What you would like to do ?

Gineey · Post #1 (**permalink**) 11-06-2005, 08:29 AM

Hey it is not common; but anybody can face- What you do if your server got hacked ..?

Dediwebhost.com · Post #2 (**permalink**) 11-07-2005, 07:34 PM

What kind of box is it? A co-location box or a dedicated server that you leased from a provider?

Is it a fully managed server of unmanaged server?

Gineey · Post #3 (**permalink**) 11-08-2005, 04:15 AM

What is the differeance if it is co-location box or a dedicated server ? is that matter in Server Hacking Case ??

rootsupport · Post #4 (**permalink**) 11-08-2005, 08:15 AM

First change the root password, and get your security administrator to check the complete server and remove all vulnerable scripts, delete unwanted users if they have been created etc...

sparkstation · Post #5 (**permalink**) 09-21-2007, 03:55 AM

Reinstall get a firewall and monitoring software

indyamail · Post #6 (**permalink**) 10-29-2007, 12:59 PM

Hire a Serveradmin who can take care of the same for you . There is no reason to waste time trying to learn and play around (unless youre sites can risk that). Get a server admin or choose a host that provides some managed solutions.

I'm sure things will work out just fine

dbihosting · Post #7 (**permalink**) 01-01-2008, 07:03 PM

Hopefully you have a backup of your data. Wipe the box and move the accounts over to another server.

Matthew · Post #8 (**permalink**) 01-02-2008, 10:12 AM

I supported mainly Windows servers. When ever there was a breech reported by a client it was always some old script that they had installed where a "hacker" or kiddie hacker basically uploaded a file browser and replaced the users index file. Only the account was effected and the server was not attacked.

In the one case where an actual server breech happened it was related to a vulnerability in the mail software where no fix was available at the time of the hack. For that case a complete reinstal and restore of data was done (minus the bad software).

vpsville · Post #9 (**permalink**) 01-31-2008, 10:25 AM

It depends on the hack. Most hacks occur because of insecure passwords or default security settings. If you are hacked, look there first.

A firewall does nothing in these cases but everyone seems to think they are the bee's knee's.

Word of advice, secure the system fully and THEN install a firewall. Don't rely on a firewall and don't expect it to secure a webserver or mailserver. Those services require open ports anyway.

shockym · Post #10 (**permalink**) 01-31-2008, 09:47 PM

Quote:

Originally Posted by rootsupport

First change the root password, and get your security administrator to check the complete server and remove all vulnerable scripts, delete unwanted users if they have been created etc...

I would go with:
- make sure their not still in the box to start with

- stop all processes you have no idea what they are
(esp. if they are some type of cron job running that you did not auth.)

- change passwords
(if its a hosting box, start changing all clients pwds too)

- continue to work to fix the expolitation point and fix

- send someone out for coffee and/or Mt. Dew........it could very well be an all nighter you pull if you are doing this alone.