[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 112: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 112: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4688: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3823)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4690: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3823)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4691: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3823)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4692: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3823)
The Honest Way Forum • View topic - Hacked?!

Hacked?!

If you have come across any scams or dishonest packages, products or strategies, discuss them here and expose them.
Feel free to name and shame the perpetrators! NO ADS!

Moderators: magnetize, Oosha, ftello, shezz

Hacked?!

Postby Phillip » Sun Apr 04, 2010 8:20 am

I just noticed that one of my static html sites showed "509 bandwidth exceeded", so I went to my WHM control panel to bump up the bandwith limits... What I noticed was that the previous limit - 100mb - had been filled within these four days, and it had also been exceede by 1300mbs. So at that moment I had 1400mbs of used bandwidth for that account. I decided to bump it up to 2000mb so that I could see if the site is okay - when I did this, I still gpt that "509" error. I went back to the control panel and now the bandwidth was 3200mbs.... I did raise a support ticket for this but do any of you have similar experiences? Hacked, Smacked or is it just some server side glitch? Thank god it's not a moneysite.
P


User avatar
Phillip
 
Posts: 666
Joined: Wed Oct 28, 2009 8:45 pm
Location: Finland

Re: Hacked?!

Postby Tel » Sun Apr 04, 2010 11:21 am

It could be you have an image that has been hijacked by someone and published on another site. This happened to me a while ago and the site ate a gig of bandwidth inside a day. The image got loaded into a popular forum thread but was hotlinked to my site, so every time the forum page was reloaded, my bandwith took a hit. You can check this in webalizer stats - it will show a big spike in MBs downloaded and should show you where the site/page is that is taking it all.

The way to stop it (if this is indeed the cause) is to get into cPanel and click the Hotlink protection icon, then enable hotlink protection for the site. That will stop the image loading wherever it is and save your bandwidth.
Terry

| | |
User avatar
Tel
Site Admin
 
Posts: 2919
Joined: Sun Mar 25, 2007 4:52 am
Location: Spain

Re: Hacked?!

Postby Phillip » Sun Apr 04, 2010 4:09 pm

Hits per Hour 9778, and a shitload of referring from h**tp://item.taobao.com and h**tp://zhangxuee.taobao.com/ - but I don't see anything mine there. Thanks for the hotlinking tip - I hope that solves the problem.
P


User avatar
Phillip
 
Posts: 666
Joined: Wed Oct 28, 2009 8:45 pm
Location: Finland

Re: Hacked?!

Postby dgodot » Sun Apr 04, 2010 5:12 pm

A couple months ago I got an email from some British bank telling me that one of my sites was being used by phishers. I looked and found a folder full of files in my web directory that shouldn't have been there. Freaked me out, as I'm still not sure how they gained access to my FTP for that site. I changed all my passwords and everything, and haven't had any other problems, but apparently these people do have ways of hacking WHM/CPanel/FTP. You may want to check to see if there are any files you didn't put there.
User avatar
dgodot
 
Posts: 714
Joined: Thu Apr 24, 2008 4:08 pm
Location: Chicago, IL

Re: Hacked?!

Postby Phillip » Sun Apr 04, 2010 7:00 pm

P


User avatar
Phillip
 
Posts: 666
Joined: Wed Oct 28, 2009 8:45 pm
Location: Finland

Re: Hacked?!

Postby Tel » Mon Apr 05, 2010 7:33 am

You got me. I know it looks like they're sending out a repeated loop of requests to load those non-existent pages, but I can't see how that is possible from a website.

I mean, if they can do that, then they have the means to attack and bring down any site they want by killing their bandwidth with repeated requests to load pages that aren't even there, causing the 404 errors but still eating up bandwidth with non-stop requests.

That is not possible without bringing their own server to its knees by using all their own bandwidth to make the requests. Unless of course they have a huge allocation and an ulterior motive. But why attack a small site like yours? Hackers like to go for bigger fish to make mischief. It doesn't make sense.

To be honest, I don't know what they're doing.
Terry

| | |
User avatar
Tel
Site Admin
 
Posts: 2919
Joined: Sun Mar 25, 2007 4:52 am
Location: Spain

Re: Hacked?!

Postby Phillip » Mon Apr 05, 2010 7:41 am

Yeah. My site has one post on it, and it has been like that for a long time, and even if there is decent PR, it's not ranking for anything. The site that is bombarding me are some "big" auction site, so it looks like someone has found a way to abuse those sites, or it is the site owners doing that. If this had been going on from the start, I would believe that it was unintentional. taobao.com has 110 million pages indexed in google and clearly has frigging tens of thousands of pageloads per day.

Although it looks to me as if it is not the site that is bombarding me directly - they are using their visitors bandwidth to load a non existant wma file from my domain, causing it to 404 (or 500) in the background without the user even noticing it. Just like someone would be doing when hotlinking images - the users browser would load up the image from the other server and to the user it looks like it is all coming from the same site.

I guess I'll have to try to contact taobao.com owners... Hope they speak english...

edit: And of course - they only have a telephone number listed there - no e-mail addresses...
edit2:gah found it!
edit3: somehow they are still cosuming my bandwidth!!! Now it's up to 5gbs, even if the limit is clsoed - I'll have to park the domain for now or something !
edit4: and now it seems to be spreading 8b8d.com is doing the same thing somehow - although I can't find the referring url in their source codes... So I parked the domain for now - it's eating up the resources of my reseller account!
P


User avatar
Phillip
 
Posts: 666
Joined: Wed Oct 28, 2009 8:45 pm
Location: Finland

Re: Hacked?!

Postby Tel » Mon Apr 05, 2010 11:14 am

A temporary measure might be to switch nameservers to a free hosting account and let them worry about it.

Edit: There is a bandwidth limit function in WHM - does this do anything?
Terry

| | |
User avatar
Tel
Site Admin
 
Posts: 2919
Joined: Sun Mar 25, 2007 4:52 am
Location: Spain

Re: Hacked?!

Postby Phillip » Mon Apr 05, 2010 1:43 pm

P


User avatar
Phillip
 
Posts: 666
Joined: Wed Oct 28, 2009 8:45 pm
Location: Finland


Return to Scams, Spams and Rip Offs

Who is online

Users browsing this forum: No registered users and 1 guest

cron