fawm.com is garbage, service is the worst except for Nima he is good, but unfortunately doesnt do anything when it comes to the servers. Elron deleted and changed my password today because he said...

"what kind of porn site is that?" mind you, I just had a entrance page. .AND! I had a good partner of mine (paid designer) working on the index.html file.. I guess he didnt even bother to look through that. The jerk just deleted all his work and changed the password.. Thanks alot!

Im just warning people about FAWM and doing business with Elron. He is claiming all this crap THAT I INSTALLED apps on the server???!!

umm.. I specifically messaged him and asked if he was offering Php, BECAUSE i would need to install a script of mine.. and he said yes...!

so watchout,
I am pissed and if you were me, you would be..2

nima had no part in this.

-George

Ok here are the facts -

The guy above signed up for a free hosting account at our website http://www.fawm.com . I have setup him the site + Jimbo's sctrict cj for him to use .

As you all know , the purpose of this hosting is to let webmaster create a porn cj site . Today i have logged into the server , and saw 3 background processes at the server , executed by the account owner above .
Not only we do not allow to use our server for shell access , he made a telnet to the server , and probablly gave the login information to some other guy who messed up with the server , he also put 5-6 TGZ files including a forum script , a topsites script , and some other files .
I checked his website , his main page had a porn logo , but when i entered the site itself , it was offering "top downloads" , and "open account today" , without any porn content , and without any banners to our program . i also saw some links to games .

He also emailed me asking to install php-nuke , and i replied to him saying clearly that we do not install , nor allow to install anything at the server .

If you want hosting for your own "projects" , go buy a paid hosting and do whatever u like , dont signup for a cj hosting and install your programs on the server .


-Elron

Why do you have telnet running instead of SSH and why was it enabled on his account to begin with?

You just put up a big flag that says HACK ME im wide open...

Elron ... just remember to take some screenshots for proof before booting a client. That's what we'll do to defend ourselves against bullshit posters.

Panther
ICQ: 52837348

bullshit replies? I have been member of this board for a very long time..Games?? what the hell are you talking about? and we had no banners of your program on the site because the site was just being created! there was 0 visitors.. it was being designed you would have known that if you wouldnt have deleted my html files.. ATLEAST you could have msg'd me and told me there was a problem. Some customer service. Bottom line, you need to learn how to deal with clients. This is the 1st time I ever say ANYTHING NEGATIVE about anyone on a board.. so Im not bullshiting, Im pissed and im letting people know what to expect from you and your services..

:mad:

Elron,

Either you're very paranoid, or completely off your rocker... or maybe a combination of the two.

To help set the story straight (which I think has gotten way off-base).

George here asked me to design a 'porn' site for him.

I designed the first splash page with an 'Enter' button... no biggie... Straight HTML/Images.

The next step was to *cough* 'Install' phpNuke (A free portal system), to be configured for his CJ script, and many others. For this installation to run properly, it needs MySQL (which you denied to give George) [ Why? I have no idea ] .. No problem, I installed it on a remote server and began with my installation.

The installation consisted of uploading the php and image files.

Naturally after acquiring his username/password for development I changed the password (with his permission) to something that was more security-focused (as I'm aware of security issues). Oh, yeah I logged in via SSH (not telnet) to change his password. I also used lynx a few times to get the dreaded "tar.gz" file of PHPNuke and later a theme. OOOH!! I'M A HACKER!!

I also gathered a script called PHPSysInfo (used to gather information about the system itself, so I would know what I could and could-not do with phpNuke and other scripts....

In all of this 5 minutes (I kid you not... 5 minutes I was on via SSH) when I go to edit some code via command line and i realized the connection was lost. I try to reconnect... no go. I figured the guy didn't like that I was in with SSH... no biggie, I've got FTP. I logged in no problem... go to find the files I've got to upload, come back and been disconnected. Went back the the domain.com and whatta-ya know... they've obviously deleted all the files in a mad-dash to keep out the evil-doer!

Here we have a case of "Duh... hrm... whut they doin? They must be hackin!"... "I'm scared! Delete the account!"...

Not cool... I can understand though if you're uninformed and paranoid though. So, if the latter holds true, you may safely dismiss this bantering.

Enjoy!

Originally posted by toker
Why do you have telnet running instead of SSH and why was it enabled on his account to begin with?

You just put up a big flag that says HACK ME im wide open...

Well said big man!

BT

None of the accounts have SSH enabled . As for his account i forgot to disable it , that's right my bad .
paranoid ? not really , i run and manage unix servers for years now , and i know exactly what u did .
When u emailed me asking me to install php-nuke , i replied to you saying that i DO NOT allow any script instalation on the account . So not only you used the fact that i forgot to disable your SSH login , you filled the server with bunch of files , ran at least 3 background processes at the server , and your site was far different then a porn CJ site .

I had all the reasons to dellete your account without any notice .
As for screen shots , do me a favor , if someone break into your house using a key u put on the table by mistake , u wont come up with a camera and take a picture of him , you will kick his ass off ur place .

-Elron

Originally posted by elron
None of the accounts have SSH enabled . As for his account i forgot to disable it , that's right my bad .

I wasn't aware that logging in via SSH was against your policy. It was my understanding that you weren't sure what software you had installed on there. Simply trying to log in via SSH happened to work for me, so I utilized that.


paranoid ? not really , i run and manage unix servers for years now , and i know exactly what u did .

What I did? Yes, I logged in, used the basic built-in-utilities to download some PHP scripts to develop his CJ site.


When u emailed me asking me to install php-nuke , i replied to you saying that i DO NOT allow any script instalation on the account .

Let's get this straight, "I" did not email you. Secondly even if you replied with "I DO NOT allow any script instalations on the account", I would have mistaken that for YOU do not personally install scripts. Seeing as you already have CJ scripts in place, you're not completley forthright about not installing 'any' script instalations.


So not only you used the fact that i forgot to disable your SSH login , you filled the server with bunch of files , ran at least 3 background processes at the server , and your site was far different then a porn CJ site .

Ah, yes, I USED YOU!!! MWAHAHA Your feabile mortal mind had forgotten! ... Who cares? At least I didn't try to log in via telnet and compromise you secrity. I even transfered files via SCP (ftp for ssh) for added secrity.

And what background processes are you refering to? If you consider a lynx operation a 'background' (alluding to un-managed) then you've not been doing this linux administration thing as long as you think you have, or IF you have, you've not learned much.

And please, the 'site' was up all of 5 minutes, not allowing any time for customization of the default phpNuke site. Had you asked one of us about this, you would have seen that it had just gone up, default install in place, and that 90% of that would have been removed... leaving the cj script in place AND removing the 'login' 'downloads' etc..

You acted too quickly for my taste (and I'm sure many others)


I had all the reasons to dellete your account without any notice .

Sure you did. *cough* paranoid *cough*


As for screen shots , do me a favor , if someone break into your house using a key u put on the table by mistake , u wont come up with a camera and take a picture of him , you will kick his ass off ur place .

If you're into making analogies, at least compair apples to apples.

In which the situation would have been:
You invite a friend over for some cofee,
You leave a note on the door that says "back-door is open" yet there is a key sitting in the keyhole at the front door. Upon opening the door there's a riddle that wont let you pass untill you figure out what the owner's favorite coffee is. So, you place a phonecall or two and find out that it's Maxwell House. You answer the riddle and pass. Now inside your kitchen you pull out your own coffee (which happens to be a Maxwell House blend and put it in the coffee machine and start brewing. Before the coffe's done brewing the owner storms in, sees a different coffee lable and turns off the coffee pot and pours out the coffee and kicks you out of his out.

What to do? ... What to do?


I highly suggest you beef up on your linux administration skills before you maliciously destroy user content.

If you're going to disable SSH/Telnet ... do it from the begining, or at least have a decent MOTD that states they're to log off NOW... oh and you could put something in there about "I'm a paranoid admin and you can't upload anything to the site except html and image files."

Don't be a dick.... Dick.

This is funny.

Originally posted by SaNteria
This is funny.

*Getting popcorn*

Pyro and MindLash, did you guys get your money back?

Originally posted by richard
Pyro and MindLash, did you guys get your money back?

Haha..

Again, I'm just the designer... however I do believe that this was a 'free' hosting deal.

So, no money spent, no money owed that I'm aware of. :D

... but I could be wrong.

FAWM is definitly free

I can see why..