paulooi.com

This morning when I access to www.paulooi.com. I saw the picture shown above, I access to all the website I hosted, also the same page coming out. Except Mel’s blog. Then I only found out some very high skills hacker inject index.html into every hosted folder. The files “index.html” started to inject since this morning 7am.

Am still checking how was the file got injected into all the folders. Thanks Mr Hacker.

Beside that, Hey! I am on zone-h list and I think Mr Forever is from 85.96.125.3

The Caused
Some of the customer didn’t patch the Mambo/Joomlah to latest version. Please do so please please please, patch your Mambo/Joomlah/Wordpress. If you require me to patch for you, let me know!

One of our mailserver having problem last week. It’s caused by the massive connections connected into the server sending out newsletter(large database unstoppable loops) from one host.

2006-06-15 08:50:06 Connection from [201.xx.xx.xx] refused: too many connections
2006-06-15 08:50:20 Connection from [201.xx.xx.xx] refused: too many connections
2006-06-15 08:50:24 Connection from [201.xx.xx.xx] refused: too many connections
2006-06-15 08:50:28 Connection from [201.xx.xx.xx] refused: too many connections
2006-06-15 08:50:32 Connection from [201.xx.xx.xx] refused: too many connections

Exim default allow maximum 20 connections from a host. You can increase the connection in the main configuration file by adding in this line;

smtp_accept_max = 50

For more information, visit Exim’s documentation site.