MSFTPSVC Event ID 8

8
Nov0

Source MSFTPSVC Event ID 8: FTP Server could not create a client worker Thread for user at host xxx.xxx.xxx.xxx. The connection to this user is terminated the data is the error. (No error Code)

Where xxx.xxx.xxx.xxx is the host attempting to connect.

The MS KB article here http://support.microsoft.com/?id=293637 proposes a solution with regards to a related metabase error and how to delete such. However some users may not have the "ipsecurity" error described in the KB, so instead you will have to check each of you individual FTP sites. Make sure that in the Properties -> Directory Security tab, Granted Access is selected. If in any case Denied Access is selected, make sure the connecting host above is added in the exception list.

After making changes to the Directory Security property, double check with the KB article again as changes to the metabase have been made.

After the two checks above and you are still getting tons of Event ID 8, you can also check here http://technet.microsoft.com/en-us/library/cc783062%28WS.10%29.aspx

Tagged as: ,
No Comments

PCI Compliance

26
Oct0

It has not been long that I've become involved on many a client requests to make their servers PCI compliant. More often than not they would just pass onto us at least a 30 page report of what's needed to be done to become "PCI Compliant". This would often cause a short debacle between us and the clients since merely looking at the report and evaluating what is needed to be done on our part already costs our time.

The point of this article is how much should we get involved on getting our customers "PCI Compliant"?

From a customer's point of view, generally they would expect all the technical work necessary be done out of the report. From my point of view, this should not be the case. Security compliance is another box when it comes to web hosting, if the customers are employing a third party security company then they should do most of the leg work. We do not need to analyze pages of report that those security comapnies are supposed to be doing. We'd more than happy to get the customer compliant, but we only need the specific technical points to do our part. Yes, the customer gets confused at first when we throw back at them these ideas, fortunately they would get our point and point back to the security vendor then the vendor liasing directly back to us.

I'd hope there is a much more structured process between the security vendor, the customer and the hosting company. How about you, how have you been doing so far as a customer, vendor or a hosting company  with your part on the PCI compliance process?

Tagged as: ,
No Comments

Gumblar .cn – Infiltrating Hosting Accounts

20
May0

Hosting accounts being compromised has been a common incident, however a sudden surge of this variant is quite alarming. This trojan does not target any particular software or script and is commonly exploited from a users computer where he usually FTP files to hosting accounts. The trojan scans for FTP usernames and passwords and use them to inject PHP scripts to the FTP server.

So far I have seen two variations, one being a slave for XSS attack and another as proxy or zombie perhaps for a DoS attack.

What to do or how do you know if you are infected? There is no simple prevention measure I can offer aside from asking you to scan and thoroughly clean your computer first. Download all your files from the ftp server, you can do PHP files only, however there is a probability a JS based file may exist as well. After downloading, scan all your files and reupload. Not too neat but it's the only method that works for me.

Tagged as: , , ,
No Comments

Get Detailed Information About Particular IP address Connections Using netstat Command

14
Dec0

I was recently investigating a LAMP application bottleneck. Part of which was to monitor web server entry points during peak hours. Looking into segregate connections and what each clients are actually doing I needed some advanced netstat know-how to get thru my goal, so I stumble upon this one from nixCraft:

netstat command and shell pipe feature can be used to dig out more information about particular IP address connection. You can find out total established connections, closing connection, SYN and FIN bits and much more. You can also display summary statistics for each protocol using netstat.

This is useful to find out if your server is under attack or not. You can also list abusive IP address using this method.

http://www.cyberciti.biz/tips/netstat-command-tutorial-examples.html

Tagged as: ,
No Comments
Connect with Facebook

Friends

Projects

Flickr

www.flickr.com
This is a Flickr badge showing public photos and videos from j-Hive. Make your own badge here.

Tag Cloud

Categories

Archives