gtman55

I'm on Jendar and my site is still down.

I'd like to add that I've been with TCH for over 8 years and these outages (DDOS attacks and other problems) have been more frequent over the past couple months. I'm on a different server (jendar) but have been very disappointed recently. In the past, server outages/slowdowns were fairly rare.

No issues in the last day and a half. Fingers crossed...

Any update?

Thanks Carl. That's all we can ask for.

Steve the only thing is that this odd script that shows up was mentioned as something that set some kind of intermittent cookie or something and this was what I saw one time on my site.... It's so similar to the others posted here and this type of script is mentioned as part of the server exploit. Again I am no expert... just trying to give TCH as many clues as possible to figure things out. <script type="text/javascript" language="javascript"> var pocjosm=new Date( ); pocjosm.setTime(pocjosm.getTime( )+014*074*074*01750); document.cookie="n\x5fs\x65s\x73\x5fid=\x66\x63c\x32c9d\x30e7d\x353\x66\x63\x324\x38\x35\x360\x38c\x36\x61\x38\x65\x374\x65\x358"+"\x3b\x20pat\x68\075\x2f; \x65xpir\x65s="+pocjosm.toGMTString( ); </script> I did notice the server was down for a short time this afternoon and I wonder if there was some work being done behind the scenes by TCH to correct something.

I have worked hard and put a lot of work into my site over the past 5 years. I think we all like TCH and want this fixed and hopefully this can be prevented in the future. TCH has always been very good with support.

Finally!! Yes I've been in contact with the tech support at TCH and given them info from a security site (badwarebusters) I recently joined. BB seems convinced this issue is with the server. I'm not here trying to make a stink. I like TCH. All i ask is they read the links I sent them that might help fix the "backdoor" script that apparently has entered the server. The standard response is "It came from a client's PC via FTP". Well, I am extremely security concious on my home pc and it's always clean. I use NOD32 and many other anti-trojan, anti-spyware programs. It is possible it did come from someone on dantooine with an infected machine though. But now it resides in the server. Apparently this does not change any files on any site. The attack is most likely part of what is known as "Goscanpark" a server backdoor that intermittently and at random sends people to the fake anti-scanner site. This is a new type of attack most hosts don't know about and I even sent TCH tech literature that would help them remove it and what to look for. Here's what I've been told and a link to the detailed information: These are independent people trying to help. And here's something from a TCH customer: Sorry for the long post but this is an urgent situation and hopefully TCH will take the information to good use and fix the issue. To klibrek... are your redirects to various things like indianapolis-sales.com and best-virus-scanners5.com and stuff like that? I think the fact that you have the same problem is starting to make it clear the server is infected.

I have checked virtually all my files via FTP. I've tested it on various online sites looking for malicious code. My PC is clean. And yet, from time to time the popups occur. Sometimes only once a day sometimes more. Is it possible that some of TCH hosting's servers have been hit with malware? I think OJB and myself seem to be dealing with the same thing and is it just possible our sites are clean and this is server side? I do use IPB 2.3.2 and I have ALL the security patches. There was something in the news the other day about the NY Times being hit by this and some other sites. This seem to have only stated a couple of days ago. I've checked all my recently modified files and have found nothing suspicious. Again, I'm a big fan of TCH and been here 4.5 years.

I just went to my site's forum index page (elantraclub.com/forum) and my antivirus stopped the page from loading. This is what it looked like: Each time it does this it's a different address but the same basic thing. This only started happening two days ago.

My site has been hosted by TCH for many years and I think you guys rock. The past couple days though, I've also experienced oddness at my site. Photos load most of the time but sometimes not. There have been higher server loads than normal (dantooine) and I have the EXACT issue OJB described. Some of my members are complaining of getting popups warning them of adware/malware.. some sort of fake antivirus site. My files seem ok. I contacted your tech dept. and they said the site loaded fine but I tried to tell them that wasn't the issue. Anyway, Pete Bishop said he found an error and fixed it and all should be well but... again the occasional fake antivirus rogue page tries to pop up. I'm wondering if this is some sort of problem affecting many sites on TCH? What could be causing this and how do we fix it?

Alex if you read my post above I know that. My question is does doing that make a php based forum more vulnerable to security issues?

Same problem here. Any photo from Imageshack gets a 406 unacceptable error. I have the same IPB software as this forum. From what I've been told the mod_security rules may be overly strict or something? Is there a fix in the works other than disabling it in the .htaccess file (which may not be very secure)?

Let me first say I've been with TCH for nearly 3 years and have been a happy customer. Ok here's my problem. I have a heavily modified IPB 2.0.4 board that I've spent years perfecting. It's a car based board with addons like a garage script, review system, arcade and about 100 mods and features. Anyway, things were great until I just found out my you are switching all your servers to MySQL5 and PHP5. Of course a good portion of my site would be broken. I know if I upgrade to the newest IPB version it would work fine but... I'm not willing to lose all the features and mods (and my 4,500 members aren't either) we now have and many years of work to switch. Also some of the features I added are member supported with $$$ and if those features are broken my site is in trouble. So am I best off moving to another host that still supports MySQL4 & PHP4 or is there someone that knows what I need to change in the scripts to work with PHP5/MySQL5.. I'm not an expert on this. Thanks. Note: I'm begging the upper ups at TCH to consider keeping a server or two with the current configuration.

Thanks for getting it fixed. That was the longest (8 hours +) my site has been down in the 2+ years I've been with TCH.