities, and outdated scripts that it finds. While that's not always 100% accurate or comprehensive, it something to take a look at.
Last edited by SajanP; 02-05-2013 at 01:49 PM.
|
| Posted by harrison914, 02-05-2013, 02:35 PM | | I would definitely look outside to see the incoming and outgoing links to your website. Also if they offer Calmav try scanning your website and see if that finds anything with your website or mail.
|
| Posted by bdwebservices, 02-05-2013, 02:46 PM | | Server can be DEFACED or Hack by you applications (WP/Joomla so on) or by other cpanel accounts or by server admin fault.
In that case clamav is useless. Server admin should use Mod_security with customer rules, Malware Detector.
|
| Posted by XhostingGuy, 02-05-2013, 05:44 PM | | If its like my pc is hacked then my other reseller account with other host should too be hacked like this. A few sites that got hacked 2-3 times in a row i moved to my other reseller (outside semoweb). Now they are working fine.
|
| Posted by cyberindo, 02-05-2013, 10:57 PM | | I have reported to semoweb to check security problem in shared hosting since December 2012. All clients only wait and see to deleted permanently when he attack and banned from server.
FYI, look at www.proxy-1.info > this is a same server location but there is no action from owned account?
|
| Posted by kpmedia, 02-05-2013, 11:36 PM | | I'm not a fan of Semoweb, but I doubt this is their fault.
|
| Posted by XhostingGuy, 02-06-2013, 01:10 AM | | Exactly same as on my few sites. "g0t hacked by Black^Monster" . This server is backdoor ed. The same hacker group uses our sites for phishing and sometimes they deface and even i reported 2 times missing sites. They dont have backups they ask me to restore 2 missing sites.
|
| Posted by cyberindo, 02-06-2013, 03:36 AM | | Today my clients has been removed and one clients has been suspended without email confirmation. And Semoweb cannot protect hacker attack since last month ago
And clients only wait and see to DIE.. without no explain
Only if move to another server can be save.
|
| Posted by net, 02-06-2013, 03:52 AM | | I thought they said that your site is doing phishing and they emailed you about this?
|
| Posted by cyberindo, 02-06-2013, 04:27 AM | | Here is email cofirmation and when i checked this account has been deleted and one account has been suspend without information.
|
| Posted by XhostingGuy, 02-06-2013, 09:14 AM | | These are exactly same things that i have been facing with semoweb nearly around 2 months now. I dont know what will happen when i wakeup in the morning and find which site got hacked, used for phishing or has been deleted by hacker here.
|
| Posted by Tuguhost, 02-06-2013, 12:56 PM | | Its strange when a host don't know how to secure their server.
But first you must verify your claim to mods
|
| Posted by letwebhost, 02-06-2013, 01:05 PM | | I think only semoweb can light this issue properly.Hope Dustin is watching this thread
|
| Posted by Tuguhost, 02-06-2013, 01:13 PM | | lewebhost in my opinion, verify that he is trully client of semoweb is also an important part
|
| Posted by letwebhost, 02-06-2013, 01:27 PM | | yes.you are right as well
|
| Posted by DWS2006, 02-06-2013, 06:30 PM | | XhostingGuy, if your site truly is 100% html only, than I would agree with you that a vulnerability server-side is the likely culprit. With that said, be sure to check your account from the root folder up for any dynamic scripts you may have installed and then forgotten about.
Even if there is a server-side vulnerability, that doesn't correlate directly to bad server management. Script kiddies are always searching for the latest exploit, even the best server admins will fall victim every once in awhile.
|
| Posted by cyberindo, 02-07-2013, 04:43 AM | | I think clients want to put their website on a secure company. If their data is not safe, and is said to perform phishing then the client will move. This will have a negative effect on the old web hosting company.
|
| Posted by cyberindo, 02-07-2013, 05:19 AM | | I just thought why semoweb immediately delete phishing website that gets a warning from CERT. Why not delete the directory or file or set permissions to 0000 and check the log file to hacker attacks. but the client is only a victim of infiltration. clients already do replacement cpanel strong passwords and update files.
Until now http://www.proxy-1.info/ look at http://urlquery.net/report.php?id=776643 look owner MERCHANTACCOUNTMASTER.COM merchantaccountmaster.com...
DNS servers
ns1.merchantaccountmaster.com [67.23.248.29]
ns2.merchantaccountmaster.com [67.23.248.30]
website still hacked by "G0T hacked by Black ^ Monster". Strange if there account hacked and untouched by the owner. because of their attacks and make a phishing page.
I have proof of how an attacker shell file in the website and was told to semoweb. but currently there is no solution.
|
| Posted by XhostingGuy, 02-07-2013, 11:09 AM | | One of my client had no page at all on his site(site shows directory listing). He was using it for email only. 2 days ago i found that hacker created folder for phishing and a lot of script files with encryption.
Hacker manage to create subdomain and upload anything on blank site then how should i understand that i should format my Laptop from where i access or scan my blank site for files as they says.
|
|
 Add to Favourites
 Print this Article
|
