Well.. we all know how "hacking" basically occurs, bunch of ./ kids with some pretty interesting tools in their hands get the best of us... It's the case of big hosting providers also, nobody is safe these days... There's still hope! never give up to bad guys... In a weekly logs check i've discouvered several interesting hacking attempts on several domains hosted on my server. It seems like a automated scan&hack tool to check of miss configured servers or bugged software...
This time asking and getting a response regarding this issue was prompt after sending the ISP(hosting provider) a mail. The logs started like:
69.89.31.210 www.pgn.ro - [25/Nov/2009:23:47:59 +0200] "GET /index.php?c=../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/resolv.conf HTTP/1.1" 200 3211 "-" "libwww-perl/5.831"
69.89.31.210 www.pgn.ro - [25/Nov/2009:23:48:00 +0200] "GET /index.php?c=../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/resolv.conf HTTP/1.1" 200 3211 "-" "libwww-perl/5.831"
they didn't get through that's for sure... but still why cant we stop this action form happening (at least from the host in question). Many network administrators, in my oppinion anyway, find it easyer to deal the threat by making sure the hackers didn't get in and that's it... well all have a common idea that even if contacting the ISP it won't be enough... but sometimes it really counts, making sure that the hackers have a real fight on their hands so that it may be a real war for them to continue on...
Hello,
Thank you for the report of this activity. This type of activity is not
allowed by our terms of service. We have been able to identify several
shared hosting accounts on this and other IP addresses that appear to have
been infected with badware designed to infect yet more sites. We have
initiated appropriate action according to our terms of service agreement
with our account holders.
Please do not hesitate to contact us again if you detect further intrusion
attempts from our network.
Thank you,
Jeff
Tech Support Engineer
BlueHost.com
888.401.4678
It really pays off to see that working together could and can make a difference