What you would like to do ?
- Thread starter Gineey
- Start date
Dediwebhost.com
New member
What kind of box is it? A co-location box or a dedicated server that you leased from a provider?
Is it a fully managed server of unmanaged server?
Is it a fully managed server of unmanaged server?
rootsupport
New member
First change the root password, and get your security administrator to check the complete server and remove all vulnerable scripts, delete unwanted users if they have been created etc...
sparkstation
New member
Reinstall get a firewall and monitoring software
dbihosting
New member
Hopefully you have a backup of your data. Wipe the box and move the accounts over to another server.
I supported mainly Windows servers. When ever there was a breech reported by a client it was always some old script that they had installed where a "hacker" or kiddie hacker basically uploaded a file browser and replaced the users index file. Only the account was effected and the server was not attacked.
In the one case where an actual server breech happened it was related to a vulnerability in the mail software where no fix was available at the time of the hack. For that case a complete reinstal and restore of data was done (minus the bad software).
In the one case where an actual server breech happened it was related to a vulnerability in the mail software where no fix was available at the time of the hack. For that case a complete reinstal and restore of data was done (minus the bad software).
It depends on the hack. Most hacks occur because of insecure passwords or default security settings. If you are hacked, look there first.
A firewall does nothing in these cases but everyone seems to think they are the bee's knee's.
Word of advice, secure the system fully and THEN install a firewall. Don't rely on a firewall and don't expect it to secure a webserver or mailserver. Those services require open ports anyway.
A firewall does nothing in these cases but everyone seems to think they are the bee's knee's.
Word of advice, secure the system fully and THEN install a firewall. Don't rely on a firewall and don't expect it to secure a webserver or mailserver. Those services require open ports anyway.
shockym
New member
I would go with:
- make sure their not still in the box to start with
- stop all processes you have no idea what they are
(esp. if they are some type of cron job running that you did not auth.)
- change passwords
(if its a hosting box, start changing all clients pwds too)
- continue to work to fix the expolitation point and fix
- send someone out for coffee and/or Mt. Dew........it could very well be an all nighter you pull if you are doing this alone.
Latest posts
-
-
-
-
Looking for a VPS with cheap directadmin license
- Latest: GlowHost-Sales
Forum supporters
Save 37% Off Plesk License
Official Plesk Partner, Instant License Delivery, No Contract Commitment. Grab Your Savings NOW!
cplicense.net
Official Plesk Partner, Instant License Delivery, No Contract Commitment. Grab Your Savings NOW!
cplicense.net
Up to 30% Off on KVM VPS
Significant discounts on KVM VPS SSD. Worldwide Locations. Full Root Access. Instant Deployment.
greenwebpage.com
Significant discounts on KVM VPS SSD. Worldwide Locations. Full Root Access. Instant Deployment.
greenwebpage.com