Site loading performance!

This forum is reserved for network, server and board maintenance and FYI's
Message
Author
User avatar
kode-niner
Posts: 700
Joined: Sat Jun 07, 2014 7:39 am
Location: Canada

Re: Site loading performance!

#51 Post by kode-niner »

I don't know why I didn't click on the Blacklist Status tab on that Sucuri report. It leads to Spamhaus as the actual blacklist:
http://www.spamhaus.org/dbl/removal/rec ... oktalk.com
Which leads to a suspcious file on toughbooktalk.com:
/styles/skylineblue/theme/dump.php

Rob, I run several web servers for a living and have suggested you try out maldet. Here is how to do it on windows.



Download Clamwin here:
http://downloads.sourceforge.net/clamwi ... -setup.exe

Download maldet here:
http://www.rfxn.com/downloads/maldetect-current.tar.gz

Install Clamwin and extract maldet somewhere temporary so we can copy its sig files. 7zip can handle tar.gz in two steps, first un-gzipping then un-tarring

Make a directory inside the clamwin bin directory named 'maldet'
For example on my system it would be this full path:

Code: Select all

C:\Program Files (x86)\ClamWin\bin\maldet
Copy the files from the maldet files\sigs directory into the maldet directory you just created above. There should be two .dat and two .hdb files.

Open a command prompt and cd into the Clamwin's bin directory

Code: Select all

cd C:\Program Files (x86)\ClamWin\bin

Run this command, preferably using the administrator user to reduce 'permission denied' errors on individually scanned files:
clamscan.exe -r -i -d maldet (FULL PATH TO YOUR WEB FILES)
for example:

Code: Select all

clamscan -r -i -d maldet e:\inetpub
This will not delete or quarantine files. -r is recursive look, -i is report summary only and -d is directory containing sig files.

Maldet might report back about files containing base64 or otherwise obfuscated code. These are not necessarily infected but often are. They should be examined individually. It's the other types of nasties that should be taken more seriously like PHP shells.
Daily drives a CF-31

User avatar
kode-niner
Posts: 700
Joined: Sat Jun 07, 2014 7:39 am
Location: Canada

Re: Site loading performance!

#52 Post by kode-niner »

Note:
Probably a good idea to log the output to a file. I have trouble with -l <file> or --log=FILE so I redirect the output instead with ">"

example:

Code: Select all

clamscan -r -i -d maldet e:\inetpub > c:\users\administrator\desktop\log.txt
Daily drives a CF-31

User avatar
Rob
Toughbooktalk Founder
Posts: 3575
Joined: Mon Mar 16, 2009 8:23 pm
Contact:

Re: Site loading performance!

#53 Post by Rob »

kode-niner wrote:I don't know why I didn't click on the Blacklist Status tab on that Sucuri report. It leads to Spamhaus as the actual blacklist:
http://www.spamhaus.org/dbl/removal/rec ... oktalk.com
Which leads to a suspcious file on toughbooktalk.com:
/styles/skylineblue/theme/dump.php

Rob, I run several web servers for a living and have suggested you try out maldet. Here is how to do it on windows.



Download Clamwin here:
http://downloads.sourceforge.net/clamwi ... -setup.exe

Download maldet here:
http://www.rfxn.com/downloads/maldetect-current.tar.gz

Install Clamwin and extract maldet somewhere temporary so we can copy its sig files. 7zip can handle tar.gz in two steps, first un-gzipping then un-tarring

Make a directory inside the clamwin bin directory named 'maldet'
For example on my system it would be this full path:

Code: Select all

C:\Program Files (x86)\ClamWin\bin\maldet
Copy the files from the maldet files\sigs directory into the maldet directory you just created above. There should be two .dat and two .hdb files.

Open a command prompt and cd into the Clamwin's bin directory

Code: Select all

cd C:\Program Files (x86)\ClamWin\bin

Run this command, preferably using the administrator user to reduce 'permission denied' errors on individually scanned files:
clamscan.exe -r -i -d maldet (FULL PATH TO YOUR WEB FILES)
for example:

Code: Select all

clamscan -r -i -d maldet e:\inetpub
This will not delete or quarantine files. -r is recursive look, -i is report summary only and -d is directory containing sig files.

Maldet might report back about files containing base64 or otherwise obfuscated code. These are not necessarily infected but often are. They should be examined individually. It's the other types of nasties that should be taken more seriously like PHP shells.

Thanks dude!
~Rob - Vice President - Rugged Depot~
~Cell: (630)/300-8877~
~Owner - Toughbooktalk~
~Fully rugged Toughbook user since April 18th 2005~
~FZ-40ACAAHKM - Primary Toughbook / Workstation as of 7/29/22
~Win10 Pro (Win11 DG), Intel Core i5-1145G7 (up to 4.4GHz), vPro, 14.0" FHD Gloved Multi Touch, 16GB, 1TB Samsung SSD, Intel Wi-Fi 6, Bluetooth, 4G EM7690, GPS, Quad Pass (BIOS Selectable), Mic and Infrared 5MP Webcam, Standard Battery, TPM 2.0, Emissive Backlit Keyboard, Dual Batteries, USB A + HDMI + Serial X-PAK, Shoulder Strap, Flat~
~AT&T Business 1GB Fiber 1GB/1GB business static line~
~Gamber & Johnson Platinum Partner~

http://www.toughbooktalk.com
http://downloads.toughbooktalk.com/
http://www.rugged575.com - 300' UHF GMRS Radio Repeater
http://www.crete600.com - 310' UHF Linked GMRS Radio Repeater


~Emergency preparedness starts with reliable communication systems above all. Pretend the internet and cell phones didn’t exist, how will you communicate? If you’re interested in learning more, ask me!~

User avatar
kode-niner
Posts: 700
Joined: Sat Jun 07, 2014 7:39 am
Location: Canada

Re: Site loading performance!

#54 Post by kode-niner »

Will call Tuesday.
Daily drives a CF-31

User avatar
Rob
Toughbooktalk Founder
Posts: 3575
Joined: Mon Mar 16, 2009 8:23 pm
Contact:

Re: Site loading performance!

#55 Post by Rob »

I called you back and left a message. Damn conference calls! :(
~Rob - Vice President - Rugged Depot~
~Cell: (630)/300-8877~
~Owner - Toughbooktalk~
~Fully rugged Toughbook user since April 18th 2005~
~FZ-40ACAAHKM - Primary Toughbook / Workstation as of 7/29/22
~Win10 Pro (Win11 DG), Intel Core i5-1145G7 (up to 4.4GHz), vPro, 14.0" FHD Gloved Multi Touch, 16GB, 1TB Samsung SSD, Intel Wi-Fi 6, Bluetooth, 4G EM7690, GPS, Quad Pass (BIOS Selectable), Mic and Infrared 5MP Webcam, Standard Battery, TPM 2.0, Emissive Backlit Keyboard, Dual Batteries, USB A + HDMI + Serial X-PAK, Shoulder Strap, Flat~
~AT&T Business 1GB Fiber 1GB/1GB business static line~
~Gamber & Johnson Platinum Partner~

http://www.toughbooktalk.com
http://downloads.toughbooktalk.com/
http://www.rugged575.com - 300' UHF GMRS Radio Repeater
http://www.crete600.com - 310' UHF Linked GMRS Radio Repeater


~Emergency preparedness starts with reliable communication systems above all. Pretend the internet and cell phones didn’t exist, how will you communicate? If you’re interested in learning more, ask me!~

User avatar
Rob
Toughbooktalk Founder
Posts: 3575
Joined: Mon Mar 16, 2009 8:23 pm
Contact:

Re: Site loading performance!

#56 Post by Rob »

Update!!:

Me and Nick (Kode-Niner) (This man deserves a medal) :notworthy: are working on resolving a bunch of PHP injection issues. There are a TON of files I think I need to fix here and have already done a scan. Some date back years. Wow, live and learn right?

I'm 99.999% sure at this point that this is what is causing the website to randomly not display pages seeing as the internet has been totally fine lately *Knocks on wood* :blowaway: !!!

Thanks!
~Rob - Vice President - Rugged Depot~
~Cell: (630)/300-8877~
~Owner - Toughbooktalk~
~Fully rugged Toughbook user since April 18th 2005~
~FZ-40ACAAHKM - Primary Toughbook / Workstation as of 7/29/22
~Win10 Pro (Win11 DG), Intel Core i5-1145G7 (up to 4.4GHz), vPro, 14.0" FHD Gloved Multi Touch, 16GB, 1TB Samsung SSD, Intel Wi-Fi 6, Bluetooth, 4G EM7690, GPS, Quad Pass (BIOS Selectable), Mic and Infrared 5MP Webcam, Standard Battery, TPM 2.0, Emissive Backlit Keyboard, Dual Batteries, USB A + HDMI + Serial X-PAK, Shoulder Strap, Flat~
~AT&T Business 1GB Fiber 1GB/1GB business static line~
~Gamber & Johnson Platinum Partner~

http://www.toughbooktalk.com
http://downloads.toughbooktalk.com/
http://www.rugged575.com - 300' UHF GMRS Radio Repeater
http://www.crete600.com - 310' UHF Linked GMRS Radio Repeater


~Emergency preparedness starts with reliable communication systems above all. Pretend the internet and cell phones didn’t exist, how will you communicate? If you’re interested in learning more, ask me!~

User avatar
Rob
Toughbooktalk Founder
Posts: 3575
Joined: Mon Mar 16, 2009 8:23 pm
Contact:

Re: Site loading performance!

#57 Post by Rob »

Update:

I am working on fixing all issues now.

I have to shut down the FTP server too. All of you that have accounts I will PM you a new password since we think it could be compromised and that could be how this happened to begin with. I'm looking into alternative file sharing services I can run that might be safer too.

Thanks!
~Rob - Vice President - Rugged Depot~
~Cell: (630)/300-8877~
~Owner - Toughbooktalk~
~Fully rugged Toughbook user since April 18th 2005~
~FZ-40ACAAHKM - Primary Toughbook / Workstation as of 7/29/22
~Win10 Pro (Win11 DG), Intel Core i5-1145G7 (up to 4.4GHz), vPro, 14.0" FHD Gloved Multi Touch, 16GB, 1TB Samsung SSD, Intel Wi-Fi 6, Bluetooth, 4G EM7690, GPS, Quad Pass (BIOS Selectable), Mic and Infrared 5MP Webcam, Standard Battery, TPM 2.0, Emissive Backlit Keyboard, Dual Batteries, USB A + HDMI + Serial X-PAK, Shoulder Strap, Flat~
~AT&T Business 1GB Fiber 1GB/1GB business static line~
~Gamber & Johnson Platinum Partner~

http://www.toughbooktalk.com
http://downloads.toughbooktalk.com/
http://www.rugged575.com - 300' UHF GMRS Radio Repeater
http://www.crete600.com - 310' UHF Linked GMRS Radio Repeater


~Emergency preparedness starts with reliable communication systems above all. Pretend the internet and cell phones didn’t exist, how will you communicate? If you’re interested in learning more, ask me!~

User avatar
Rob
Toughbooktalk Founder
Posts: 3575
Joined: Mon Mar 16, 2009 8:23 pm
Contact:

Re: Site loading performance!

#58 Post by Rob »

Okay, FTP is back up but all passwords are changed! I'll be PMing you all new passwords shortly!
~Rob - Vice President - Rugged Depot~
~Cell: (630)/300-8877~
~Owner - Toughbooktalk~
~Fully rugged Toughbook user since April 18th 2005~
~FZ-40ACAAHKM - Primary Toughbook / Workstation as of 7/29/22
~Win10 Pro (Win11 DG), Intel Core i5-1145G7 (up to 4.4GHz), vPro, 14.0" FHD Gloved Multi Touch, 16GB, 1TB Samsung SSD, Intel Wi-Fi 6, Bluetooth, 4G EM7690, GPS, Quad Pass (BIOS Selectable), Mic and Infrared 5MP Webcam, Standard Battery, TPM 2.0, Emissive Backlit Keyboard, Dual Batteries, USB A + HDMI + Serial X-PAK, Shoulder Strap, Flat~
~AT&T Business 1GB Fiber 1GB/1GB business static line~
~Gamber & Johnson Platinum Partner~

http://www.toughbooktalk.com
http://downloads.toughbooktalk.com/
http://www.rugged575.com - 300' UHF GMRS Radio Repeater
http://www.crete600.com - 310' UHF Linked GMRS Radio Repeater


~Emergency preparedness starts with reliable communication systems above all. Pretend the internet and cell phones didn’t exist, how will you communicate? If you’re interested in learning more, ask me!~

User avatar
Shawn
Posts: 2960
Joined: Fri Jan 18, 2013 11:35 am

Re: Site loading performance!

#59 Post by Shawn »

Even though the issues seem huge, at least now you know what the problem has been....
With that knowledge, you can now work on the solutions

Keep on, keeping on....
Life will beat you into submission.

User avatar
Rob
Toughbooktalk Founder
Posts: 3575
Joined: Mon Mar 16, 2009 8:23 pm
Contact:

Re: Site loading performance!

#60 Post by Rob »

Update:

I spent the last 7 hours straight working on this and have removed everything and am scanning again to verify if I missed anything.

This TOTALLY explains why the CLOUD wasn't working either... I'm totally inspired now to get the cloud going again!!! :)

I'm still seeing the site time out all the time for which I'm still working on. I still have to do the following on top of the last 7 hours of BS I've had to deal with:

Purge several 2.5GB+ sized log files
Reboot the server
Upgrade the firewalls firmware to the latest version.

Thanks!
~Rob - Vice President - Rugged Depot~
~Cell: (630)/300-8877~
~Owner - Toughbooktalk~
~Fully rugged Toughbook user since April 18th 2005~
~FZ-40ACAAHKM - Primary Toughbook / Workstation as of 7/29/22
~Win10 Pro (Win11 DG), Intel Core i5-1145G7 (up to 4.4GHz), vPro, 14.0" FHD Gloved Multi Touch, 16GB, 1TB Samsung SSD, Intel Wi-Fi 6, Bluetooth, 4G EM7690, GPS, Quad Pass (BIOS Selectable), Mic and Infrared 5MP Webcam, Standard Battery, TPM 2.0, Emissive Backlit Keyboard, Dual Batteries, USB A + HDMI + Serial X-PAK, Shoulder Strap, Flat~
~AT&T Business 1GB Fiber 1GB/1GB business static line~
~Gamber & Johnson Platinum Partner~

http://www.toughbooktalk.com
http://downloads.toughbooktalk.com/
http://www.rugged575.com - 300' UHF GMRS Radio Repeater
http://www.crete600.com - 310' UHF Linked GMRS Radio Repeater


~Emergency preparedness starts with reliable communication systems above all. Pretend the internet and cell phones didn’t exist, how will you communicate? If you’re interested in learning more, ask me!~

Post Reply

Return to “Network, Server, & Board Maintenance Announcements!”