We are in the process of migrating this forum. A new space will be available soon. We are sorry for the inconvenience.

Server security problem?


Mark
18-03-2008, 13:24
Thanks Marco - you're a star ;-)

Marco
18-03-2008, 12:53
Quote Originally Posted by Mark
Hi Marco,

The sever name is: ks35250.kimsufi.com
My nichandle is: vm7722-ovh

I was originally a Window/Plesk user but would prefer Windows without Plesk to Linux/Plesk.
You can now reinstall Windows standard on your Server.

Mark
18-03-2008, 10:08
Thanks Marco - nice to know someone's listening :-)

Marco
18-03-2008, 10:03
Mark,

We are working on your issue. You will have your answer by the end of today.

Mark
18-03-2008, 00:03
Quote Originally Posted by OVH.Customer
I would open another or give them a call.
I did.
The bump was just an additional prompt ;-)

OVH.Customer
17-03-2008, 21:11
Quote Originally Posted by Mark
My Support thread on this issue has been closed!

Do I take it that I'm stuck with Linux now?
I would open another or give them a call.

Mark
17-03-2008, 19:43
Quote Originally Posted by Marco
Hello,

There has been some misunderstanding in the recent past with this. For example at first OVH provided Windows with Plesk for the Kimsufi, but afterwards OVH withdrew the offer, as there were performance issues, although some customers are still using it, but if they want to re-install, the option to re-install Windows might have disappeared.

In regards of particular service, it will be very helpful to know the server name, as without it is very difficult to investigate on a case by case basis.
Bump :-)

Mark
15-03-2008, 10:54
Thread fermé
My Support thread on this issue has been closed!

Do I take it that I'm stuck with Linux now?

Mark
14-03-2008, 17:16
Hi Marco,

The sever name is: ks35250.kimsufi.com
My nichandle is: vm7722-ovh

I was originally a Window/Plesk user but would prefer Windows without Plesk to Linux/Plesk.

Marco
14-03-2008, 16:52
Hello,

There has been some misunderstanding in the recent past with this. For example at first OVH provided Windows with Plesk for the Kimsufi, but afterwards OVH withdrew the offer, as there were performance issues, although some customers are still using it, but if they want to re-install, the option to re-install Windows might have disappeared.

In regards of particular service, it will be very helpful to know the server name, as without it is very difficult to investigate on a case by case basis.

Mark
14-03-2008, 16:43
Hence the reason for the year long free kimsufi trial to iron out the problems?

Andy
14-03-2008, 16:40
I've seen a lack of consistency on the whole OVH UK site to be honest. The support system also lacks consistency by taking us to the OVH FR support sites. Same with the e-mails being received in French.

Mark
14-03-2008, 16:36
I began with Windows too, but got severely hacked after a week or so. When I Looked in OVH Manager for the reinstall options, only Linux & FreeBSD & Linux were listed.

If you started with Windows too, and also have Windows in your reinstall options list, then it appears that different people have been given different reinstall options in OVH Manager!

If OVH Manager had shown Windows as an option (as it appears it should have done) when I was looking to reinstall, I wouldn't have had to install Linux.

It seems to me that OVH need to sort out exactly what should be appearing on everyone's reinstall options list and be consistent.

Andy
14-03-2008, 15:49
Quote Originally Posted by Mark
Don't worry Andy, I'm not about to throw the towel in!

Whilst I'd much prefer to be running Windows 2003/Helm 4 with five domains, my current Linux/Plesk 8.0 with one domain will do for the remainder of the trial if OVH won't reinstall Windows on my machine.

It's just a shame that the licensing terms weren't made clear in the beginning, if they had, this situation wouldn't have arisen.
I can't see why you can't change to Windows though if you initially ordered Linux. I have the option of all the OS's as I began with Windows (I'm a Windows guy). Seems a bit odd.

If you need any help with anything let me know. I'll do my best to help you out in any way possible.

Mark
14-03-2008, 15:26
Don't worry Andy, I'm not about to throw the towel in!

Whilst I'd much prefer to be running Windows 2003/Helm 4 with five domains, my current Linux/Plesk 8.0 with one domain will do for the remainder of the trial if OVH won't reinstall Windows on my machine.

It's just a shame that the licensing terms weren't made clear in the beginning, if they had, this situation wouldn't have arisen.

Andy
14-03-2008, 15:19
Quote Originally Posted by Mark
I'll be happily surprised if they do. My support 'chat' seems to have died off, with no reply from OVH since yesterday afternoon.

Looking on the bright side - I haven't actually lost any money and, after only a couple of weeks of the trial, I know who probably won't be getting my DS business in the future!
I admit I've had my fair share of problems since January when they opened the UK site, but you'll be hard pushed to get such a deal anywhere else with the same specs. I'd recommend holding out as long as humanly possible to get it sorted.

Mark
14-03-2008, 15:12
Quote Originally Posted by Andy
Lets hope they will reinstall it for you
I'll be happily surprised if they do. My support 'chat' seems to have died off, with no reply from OVH since yesterday afternoon.

Looking on the bright side - I haven't actually lost any money and, after only a couple of weeks of the trial, I know who probably won't be getting my DS business in the future!

Andy
14-03-2008, 13:45
To be all honest, will OVH do this? I rang them up to sort out an issue with my server and it not coming back up after a NIC driver upgrade and they simply said "Oh reinstall it in the manager". My reply was simple "No. I have done this 3 times now. Tell someone to physically go to the server and fix it. vKVM doesn't work, so I CANNOT do it", "sorry sir, we can't do that, you will have to use vKVM".

OVH do not listen. The only place so far I've seen them listen is this forum, so hopefully my future issues can be sorted here. In the mean time they should sort out their phone system and phone staff.

Lets hope they will reinstall it for you instead of giving the response I recieved. (BTW thanks to Folarin and Tolla in London support for helping me out, you're both stars).

On the issue of OS's, why don't OVH make all of the operating systems available, but make it explicitly clear that for Windows you MUST pay for the license when you reinstall? That way the customer always has a choice, and this will reduce work load on OVH's staff for more important support issues.

Mark
14-03-2008, 11:09
Quote Originally Posted by Smokin
i have reinstalled windows through manager and didn't have to pay anything

aslong as you orderd it with serv i think its ok..
I never had the option in OVH manager to re-install Windows even though I ordered it with the server and it was the original OS installed on the machine.
If I'd known about the licensing issue I'd have asked OVH to re-install Windows before wiping my machine and installing Linux.

Quote Originally Posted by OVH.Customer
So to summarise you can in fact get it reinstalled for free?
To Summarise: I think you may be able to get it reinstalled free if you contact OVH to do it and don't install another OS in the meantime

OVH.Customer
14-03-2008, 01:05
So to summarise you can in fact get it reinstalled for free?

Mark
13-03-2008, 19:07
Quote Originally Posted by OVH.Customer
Can you not just tidy up your installation?
Not easily.
There were files & programs all over the place - some hidden and some not.


Re: re-installation and license keys:
Quote Originally Posted by OVH Customer Support
The free kimsufi servers could be initially installed with Windows without charge, and the same Windows license could then be used to reinstalled again upto five times with no charge. (Windows L1 > Windows L1 > Windows L1 etc).

But reinstalling Lunux and then Windows counts as a fresh license, (Windows L1 > Linux > Windows L2 Windows L2 etc)

Smokin
13-03-2008, 19:04
i have reinstalled windows through manager and didn't have to pay anything

aslong as you orderd it with serv i think its ok..

Andy
13-03-2008, 17:22
Quote Originally Posted by OVH.Customer
I read that too. Can you not just tidy up your installation?

Just out of interest why is it not possible to reinstall Windows, surely the same licence key can be used?
OVH being so big will use a VLK key, it will be the same key for all Windows systems they run, however it costs a huge amount of money so they need to charge for it. However I agree, why does it cost after changing -back- to windows but not if you use it initially?

OVH.Customer
13-03-2008, 16:59
I read that too. Can you not just tidy up your installation?

Just out of interest why is it not possible to reinstall Windows, surely the same licence key can be used?

Mark
13-03-2008, 14:41
Yep - the root password was changed straight away.

Also, although server originally had Windows 2003 installed, it looks like it's not possible have it re-installed by OVH without paying £10/month for a new license.

Gentoo it is then

OVH.Customer
13-03-2008, 14:21
Quote Originally Posted by Mark
Don't know whether it was brute force or not but I've definitely been hacked - I found 55GB of porn in a hidden folder in Recycler.

Re-installation of Windows isn't possible via OVH Manager so I'm waiting on a response from CS to see if they'll do it for me.
Wow! Did you change the root login details for your server as soon as you received them from OVH? I must remember to change the username too, if that is possible.

Mark
13-03-2008, 12:28
Don't know whether it was brute force or not but I've definitely been hacked - I found 55GB of porn in a hidden folder in Recycler.

Re-installation of Windows isn't possible via OVH Manager so I'm waiting on a response from CS to see if they'll do it for me.

hashbangbinbash
11-03-2008, 17:58
Doesn't look like it was a brute-force attack exactly, a rather half-hearted effort if you ask me.

PCDiver
11-03-2008, 15:18
What you also can do is leave it enabled, but block the port on windows firewall.

OVH.Customer
11-03-2008, 14:37
Quote Originally Posted by PCDiver
I also recommend to rename your root/admin/administrator account to something not so obvious. And do not install FTP on Windows. With FTP on your server you are open for a brute force attack.
I've installed it but enable it as and when I need it. I've also disabled SSH access now too.

PCDiver
11-03-2008, 13:10
I also recommend to rename your root/admin/administrator account to something not so obvious. And do not install FTP on Windows. With FTP on your server you are open for a brute force attack.

Marco
11-03-2008, 12:54
Setting a good password usually solve most of the security issues. In your case it could have happened that somebody has managed to retrieve your access codes somehow. Be careful that nobody can access your email and for having more security, change your root password into a strong personal one with 8 alphanumeric which at least have 2 numbers.

OVH.Customer
08-03-2008, 23:25
Noticed this too when running the netstat command.


OVH.Customer
08-03-2008, 23:03
I've just been looking through the application event logs and I think somebody has connected to my server using SSH as I see:

sshd : connection closed by 216.133.192.20
sshd: received disconnection from 216.133.192.20
sshd: failed password for invalid user fluffy from 216.133.192.20
sshd: invalid user fluffy
sshd: failed password for root

Edit: Upon further inspection I do not think the user was able to gain access to the system. When I log in over SSH an event appears which says accepted password; this event didn't appear for the other user.

Mark
07-03-2008, 12:06
Just found this in Security > Event Properties

Session disconnected from winstation:
User Name: IUSR_WBAM
Domain: KSxxxxx
Logon ID: (0x0,0x107CBE)
Session Name: RDP-Tcp#20
Client Name: AVIRAN-6823FCE8
Client Address: 212.143.149.46

AVIRAN-6823FCE8 appears a few times in the event log and also appears to have installed and uninstalled an hp deskjet printer!

There's also software installed which wasn't there before - Real VNC for example.

Anyone have any ideas on this?