Knowledgebase

VPS has been hacked

Posted by RS Shamil, 09-10-2008, 04:27 PM
Hi, my VPS has been hacked. Though I am unsure how or even why. The root password is impossible to guess, it's an ok password and as I won't be using it again here it is: Rdc5400//jpm07-with+ALL_html(disabled?)@ There were only a few scripts on the server: vBulletin Radio DJ Panel Centovacast Kayako SupportSuite Staff Application (custom built by me) a few html files and that's all, apart from a few hundred MP3 files. The IP location is: Russian Federation Keyweb Online Limited Ip Network Resolve Host: h-87.118.70.17.keyweb.de I have done a bit of background research on it and it appears that it's a Windows Server running W2k. It is used as a spam mailing server. Those are the details of the last root login to the server and this login was made via SSH or cPanel on 9th December 2008, at 12:53 GMT, so the last backup on the node is no use since it comes from last night. I am not using any outdated or cracked/illegal files on the server. Megapowerhost has been really helpful in this matter and is re-installing the OS and attempting to recover my files. In the mean time, what should I do and what can I do to prevent this occuring in the future again?
Posted by SPaReK, 09-10-2008, 05:07 PM
Are you storing your root password anywhere on your local PC (or any computer for that matter). For example do you have the root password stored in SecureCRT (if you use SecureCRT). It is not out of the question that your local computer (or someone's) has been infected with a virus or trojan that searched around on your hard drive to find passwords and e-mailed them to someone. You may want to check your computer for viruses, trojans, and other spyware.
Posted by RS Shamil, 09-10-2008, 05:13 PM
Hi, I never store my passwords on my PC nor do I write them down - it's a wonder how I remember these passwords - my network login one is longer and worse than that. I scanned my PCs and found nothing bad at all.
Posted by SPaReK, 09-10-2008, 05:19 PM
What about your datacenter, your VPS provider. Do they keep your root password on file? I'm not all that familiar with different virtualization software, but someone that has access to the main node might then have access to all of the virtual environments on that node. What ports and services did you have running? Were they all kept up-to-date?
Posted by RS Shamil, 09-10-2008, 05:48 PM
Hi, I had only the necessary ports open for a webserver, mysql, shoutcast @ 8000, SSH and the cPanel standard ports. All softwares were kept up to date but I'm not sure if my host has my root p/w


Was this answer helpful?

Add to Favourites Add to Favourites

Print this Article Print this Article
Also Read
Anybody using @JungleDisk from @Rackspace lately? (Views: 584)
I need a list of the best resellers! (Views: 605)
Reseller hosting in Germany? (Views: 612)
hometown is down (Views: 575)
Ideas on MySQL cluster/replication (Views: 610)


Language:

Client Menu

 

Client Login

Email

Password

Remember Me

Search



  
 

Clients

Hosting

VPS Hosting

About Us

Contact Us

Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.