Server error, please try again later

Divinum Fiat

Divinum Fiat

Well-known member
Hi all,

For some unexplainable reason I got logged out of my forum and when I try logging back in I get the message "server error, please try again later."

The page is frozen at that error page and no matter what tabs I click, I can't move away from the error page.

Does anyone have an idea of what this could be related to (my other domains, that share the same server, are up and running fine)?
 
Sort by date Sort by votes
I can't see any access to the server itself (despite the fact it was pretty insecure). That should now be fixed.

With regards to the admin account, I can't answer that, as I can't see anything obvious from the access logs. I'm happy to PC anyone who wants to know what I've been looking at to see if they can see or suggest anything?
 
Upvote 0 Downvote
Blueprint4Love said:
Hi Cool, thank you for your post. I'm not quite sure my understanding of tech is polished enough to understand what you are saying. Maybe someone else knows?

Jake is looking into things now. It's not just doing the back up restore, it's also fixing the hole they dug so they can't get back in. It seems to have been pretty easy for them to do.
Click to expand...


ohhh yes...sorry...unfortunately it´s a bit like another language at that therm but the nice guys helping you
will/have understand it... and my english isn´t verry fine tuned because never had english lessons at my time.

but for you personally is one thing important:

everthing is totally open/uncleare and you don´t know what was/is going on at the server
Click to expand...

??? IF ??? the server was compromised from a middle-grade intelligent attacker you will never ever hit/find
any logs or other signs about this.
and just knowing about that it may be happen (compromised) would get me personally sleepless nights.
because as a owner of a server are allways YOU responsible for the server and in worst case can cost you a lot of money.

??? IF ??? the attacker installed a backdoor...you will never know when the attacker will vistit again. just with that in mind i would be nervous all the time.

this sounds may a bit to scary...but thats how live is to day.

so you may should think of a new install of the server (komplete clean new install ) just for to be sure that everything is ok and clean.

another thing may is to think about "do you really need a own server" ???

most software will just run fine on normal webspace if you don´t have a really really havy site/sites with thousands
of visitors a day.

i can just give you some ideas to think on...the decision will be your own.
 
Upvote 0 Downvote
Thank you, Cool! Your English is just fine! It's the technical part that I don't understand (and English is not my first language either). :-)

So would a shared server be better? The challenge is that I have several other websites that I host on this server too. I would have to get individual shared hosting for those, which would end up costing me more than having this one VPS server.
 
Upvote 0 Downvote
Cool said:
another thing may is to think about "do you really need a own server" ???
Click to expand...
For someone as technically un-savvy as Blueprint4Love, an unmanaged VPS certainly isn't the way to go. It appears Hostgator have told her it's an unmanaged VPS that she is responsible for keeping updated, however, on their website, it clearly states that if you have CPANEL (which she has), then they will manage the server.......which it appears they are not doing.

Looking at the traffic stats for the site, and the post count, a VPS is over kill in my honest opinion. Especially for what she is paying out each month to Hostgator.

Also, in my opinion, if someone had actually got access to the server itself, in most cases, ALL the sites hosted on the server are defaced / taken down. In this instance, it was only a replacement of the post messages in the xf_posts table. That could have been done through phpMyAdmin if they managed to guess the username and password for this particular hosting account. This has since been changed to a complex random password, rather than a dictionary word with numbers on the end.
 
Upvote 0 Downvote
Matt, I would never get an unmanaged VPS server, the server would be messed up instantaneously. What I meant is, would it be better to get a regular HostGator account that is shared with other people (I really don't know how this works)?
 
Upvote 0 Downvote
MattW said:
For someone as technically un-savvy as Blueprint4Love, an unmanaged VPS certainly isn't the way to go. It appears Hostgator have told her it's an unmanaged VPS that she is responsible for keeping updated, however, on their website, it clearly states that if you have CPANEL (which she has), then they will manage the server.......which it appears they are not doing.

Looking at the traffic stats for the site, and the post count, a VPS is over kill in my honest opinion. Especially for what she is paying out each month to Hostgator.

Also, in my opinion, if someone had actually got access to the server itself, in most cases, ALL the sites hosted on the server are defaced / taken down. In this instance, it was only a replacement of the post messages in the xf_posts table. That could have been done through phpMyAdmin if they managed to guess the username and password for this particular hosting account. This has since been changed to a complex random password, rather than a dictionary word with numbers on the end.
Click to expand...
Thank you for your all your feedbacks MattW, reading them is very interesting.
 
Upvote 0 Downvote
that is really not easy to answer without knowning about your requirements.

to find the right hoster is also not a "one day" task. it often require a lot of research and very often you just have to "learn your lessions" and "pay for misstakes".

eaven recommendations from others can work fine for some one and don´t work for another at all.
so this has been and is allways confusing. sometimes a big hosting company is just the right decision for one and for the other is a small flexible hosting company much better.

but you can pm me some answers on:

1) where have the hoster/server to be located (us, europe or what ever)
2) where does the most of your visitors come from
3) what is the max. ammount you will pay
4) what is the monthly traffic your server produce
5) how many domains should be possible at a account
6) where do you manage your domains (same as server or external )

this should work out to find your requirements.
and i can try to may give you some help on a decision wich you also should discuss wich people you trust.

and no...i don´t have any financial interests to helping you.
 
Upvote 0 Downvote
So, to clear things up for everyone who has helped out in this thread.

Blueprint4Love's host spent a few hours going through the server as well last night, and went over the cpanel history. They could see one of the proxy IP addresses accessing cpanel, and performing database changes through phpMyAdmin.

Basically, the VPS' WHM/Cpanel set up hadn't previously been secured, so this brute force on her cpanel account could have been going on for months unnoticed. The original password was a dictionary word with 3 sequential numbers on the end of it :oops: . Password is now a random string. The control panel has also been secured with cPHulk and the WHM / Cpanel security policy updated to also require 4 questions to be answered if you are connecting from a previously un-authorised IP address. Hopefully this should fully protect the control panel now from unauthorized access.
 
Upvote 0 Downvote
Nice work Matt - very good of you to help out and sounds like you did a cracking job ... and no need to move everything to another server (phew!!!). (y)

Blueprint4Love - glad it all worked out okay and you can carry on regardless now knowing that things are sorted and your sites/server are secure again. Always a worrying time when things go a bit out of control and you don't know what to do, but always a releif too when they finally get fixed up. :coffee:

The story, in smilies:

B4L - :eek:
Team XF - o_O
B4L - :cry:
Team XF - :cautious::sneaky:;)(y):D
B4L - :notworthy::love:
 
Upvote 0 Downvote
Sorry to break the bad news. My site was hacked AGAIN yesterday, for the third time. :( Matt says "they" also exported the database this time. Tables are missing again and the site has been down again since yesterday. According to Matt, the server was not accessed (they access the cpanel).

Hostgator sent an email late last night saying that their investigation shows no one suspicious accessing the cpanel and that they have restored the database and that the website is up and running. Unfortunately it's not. I just got up and the site is either still down or down again.
 
Upvote 0 Downvote
The server hasn't been hacked, that's the thing. They only hack the cpanel but I can't figure out how. I ran 3 software (Malware bytes, MS security essentials and Spybot search and destroy) to see if there are any keylogging viruses installed, and it doesn't seem so. It's mind boggling.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

JoyFreak
Not a bug An unexpected error occurred. Please try again later.
Replies
3
Views
176
JoyFreak
JoyFreak
sneakyy
  • Question Question
XF 2.2 An unexpected database error occurred. Please try again later.
Replies
7
Views
226
sneakyy
sneakyy
sam2019
  • Question Question
XF 2.2 An unexpected database error occurred. Please try again later.
Replies
2
Views
496
Paul B
Paul B
Ferdinand
  • Question Question
XF 2.2 An error occurred while connecting with Linkedin. Please try again later.
Replies
7
Views
608
tom3
tom3
vinnymickey
  • Question Question
XF 2.2 An unexpected database error occurred. Please try again later.
2
Replies
22
Views
2K
Suzanne O
Suzanne O
Top Bottom