I have religously kept up with my patches on a RaQ4i I have with rackshack and lo and behold, it got hacked. The perpetrator removed /var/log recursively and is now doing port scans. I literally visit Cobalt twice a day to check for patches and have applied all of them. My DNS server was off as well. What can be done to stop the hackers? Cobalt's are obviously wide open, even when guarded.

Regards,
Drew
www.cobalthost.com

Drew, what version of BIND did you have installed?

And what o/s? are the hackers still scanning of your site, the reason i'm asking this is because i have hacked hundred of sites and informed sys admins that they have a security hole in there system, and when you mentioned scanning I know exactly what they are doing.

Drop me a line if you need more help.

Hi, thanks for the follow-up. It is a RaQ4 running Cobalt's Linux.

Cobalt Linux release 6.0 (Shinkansen-Decaf)
Kernel 2.2.16C24_III on an i586

I had the DNS server disabled, as I know of several vulnerabilities for it specifically.

Drew

What ftp software were you using?

Originally posted by drewnick
I have religously kept up with my patches on a RaQ4i I have with rackshack and lo and behold, it got hacked. The perpetrator removed /var/log recursively and is now doing port scans. I literally visit Cobalt twice a day to check for patches and have applied all of them. My DNS server was off as well. What can be done to stop the hackers? Cobalt's are obviously wide open, even when guarded.

Regards,
Drew
www.cobalthost.com

Do you use telnet? or ssh? Do you use POP3? If yes, is the POP3 password different than your admin password?

Take a look at this thread for starters http://www.webhostingtalk.com/showthread.php?s=&threadid=8539