The Filesystem Mounted At / On This Server Is Running Out Of Disk Space.

[sylenzednuke 0]

I was just checking my forums again as I wanted to install some new mods and suddenly I found that it was hacked by SpyHackerz group...
You can view it here :- http://forums.xisto.com/no_longer_exists/

The first thing that came into my mind was to change my cPanel password but I can't even log in to my cPanel as I am getting the following error everytime I try to do so. Please Admins or anyone having any knowledge on how to solve this out please help me!

Sorry for the inconvenience!The filesystem mounted at / on this server is running out of disk space. cPanel operation has been temporarily suspended to prevent something bad from happening. Please ask your system admin to remove any files not in use on that partition.

[CrazyRob 0]

well first of all your forum can you FTP the space or access MySQL / PHPMyAdmin? as they have just defaced the index page.about the cpanel thing contact OpaQue or try in a different browser as somtimes that helps. have you read the cpanel documentation?

Edited October 11, 2006 by mxweb (see edit history)

[sylenzednuke 0]

Well, I am deleting the whole folder as I don't want to have a forum so early as my site is not even in its first stages of development and I have just started creating content for my blog and my website. The deletion is currently in progress and I am using FileZilla FTP.I can't login into the cPanel through Firefox, Flock or IE. I am going to install Opera and see if I can log into my cPanel from there.

[truefusion 3]

Wow, these spyhackerz are getting annoying. Taking advantage of security holes in scripts--mainly open-source.

[BuffaloHelp 24]

Your cpanel is not hacked. Gamma server is facing "/" directory disk full issue. That's the reason you cannot access your cPanel.Try using FTP to modify directory/file that you desire.Your forum probably was defaced because the older version of your forum opened for security exploit. It's been going around the whole net community, not just for Xisto. There's no need to be alarmed.

[Saint_Michael 3]

this is getting rather annoying, I believe we need to update the software thats being provided in the fantastico software. Or start making alert posts on the software that need to be patched and updated as well. It won't be to long til they get bored and hit us.

[CrazyRob 0]

Fantastico usually list updates in WHM like new forum updates, help desk updates ect They just nee to be set to auto install iuf OpaQues not around. the forum could always have an rss feed from fantastico to an update forum.

[TripleH13 0]

the same thing happened to me. I know they have just done something to the index but what do i do to get rid of it.

[JasperIk 0]

Will i have to do something in order to have the cpanel back up (i have a message board, but its not run from anything provided in the cpanel, its another board type- and it is working perfectly fine)...or will i just have to wait, because there isnt anything i can do? I just dont want to be waiting, for it to be fixed, and then realize...i have to fix it myself, because that would be a lot of waiting for nothing.

[Saint_Michael 3]

they somehow find a way to look at a directory and then procded to look at the coding and then implement their distruction.

[TripleH13 0]

any idea how to get rid of the page they put their?

[biscuitrat 0]

This happened to me about a week ago, but I believe I solved it for the time being. Same group, same annoying thing. As far as their procedure, they somehow infiltrate the index page of a site and replace it with their own code. They can't actually get to most of the other files. For a forum page, I'm not sure how to get it back. Your posts are probably still there, but the index page is probably gone. Get the index file again from where you downloaded the forum/theme and paste it back. You might have to change the images up or whatever, but the actual code should remain the same. It's pretty annoying, but with Movable Type, you can just rebuild and get rid of their stupid code.

[TripleH13 0]

thanks. Probally would have never figured out what to do. I just wish these guys would stop hacking peoples sites.

[michaelper22 0]

I saw the Antilost forum with the SpyHackerz message as well.
One common problem security-wise is that members often leave files chmodded at 777 - allowing open-access to anyone with some skill (I'm not lucky enough to have that skill lol). Unless absolutely necessary, you should not leave files chmodded at that value, instead leave it at 644 (for non-excutable files, and PHP scripts that are called from another script using include() or require()), or 755 (for Perl, PHP and other script files, except as noted earlier). See my tutorial on file permissions at http://forums.xisto.com/topic/41614-nix-file-permissions-an-overview/ for a quick review.
Regarding the cPanel issue, I get the same error while attemtping to access cpanel on my old (and still alive) free hosting account.

[TripleH13 0]

does anyone know exactly how i can get rid of what they did. on my index of the site it says mySQL error: Access denied for user: 'nobody@localhost' (Using password: NO)mySQL error code: Date: Thursday 12th of October 2006 07:20:58 PM I'd really appreciate if someone could help me becuase i have no clue wha to do.