Knowledgebase
server hacked
| Posted by addieparker, 08-24-2009, 01:27 AM | | root@superserver1 tmp]# who
[root@superserver1 tmp]#
I can not see any other users and top shows 0 users. /var/logs was removed, I have restored it changed the root password but this was removed again
lots of scritps was removed from /tmp
please help me
|
| Posted by eth10, 08-24-2009, 02:11 AM | | Change all your passwords like cPanel,WHM,FTP using openssl tool
openssl rand 12 -base64
|
| Posted by alanzkorner, 08-24-2009, 02:30 AM | | Hello,
Are you accessing your machine remotely, if yes what I would recommend as an immediate help is to contact your DC techs and ask them to help into this or seek professional help .
You can check using the last | less command if any one has logged in as root to the server , if no strange IPS found it can be happening through loopholes in any 3rd party softwares installed on the server ,
Also now You should change the ssh port to another one , if it is a direct root hack
You can do it by
1. From your terminal session, edit /etc/ssh/sshd_config
vi /etc/ssh/sshd_config
2. Look for the following line:
#Port 22
3. Change the line so it looks like this:
Port 2995 ( keep a custom port number as you like it )
4. Save and close the file
5. Load the new configuration by using the RedHat service command
6. service sshd reload
You can check your apache error log to see if anything unusual is noted
Tell us your server OS version , if any control panel is installed its name ( like CPANEL , webmin ) e.t.c for further help .
Following are the steps for server securing that you should perform once the issue is fixed to prevent hacking issue to an extent, but right now seek professional help if you feel it is really critical situation .
#######################################################################
".
|
|
 Add to Favourites
 Print this Article
|
Also Read
How is EZPZ? (Views: 653)
