Jump to content
Sign in to follow this  
andreavw

Server vps Netsons Hackerato

Recommended Posts

Vi chiedo un aiuto per risolvere la mia disavventura con netsons,

Ho affittato un server vps con cpanel a 40 eu al mese.

Una mattina mi sono svegliato e la password era stata cambiata,

ho riavviato il server dopo averla ripristinata e il server non riparte più.

Domandando ai tecnici cosa fosse successo mi hanno detto che la vps era stata hackerata.

Ho chiesto l'invio di una copia di backup, a detta loro non sono tenuti ad inviarmela ma a titolo di cortesia lo fanno, prima una copia aggiornata al 7 ottobre, poi dopo una mia ulteriore richiesta, una al 15 ottobre. Il problema è nato il 24 ottobre.

Io avevo una copia sul server al 19 ottobre ma non la trovano.

 

Come posso far ripartire la vps e recuperare gli ultimi backup?

Share this post


Link to post
Share on other sites

Cosa vuol dire che il server non riparte più? Non si accende? Non riesci ad accederci via ssh? Non va c-panel?

 

Cosa riesci a fare via ssh? Avevi l'autenticazione via password o via coppia di chiavi?

 

I backup dove sono? Su quel server o a parte?

Share this post


Link to post
Share on other sites

Ciao

grazie della risposta,

via ssh come mi connetto escono una serie di errori qualsiasi comando eseguo mi butta fuori,

il server si accende e dice tutto ok fa anche reboot, ma il cpanel è irraggiungibile,

i miei backup sono su quel server, i loro backup non so, per contratto pagavo un immagine di backup...

Share this post


Link to post
Share on other sites

Quindi immagino che loro ti abbiano dato i backup esterni che avevano.

 

Per quanto riguarda l'accesso al server, senza sapere che errori ti da non posso aiutarti molto.

 

Non ho mai usato netsons, c'è qualche strumento particolare come console out of band?

Share this post


Link to post
Share on other sites

no non credo,

 

 

Starting PowerConsole v1.1 <> ©2010 soluslabs ltd.

please wait...

successfully logged in.

Bootdata ok (command line is root=/dev/sda1 ro)

Linux version 2.6.18-194.32.1.el5xen (mockbuild@builder10.centos.org) (gcc version 4.1.2 20080704 (Red Hat 4.1.

2-48)) #1 SMP Wed Jan 5 18:44:24 EST 2011

BIOS-provided physical RAM map:

Xen: 0000000000000000 - 0000000020800000 (usable)

No mptable found.

Built 1 zonelists. Total pages: 133120

Kernel command line: root=/dev/sda1 ro

Initializing CPU#0

PID hash table entries: 4096 (order: 12, 32768 bytes)

Xen reported: 2493.748 MHz processor.

Console: colour dummy device 80x25

Dentry cache hash table entries: 131072 (order: 8, 1048576 bytes)

Inode-cache hash table entries: 65536 (order: 7, 524288 bytes)

Software IO TLB disabled

Memory: 498680k/532480k available (2513k kernel code, 24940k reserved, 1399k data, 184k init)

Calibrating delay using timer specific routine.. 6243.36 BogoMIPS (lpj=12486739)

Security Framework v1.0.0 initialized

SELinux: Initializing.

selinux_register_security: Registering secondary module capability

Capability LSM initialized as secondary

Mount-cache hash table entries: 256

CPU: L1 I cache: 32K, L1 D cache: 32K

CPU: L2 cache: 6144K

CPU: Physical Processor ID: 0

CPU: Processor Core ID: 2

(SMP-)alternatives turned off

Brought up 1 CPUs

checking if image is initramfs... it is

Grant table initialized

NET: Registered protocol family 16

Brought up 1 CPUs

PCI: setting up Xen PCI frontend stub

ACPI: Interpreter disabled.

Linux Plug and Play Support v0.97 © Adam Belay

pnp: PnP ACPI: disabled

xen_mem: Initialising balloon driver.

usbcore: registered new driver usbfs

usbcore: registered new driver hub

PCI: System does not support PCI

PCI: System does not support PCI

NetLabel: Initializing

NetLabel: domain hash size = 128

NetLabel: protocols = UNLABELED CIPSOv4

NetLabel: unlabeled traffic allowed by default

NET: Registered protocol family 2

IP route cache hash table entries: 32768 (order:6, 262144 bytes)

TCP established hash table entries: 131072 (order: 9, 2097152 bytes)

TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)

TCP: Hash tables configured (established 131072 bind 65536)

TCP reno registered

audit: initializing netlink socket (disabled)

type=2000 audit(1320006953.161:1): initialized

VFS: Disk quotas dquot_6.5.1

Dquot-cache hash table entries: 512 (order 0, 4096 bytes)

Initializing Cryptographic API

alg: No test for crc32c (crc32c-generic)

ksign: Installing public key data

Loading keyring

- Added public key 1DF8C62584B4E7F2

- User ID: CentOS (Kernel Module GPG key)

io scheduler noop registered

io scheduler anticipatory registered

io scheduler deadline registered

io scheduler cfq registered (default)

pci_hotplug: PCI Hot Plug PCI Core version: 0.5

rtc: IRQ 8 is not free.

Non-volatile memory driver v1.2

Linux agpgart interface v0.101 © Dave Jones

brd: module loaded

Xen virtual console successfully installed as xvc0

Bootdata ok (command line is root=/dev/sda1 ro)

 

ecc ecc

Share this post


Link to post
Share on other sites

Cpanel::Config::LoadConfig::loadConfig('/etc/domainusers', HASH(0x11ff6a18), '\\s*[:]\\s*', '^\\s*[#]',

0, 0, HASH(0x11b21da8)) called at /usr/local/cpanel/Cpanel/Config/LoadUserDomains.pm line 38

Cpanel::Config::LoadUserDomains::loadtrueuserdomains(HASH(0x11ff6a18), 1) called at /usr/local/cpanel/C

panel/Config/Users.pm line 17

Cpanel::Config::Users::getcpusers() called at /usr/local/cpanel/bin/rormgr line 20

warn [rormgr] Lock /etc/domainusers.lock lost!

[2011-10-30 23:38:19 +0100] warn [rormgr] Could not create dir "/var/cpanel/configs.cache" at /usr/local/cpanel

/Cpanel/Config/LoadConfig.pm line 233

Cpanel::Config::LoadConfig::loadConfig('/etc/domainusers', HASH(0x11ff6a18), '\\s*[:]\\s*', '^\\s*[#]',

0, 0, HASH(0x11b21da8)) called at /usr/local/cpanel/Cpanel/Config/LoadUserDomains.pm line 38

Cpanel::Config::LoadUserDomains::loadtrueuserdomains(HASH(0x11ff6a18), 1) called at /usr/local/cpanel/C

panel/Config/Users.pm line 17

Cpanel::Config::Users::getcpusers() called at /usr/local/cpanel/bin/rormgr line 20

warn [rormgr] Could not create dir "/var/cpanel/configs.cache"

[2011-10-30 23:38:19 +0100] warn [rormgr] Lock /etc/passwd.nouids.cache.lock lost! at /usr/local/cpanel/Cpanel/

SafeFile.pm line 149

Cpanel::SafeFile::safeunlock(ARRAY(0x12150688)) called at /usr/local/cpanel/Cpanel/SafeFile.pm line 58

Cpanel::SafeFile::safeopen(GLOB(0x11d2a5e8), '>', '/etc/passwd.nouids.cache') called at /usr/local/cpan

el/Cpanel/PwCache.pm line 428

Cpanel::PwCache::_build_pwcache('nopasswd', 1) called at /usr/local/cpanel/Cpanel/PwCache.pm line 340

Cpanel::PwCache::init_passwdless_pwcache() called at /usr/local/cpanel/bin/rormgr line 25

warn [rormgr] Lock /etc/passwd.nouids.cache.lock lost!

[ OK ]

Starting console mouse services: O0o.oops(): [startup.c(126)]: gpm[2131]: segfault at 0000000000000001 rip 0002b4fdb194b60 rsp 00007fffa9e82fd8 error 4

[ OK ]

touch: cannot touch `/var/lock/subsys/gpm': No such file or directory

Starting httpd: Cp-Wrap[2137]: Pushing "516" to '/usr/local/cpanel/bin/railsadmin' for UID: 516

 

Cp-Wrap[2143]: Pushing "516" to '/usr/local/cpanel/bin/railsadmin' for UID: 516

 

Cp-Wrap[2145]: Pushing "512" to '/usr/local/cpanel/bin/railsadmin' for UID: 512

 

Cp-Wrap[2146]: Pushing "512" to '/usr/local/cpanel/bin/railsadmin' for UID: 512

 

Cp-Wrap[2148]: Pushing "511" to '/usr/local/cpanel/bin/railsadmin' for UID: 511

 

Cp-Wrap[2149]: Pushing "511" to '/usr/local/cpanel/bin/railsadmin' for UID: 511

 

Cp-Wrap[2151]: Pushing "503" to '/usr/local/cpanel/bin/railsadmin' for UID: 503

 

Cp-Wrap[2152]: Pushing "503" to '/usr/local/cpanel/bin/railsadmin' for UID: 503

 

Cp-Wrap[2154]: Pushing "510" to '/usr/local/cpanel/bin/railsadmin' for UID: 510

 

Cp-Wrap[2155]: Pushing "510" to '/usr/local/cpanel/bin/railsadmin' for UID: 510

 

Cp-Wrap[2157]: Pushing "504" to '/usr/local/cpanel/bin/railsadmin' for UID: 504

Cp-Wrap[2158]: Pushing "504" to '/usr/local/cpanel/bin/railsadmin' for UID: 504

 

Syntax error on line 11 of /usr/local/apache/conf/modsec2.conf:

ModSecurity: Failed to open the audit log file: /usr/local/apache/logs/modsec_audit.log

[FAILED]

Starting pure-config.pl: Running: /usr/sbin/pure-ftpd -O clf:/var/log/xferlog --daemonize -A -c50 -B -C8 -D -ff

tp -H -I15 -lextauth:/var/run/ftpd.sock -L2000:8 -m4 -p30000:50000 -s -U133:022 -u100 -Oxferlog:/usr/local/apac

he/domlogs/ftpxferlog -k99 -Z -Y1 -JHIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3

touch: cannot touch `/var/lock/subsys/pure-config.pl': No such file or directory

 

Starting pure-authd: touch: cannot touch `/var/lock/subsys/pure-authd': No such file or directory

 

Unable to bind a local socket: No such file or directory

Starting crond: crond: can't open or create /var/run/crond.pid: No such file or directory

[FAILED]

Starting xfs: /etc/rc3.d/S90xfs: line 25: /bin/sort: cannot execute binary file

mkdir: cannot create directory `/tmp/.font-unix': Read-only file system

touch: cannot touch `/var/lock/subsys/xfs': No such file or directory

 

Starting bandmin: ip_tables: © 2000-2006 Netfilter Core Team

[ OK ]

touch: cannot touch `/var/lock/subsys/bandmin': No such file or directoryStarting cPanel services: [ OK ]

Starting cPanel brute force detector services: [ OK ]

Starting cPanel dav services: [ OK ]

Starting pop3 services: Waiting for cppop to shutdown ... ...Done

Waiting for cppop-ssl to shutdown ... ...Done

 

@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@

@! ATTENTION! mbox is deprecated in this release !@

@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@

@ You should switch to using maildir as soon as @

@ possible. To switch run @

@ /usr/local/cpanel/scripts/convert2maildir @

@ in a root shell. @

@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@

 

Normal Startup Proceeding.

[ OK ]

Starting cPanel Chat services:

Starting Melange Chat services:

Starting cPanel ssl services: License is not for this host[FAILED]

Starting cPanel Queue services: [ OK ]

Starting tailwatchd: [ OK ]

Starting cPanel Log services: [2011-10-30 23:38:25 +0100] warn [tailwatchd] Failed to open /usr/local/cpanel/lo

gs/tailwatchd_log in append mode: Read-only file system[2011-10-30 23:38:25 +0100] [Cpanel::TailWatch] [iNFO] inotify support not available (could not create inotify

object) at /usr/local/cpanel/Cpanel/TailWatch.pm line 921

Cpanel::TailWatch::panic(Cpanel::TailWatch=HASH(0x6e8b788), 'Failed to open /usr/local/cpanel/logs/tail

watchd_log in append mode: Read-only file system\x0A[2011-10-30 23:38:25 +0100] [Cpanel::TailWatch] [iNFO] inot

ify support not available (could not create inotify object)') called at /usr/local/cpanel/Cpanel/TailWatch.pm l

ine 246

Cpanel::TailWatch::log(Cpanel::TailWatch=HASH(0x6e8b788), '[iNFO] inotify support not available (could

not create inotify object)') called at /usr/local/cpanel/Cpanel/TailWatch.pm line 932

Cpanel::TailWatch::info(Cpanel::TailWatch=HASH(0x6e8b788), 'inotify support not available (could not cr

eate inotify object)') called at /usr/local/cpanel/Cpanel/TailWatch.pm line 51

Cpanel::TailWatch::new('Cpanel::TailWatch') called at /usr/local/cpanel/libexec/tailwatch/tailwatchd li

ne 22

warn [tailwatchd] Failed to open /usr/local/cpanel/logs/tailwatchd_log in append mode: Read-only file system

[2011-10-30 23:38:25 +0100] [Cpanel::TailWatch] [iNFO] inotify support not available (could not create inotify

object)

[2011-10-30 23:38:25 +0100] warn [tailwatchd] Lock /etc/userdomains.lock lost! at /usr/local/cpanel/Cpanel/Safe

File.pm line 149

Cpanel::SafeFile::safeunlock(ARRAY(0x6ecda68)) called at /usr/local/cpanel/Cpanel/SafeFile.pm line 78

Cpanel::SafeFile::safeclose(GLOB(0x6e57c48), ARRAY(0x6ecda68)) called at /usr/local/cpanel/Cpanel/Confi

g/LoadConfig.pm line 144

Cpanel::Config::LoadConfig::loadConfig('/etc/userdomains', undef, '\\s*[:]\\s*', '^\\s*[#]', 0, 0, HASH

(0x6d7baf8)) called at /usr/local/cpanel/Cpanel/Config/LoadUserDomains.pm line 15

Cpanel::Config::LoadUserDomains::loaduserdomains(undef, 1, 0) called at /usr/local/cpanel/Cpanel/TailWa

tch.pm line 332 [2011-10-30 23:38:25 +0100] [Cpanel::TailWatch] [iNFO] inotify support not available (could not create inotify

object) at /usr/local/cpanel/Cpanel/TailWatch.pm line 921

Cpanel::TailWatch::panic(Cpanel::TailWatch=HASH(0x6e8b788), 'Failed to open /usr/local/cpanel/logs/tail

watchd_log in append mode: Read-only file system\x0A[2011-10-30 23:38:25 +0100] [Cpanel::TailWatch] [iNFO] inot

ify support not available (could not create inotify object)') called at /usr/local/cpanel/Cpanel/TailWatch.pm l

ine 246

Cpanel::TailWatch::log(Cpanel::TailWatch=HASH(0x6e8b788), '[iNFO] inotify support not available (could

not create inotify object)') called at /usr/local/cpanel/Cpanel/TailWatch.pm line 932

Cpanel::TailWatch::info(Cpanel::TailWatch=HASH(0x6e8b788), 'inotify support not available (could not cr

eate inotify object)') called at /usr/local/cpanel/Cpanel/TailWatch.pm line 51

Cpanel::TailWatch::new('Cpanel::TailWatch') called at /usr/local/cpanel/libexec/tailwatch/tailwatchd li

ne 22

warn [tailwatchd] Failed to open /usr/local/cpanel/logs/tailwatchd_log in append mode: Read-only file system

[2011-10-30 23:38:25 +0100] [Cpanel::TailWatch] [iNFO] inotify support not available (could not create inotify

object)

[2011-10-30 23:38:25 +0100] warn [tailwatchd] Lock /etc/userdomains.lock lost! at /usr/local/cpanel/Cpanel/Safe

File.pm line 149

Cpanel::SafeFile::safeunlock(ARRAY(0x6ecda68)) called at /usr/local/cpanel/Cpanel/SafeFile.pm line 78

Cpanel::SafeFile::safeclose(GLOB(0x6e57c48), ARRAY(0x6ecda68)) called at /usr/local/cpanel/Cpanel/Confi

g/LoadConfig.pm line 144

Cpanel::Config::LoadConfig::loadConfig('/etc/userdomains', undef, '\\s*[:]\\s*', '^\\s*[#]', 0, 0, HASH

(0x6d7baf8)) called at /usr/local/cpanel/Cpanel/Config/LoadUserDomains.pm line 15

Cpanel::Config::LoadUserDomains::loaduserdomains(undef, 1, 0) called at /usr/local/cpanel/Cpanel/TailWa

tch.pm line 332Cpanel::TailWatch::init_global_share(Cpanel::TailWatch=HASH(0x6e8b788)) called at /usr/local/cpanel/Cpa

nel/TailWatch.pm line 70

Cpanel::TailWatch::new('Cpanel::TailWatch') called at /usr/local/cpanel/libexec/tailwatch/tailwatchd li

ne 22

warn [tailwatchd] Lock /etc/userdomains.lock lost!

==> cPanel Log Daemon version 25.0

[ OK ]

Starting mailman services: [ OK ]

Configuring inotify for fast mail service: [sun Oct 30 23:38:26 2011] Starting /usr/local/cpanel/libexec/tailwa

tch/tailwatchd daemon

Log is at /usr/local/cpanel/logs/tailwatchd_log

[ OK ]

Starting Avahi daemon... Could not open stats_log (/usr/local/cpanel/logs/stats_log) for writing! at /usr/local

/cpanel/libexec/cpanellogd line 53.

Timeout reached while wating for return value

Could not receive return value from daemon process.

[FAILED]

cp: cannot create regular file `/var/portsentry/portsentry.ignore.tmp': No such file or directory

grep: /var/portsentry/portsentry.ignore.tmp: No such file or directory

/etc/rc3.d/S98portsentry: line 43: /var/portsentry/portsentry.ignore.tmp: No such file or directory

/etc/rc3.d/S98portsentry: line 44: /var/portsentry/portsentry.ignore.tmp: No such file or directory

/etc/rc3.d/S98portsentry: line 45: /var/portsentry/portsentry.ignore.tmp: No such file or directory

/etc/rc3.d/S98portsentry: line 46: /var/portsentry/portsentry.ignore.tmp: No such file or directory

/etc/rc3.d/S98portsentry: line 47: /var/portsentry/portsentry.ignore.tmp: No such file or directory/etc/rc3.d/S98portsentry: line 48: /var/portsentry/portsentry.ignore.tmp: No such file or directory

/etc/rc3.d/S98portsentry: line 49: /var/portsentry/portsentry.ignore.tmp: No such file or directory

/etc/rc3.d/S98portsentry: line 27: /bin/awk: cannot execute binary file

/etc/rc3.d/S98portsentry: line 54: /var/portsentry/portsentry.ignore.tmp: No such file or directory

cp: cannot stat `/var/portsentry/portsentry.ignore.tmp': No such file or directory

/etc/rc3.d/S98portsentry: line 57: /bin/rm: cannot execute binary file

Starting portsentry -tcp: ERROR: Your config file is corrupted/missing mandatory option!

ERROR: Check your syslog for a more detailed error message.

ERROR: PortSentry is shutting down!

[FAILED]

Starting portsentry -udp: ERROR: Your config file is corrupted/missing mandatory option!

ERROR: Check your syslog for a more detailed error message.

ERROR: PortSentry is shutting down!

[FAILED]

 

Starting killnash: [FAILED]

touch: cannot touch `/var/lock/subsys/local': No such file or directory

FATAL: Could not open /lib/modules/2.6.18-194.32.1.el5xen/modules.dep.temp for writing: Read-only file system

/etc/rc3.d/S99local: line 20: /bin/sleep: cannot execute binary file

/etc/rc.d/rc: line 90: /bin/rm: cannot execute binary file

Starting bandmin: [ OK ]

touch: cannot touch `/var/lock/subsys/bandmin': No such file or directory

rdate: rdate.cpanel.net: Temporary failure in name resolution

sh-3.2#

--------------------------------------

 

questa è la parte finale degli errori al login

Share this post


Link to post
Share on other sites

a occhio direi

 

FATAL: Could not open /lib/modules/2.6.18-194.32.1.el5xen/modules.dep.temp for writing: Read-only file system

 

hai il file system in read only quindi devi fare un check di quello e sperare che vada tutto a posto

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×