Zum Inhalt wechseln


Foto

Email


  • Please log in to reply
25 replies to this topic

#1 Stan

Stan

    Webmaster

  • Webmaster
  • 6.911 Beiträge:
  • Gender:Male
  • Location:Vaals - Nederland

Geschrieben 29 Mai 2012 - 08:52

Did anyone get a mail from patriot@emergency-planet.com?
Webmaster & Technical Support

#2 Kermit

Kermit

    Captain

  • Members
  • 168 Beiträge:
  • Gender:Male
  • Location:Zwolle, the Netherlands
  • Interests:Too much

Geschrieben 29 Mai 2012 - 09:29

I didn't get one.
Is it something bad?
Geposte afbeelding
Geposte afbeelding
Geposte afbeelding

#3 Stan

Stan

    Webmaster

  • Webmaster
  • 6.911 Beiträge:
  • Gender:Male
  • Location:Vaals - Nederland

Geschrieben 29 Mai 2012 - 09:37

We are currently investigating an attack on our server. We got complaints of several people that have never heard of us or our site and from our ISP.

Failure to resolve this issue from our side will result in a shutdown of Emergency-planet by our ISP. Results of the investigation will be forwarded to American authorities.



More details will be released soon. At this time we can guarantee no email addresses where stolen as we only got used to send out bulk spam.
Webmaster & Technical Support

#4 gunswat

gunswat

    Assistant Chief

  • Members
  • 2.213 Beiträge:
  • Gender:Male
  • Location:Scotland
  • Interests:Computer and console gaming,watching youtube and playing and testing emergency 4 mods mainly.

Geschrieben 29 Mai 2012 - 11:01

oh noooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

#5 Stan

Stan

    Webmaster

  • Webmaster
  • 6.911 Beiträge:
  • Gender:Male
  • Location:Vaals - Nederland

Geschrieben 29 Mai 2012 - 11:59

Update:

I informed the provider of the possible reason this happened. I am still checking the system to close every psosible way they came in. At this time i was able to stop delivery of 700000 emails by cutting the connection.

As soon we exactly know what has happened, full details will be posted
Webmaster & Technical Support

#6 Kermit

Kermit

    Captain

  • Members
  • 168 Beiträge:
  • Gender:Male
  • Location:Zwolle, the Netherlands
  • Interests:Too much

Geschrieben 29 Mai 2012 - 12:43

Good luck!
Geposte afbeelding
Geposte afbeelding
Geposte afbeelding

#7 Stan

Stan

    Webmaster

  • Webmaster
  • 6.911 Beiträge:
  • Gender:Male
  • Location:Vaals - Nederland

Geschrieben 29 Mai 2012 - 01:02

Update: Wrong reason, issue still persistent

After removing 700k emails in queue and checking back 10minute later i found out 32k new emails where added to the queue

New registrations will be shutdown until resolved since I took the mailserver down
Webmaster & Technical Support

#8 RedHawk504

RedHawk504

    Double Account Holder. Hi Officermax

  • Members
  • 926 Beiträge:
  • Gender:Male
  • Location:In the middle of the northpool
  • Interests:Cars, Fire Department

Geschrieben 29 Mai 2012 - 02:06

Go get em stan!

Posted Image

Your signature was too big. But I kinda like that other gif, so it stays.


#9 DMC

DMC

    Captain

  • Members
  • 122 Beiträge:
  • Gender:Male

Geschrieben 29 Mai 2012 - 04:33

Book 'm stanno

Take care,

DMC

 

DKDBEM4
 
bannerfan7os9g.png

#10 Stan

Stan

    Webmaster

  • Webmaster
  • 6.911 Beiträge:
  • Gender:Male
  • Location:Vaals - Nederland

Geschrieben 29 Mai 2012 - 07:52

Another update: Issue still persists, eta of a fix is now unknown
Webmaster & Technical Support

#11 ausavin26

ausavin26

    Battalion Chief

  • Members
  • 656 Beiträge:
  • Gender:Male
  • Location:Ontario

Geschrieben 29 Mai 2012 - 08:02

Yep, my emails aren't going

2dozvSf.png

R.I.P Brad Schoener 2010

"Give me a challenge and I'll meet it with joy"


#12 Stan

Stan

    Webmaster

  • Webmaster
  • 6.911 Beiträge:
  • Gender:Male
  • Location:Vaals - Nederland

Geschrieben 29 Mai 2012 - 08:32

As long i don't know where the slightly terroristic mails come from no mails will go through :)
Webmaster & Technical Support

#13 Dakota

Dakota

    Captain

  • Members
  • 113 Beiträge:
  • Gender:Male
  • Location:US
  • Interests:Gaming
    Police / Fire
    EMS / Medic Stuff
    Flight & Tactical EMS
    TV & Movies
    Sleeping

Geschrieben 29 Mai 2012 - 09:58

Is it going through the IPB or an external source? You may want to do a quick sweep of the FTP for unknown files that have been added to the server and obviously password changes to your cPanel.
Dakota - IFSAC Firefighter II & NREMT-Paramedic - State of Ohio
Posted Image
--------------------------- WWW.EMERGENCYBRICKS.COM ----------------------------

#14 griffy

griffy

    Senior Captain

  • Members
  • 424 Beiträge:
  • Gender:Male
  • Location:Wooster, OH
  • Interests:Sleep and PC Gaming

Geschrieben 29 Mai 2012 - 10:59

ive had this happen to me before i had to close my account it was so bad but i believe that stan will get this issue addressed and please dont be afraid to take this to the american government they will track down the guy
System RAM: 16354 MB CPU Name: AMD FX™-8350 Eight-Core Processor CPU Speeds: 4700 Physical CPUs: 1 Virtual CPUs: 8 Video Card Description: NVIDIA GeForce GTX 660 Ti VRAM: 2048 MB

#15 ausavin26

ausavin26

    Battalion Chief

  • Members
  • 656 Beiträge:
  • Gender:Male
  • Location:Ontario

Geschrieben 29 Mai 2012 - 11:24

Or please don't be afraid to contact Sparta...we don't need some government...

2dozvSf.png

R.I.P Brad Schoener 2010

"Give me a challenge and I'll meet it with joy"


#16 Voodoo_Operator

Voodoo_Operator

    Chief Insanity Officer

  • Pastamaniac
  • 617 Beiträge:
  • Gender:Male
  • Location:That place where they invented poutine
  • Interests:Bacon
    Raw Meat
    Gold paint

Geschrieben 30 Mai 2012 - 12:48

Or please don't be afraid to contact Sparta...we don't need some government...


Let's not kick people down bottomless wells just yet, mmmkay?
"I like to picture Jesus in a tuxedo T-Shirt because it says I want to be formal, but I'm here to party."
-Cal Naughton Jr.

#17 ausavin26

ausavin26

    Battalion Chief

  • Members
  • 656 Beiträge:
  • Gender:Male
  • Location:Ontario

Geschrieben 30 Mai 2012 - 01:19

Why not :(

2dozvSf.png

R.I.P Brad Schoener 2010

"Give me a challenge and I'll meet it with joy"


#18 Dakota

Dakota

    Captain

  • Members
  • 113 Beiträge:
  • Gender:Male
  • Location:US
  • Interests:Gaming
    Police / Fire
    EMS / Medic Stuff
    Flight & Tactical EMS
    TV & Movies
    Sleeping

Geschrieben 30 Mai 2012 - 03:24

ive had this happen to me before i had to close my account it was so bad but i believe that stan will get this issue addressed and please dont be afraid to take this to the american government they will track down the guy


They aren't as proactive as you might think when it comes to spam, it gets put on a very long to do list by FBI's cyber security division to be handled when they get to it. Only the really big stuff gets any attention these days.
Dakota - IFSAC Firefighter II & NREMT-Paramedic - State of Ohio
Posted Image
--------------------------- WWW.EMERGENCYBRICKS.COM ----------------------------

#19 Stan

Stan

    Webmaster

  • Webmaster
  • 6.911 Beiträge:
  • Gender:Male
  • Location:Vaals - Nederland

Geschrieben 30 Mai 2012 - 08:44

Dakota it's not coming from IPB, the mails are send out from the user www-data. This makes www-data@srv1.ictwereld which is quite strange because this user has not even right to login.

My guess is they uploaded a file and got that file to auto-run the second issue is...i can't fine that file anywhere.

However, a few hours after I disabled the main site and removed two websites from the server the queue began fill slower then first and then it stopped, now the thing I am currently wondering about it....whas it that? Or did the attack just end?

But i got a mail tonight...

Warning: The file '/usr/sbin/unhide' exists on the system, but it is not present
in the rkhunter.dat file.
Warning: The file '/usr/sbin/unhide-linux26' exists on the system, but it is not
present in the rkhunter.dat file.
Warning: Suspicious file types found in /dev:
		 /dev/shm/7gbhujb54g8z9hu43jre8: data

One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)

Webmaster & Technical Support

#20 met police999

met police999

    District Chief

  • Members
  • 1.195 Beiträge:
  • Gender:Male
  • Location:Alba
  • Interests:British police services,em 4,modding mainly skins

Geschrieben 30 Mai 2012 - 04:33

Wtf? This is mental btw I haven't had any emails

Scotland, the only country in the world where our national animal doesn't exist and our national flower is a weed...
17624.png