Welcome to Geeklog Thursday, November 23 2017 @ 09:17 pm EST


Status: offline

ronack

Forum User
Full Member
Registered: 27/05/2003
Posts: 612
Hi All,

My ISP keeps sending me emails that my server has been hacked.

Does anyone know about this hack and if it affects Geeklog and how? My Geeklog sites are the only ones that have the ability to send email.

hacked-webserver-stealrat-t1

To maintain uninterrupted service to this IP, the offending page(s) must be promptly removed. In cases of suspected phishing, AT&T will suspend service to the affected IP if the matter is not resolved within a reasonable time period.
Regards,
AT&T Internet Services Security Center


Problem is they don't tell me what the offending pages are.

Thanks

Ron

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/2002
Posts: 13073
Location:Stuttgart, Germany
Hmm, that's not a lot of information to go by ...

Stealrat appears to be a trojan running on (Windows) PCs. Does your Geeklog site run on Windows?

I found some removal instructions. It doesn't say how the trojan usually gets installed, though.

If your Geeklog site is running on a Windows server, then it's possible that it was installed through a security issue there (which version are you on?). But it could just as well have gotten in through other means.

If your Geeklog site is not on Windows, then I'd scan all the Windows PCs in your network for this trojan.

HTH

Dirk

All times are EST. The time is now 09:17 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content