Will pay for help solving issue ASAP

[kiladila]

Have very big problem with rapidleech server: www.leechking.com

Somebody with IP 95.211.100.XXX stealing my RapidShare accounts and drainin all traffic from it. I can't do anything even password change not helping.

What i have done: first of all reintalled OS to Linux Ubuntu, than changed my root, mysql, admin zone pass. Added extra security to admin zone (additional server side login), changed all RapidShare premium passwords.

And nothing, in the next day same fucked IP is showing in RS logs: 95.211.100.XXX

I have dedicated server OVH.

I want to ask help i can pay for solving this issue.

 

[Sponge Bob]

Hey you can ban that IP from accessing your server.

Are u yet using Ubuntu?

Thanks

 

[indahouse]

Deny all access from this ip with the firewall.

using this command with iptables

iptables -I INPUT -s 95.211.100.0/24 -j DROP

 

[Sponge Bob]

Hey follow this tutorial it will help you to block the ip

http://www.cyberciti.biz/faq/how-do-i-block-an-ip-on-my-linux-server/

Let me know if it worked

 

[kiladila]

No you don't get it. Somebody is connecting to my Rapidshare accounts using my logins and pass with IP 95.211.100.XXX

I have more than 50 premium accounts. Have changed all (!) passwords 2 times. All server passwords changed too. No trojans or stealers possible...

 

[indahouse]

In leechking are the new accounts passwords¿

Block http access from this ip to your site.

 

[vizoomer]

hmm ... just do one best thing ... e-mail rapidshare to do something on this issue !!

 

[kiladila]

Yes i have emailed today. And bllocking this IP wont help 100%

 

[vizoomer]

/\/\ true ... as it's related to rapidshare not ur site ... then only thing is to be done is by rapidshare right now as u have tried ur best .... btw if possible also try to change the e-mail and pass both of all the accounts !

 

[BlaZe]

Do you use the same password on every account ?
Use a 32 character strong password.
Generate one from here : http://wgtools.com

 

[FancyPants]

95.211.100.XXX <-- maybe that is your server's IP? 0.o

 

[kiladila]

@edavreda i'm not stupid, this is not my IP.

@BlaZe i'm using same password and have chagned only password but not email. But i have changed gmail pass. Not helped.

 

[vizoomer]

dude change the emails and pass of the rs accounts !

 

[kiladila]

Well i will try to change both email and pass not only pass but anyway how somebody manage to get my RS pass so fast? Even after gmail pass change...

 

[vizoomer]

maybe he got the email ... maybe .... or maybe ur pc is being keylogged .... chk for that

 

[kiladila]

NOT this is not possible. After firs steal i have reintalled OS to Ubuntu, and shanged all passwords from it.

 

[vizoomer]

OS of ur server right ? ... not ur pc .... ( just guessing as thts the only way left to get the info )

 

[kiladila]

Changed my PC OS not server. Server fresh (1 week after install).

 

[Sponge Bob]

It can be that there is a loophole on your site that can be showing the passwords for the account.

Let me see if there is a loop hole or anything

 

[kiladila]

What you mean by "loop hole". I have set up password protect on sensitive dir like admin panel. Password protect is done using web server auth. I'm not sec expert that why i'm asking help here for sec autid, will pay for that if someone can prove and get RS details from server without my help.