New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
cysc.spamvertized.url.website
My VPS has told me they have received report from clean-mx.de I have this virus in title and since this is the second time they have to wipe my drive and start over. I am pretty sure this is false positive and what is this virus anyway? There is nothing about this virus on google.
Is this normal? Should I find new VPS who ignores this kind of annoyance?
Comments
Stop leaving your VPS vulnerable to attacks. Also your VPS told you? That's interesting.
Change your root password, install fail2ban, stop installing stuff that is exploitable.
Don't use Root, don't use passwords! Jesus christ, some people..
Maybe the backup you keep restoring to the server has compromised files in it.
cysc.spamvertized is a name for hacked webpages (either via ssh or vulnerable scripts running on your website) that redirect visitors to spam sites. Your VPS may well be infected without you knowing it. You should start from scratch (do not just restore an old backup) and rethink you security policies.
Have you checked your local PC for keyloggers and suchlike? That could also have been a point of entrance for the hack.
Do this sites have to be in php to to redirect to spam sites? Because my site is only html javascript.
I ran a script in my SSH daemon that would email me on anyone successfully logging into my server. I left it on port 22, and installed fail2ban for basic protection. I then made sure I had a strong password that was around 10 characters with caps / numbers. That server was never hacked, even though root password logins were enabled.
Though it isn't as secure as other methods, you can make a ssh root / pass login very difficult to break into.
On that note, I still suggest people use key based logins instead of password based ones.
No.
then the only that could happen here is, because I am running landing page, the page of course redirect to offer page which could also be a link in someone else's spam, not by me. But, this company reports my website and bunch of others similar landing pages. This is not right and it's doing damage to my business
If it's doing damage to your business, maybe you should pay to a sysadmin to do this stuff for you. Just a friendly recommendation.
what do you mean? False reports are doing damage, sysadmin is not solution to that
Who is your VPS provider? I doubt they are false reports.
How have you secured your VPS after you bought it/it has been wiped?
VPS is Corgitech. It's not VPS who is doing reports. It's the german anti spam company clean-mx.de known for sending false reports. Vps is secured with no root login, auth with key on port different than 22, fail2ban and i dont even know what else.
Clean-MX.de looks really scummy, do some research into them.
You're running a link shortener? Looks like you may be assisting a spammer or something. Reports don't come in consecutively for no reason.
No link shortener
I doubt that Corgitech, which as far as I know, is a reputable provider, is suggesting to wipe your VPS, without any further investigation, because some random third party is sending them false reports.