Results 1 to 10 of 10
-
05-05-2011, 05:14 AM #1Newbie
- Join Date
- May 2011
- Posts
- 9
I believe my server has been hacked. Advice needed!
My CentOS 4.3 (yes it's old) dedicated server seems to always halt and become inaccessible at around 10PM-Midnight everyday. I checked my netstat and found the following:
Code:tcp 0 560 ns2.1337gamer.net:ssh 173-26-2030.client.m:55189 ESTABLISHED
-
05-05-2011, 05:49 AM #2Temporarily Suspended
- Join Date
- Feb 2004
- Location
- UK
- Posts
- 1,431
Firstly
I'd change your passwords,
Then secure it by limiting who can access the server by IP (so only your ip can access it)
then generate a Key using putty on your PC and make it so only you have that key to access the server.
Other than that I cant think what else to suggest from the information you have provided.
Thanks
-
05-05-2011, 02:58 PM #3WHT Addict
- Join Date
- Dec 2010
- Location
- Orange County, CA USA
- Posts
- 136
-
05-05-2011, 03:05 PM #4Russ
- Join Date
- Mar 2002
- Location
- Philadelphia, PA
- Posts
- 2,517
Disable SSH for non-root users, create an SSH account that you use to su - or sudo.
Take advantage of hosts.deny/hosts.allow to restrict SSH access to particular hosts and deny all others.
Enable additional SSH restrictions, timeouts, maximum attempts before disconnecting etc.
-
05-05-2011, 03:08 PM #5Web Hosting Master
- Join Date
- Mar 2009
- Posts
- 3,816
They potentially already have ssh access on an old version of centos that may or may not have local root exploits and you're not planning on a OS reload?
-
05-05-2011, 03:09 PM #6WHT Addict
- Join Date
- May 2009
- Location
- /dev/null
- Posts
- 171
█ NiX API - A powerful Anti-Proxy/Anti-Fraud and IP Reputation Lookup API
█ nixapi.com
-
05-05-2011, 03:10 PM #7Web Hosting Master
- Join Date
- Mar 2009
- Posts
- 3,816
-
05-05-2011, 03:17 PM #8WHT Addict
- Join Date
- May 2009
- Location
- /dev/null
- Posts
- 171
█ NiX API - A powerful Anti-Proxy/Anti-Fraud and IP Reputation Lookup API
█ nixapi.com
-
05-05-2011, 05:38 PM #9Newbie
- Join Date
- May 2011
- Posts
- 9
Thank you everyone for your suggestions. The first thing I did was changed my root password, disabled FTP, and SSHD. I will try to create users and su to root, and some of the suggestions. I already have a new server up ready to migrate everything over.
Attached is an updated netstat log.Last edited by hanime; 05-05-2011 at 05:42 PM.
-
05-05-2011, 05:49 PM #10Hello World
- Join Date
- Nov 2009
- Location
- /etc/my.cnf
- Posts
- 10,657
Similar Threads
-
Server hacked--needed help
By lotsoflove in forum Systems Management RequestsReplies: 16Last Post: 08-16-2008, 01:25 AM -
Just got hacked...NEED advice!
By sir_han in forum Hosting Security and TechnologyReplies: 18Last Post: 06-20-2007, 10:14 AM -
server hacked ... advise needed
By XMLxp in forum Hosting Security and TechnologyReplies: 16Last Post: 10-31-2005, 07:02 PM -
Investigating a Hacked Server: Advice Requested
By Dan Grossman in forum Dedicated ServerReplies: 22Last Post: 07-23-2005, 11:44 AM -
Server hacked - seeking advice
By nogi in forum Hosting Security and TechnologyReplies: 31Last Post: 12-29-2003, 03:19 AM