Results 1 to 6 of 6
  1. #1

    Server exploited

    Hello,

    Someone exploited my dedicated server. He made few syomlinks to essential files under the root. I have removed those symlinks.

    Can you guys show me how to search for symlinks inside all public_html of all accounts.

    In addition, what should I do to improve security of my server. someone told me that there are out of the box default config that are security unsafe; how can I remove these config and secure the server.

    Thank you
    OOzy

  2. #2
    Join Date
    Nov 2002
    Location
    Portland, Oregon
    Posts
    2,948

    Hello,

    Almost everyone here would suggest that you completely wipe and restore your server, without question, if it has been rooted.

    If you are using cPanel, I would suggest installing CSF/LFD after you wipe and reload your OS:

    http://www.configserver.com/cp/csf.html

    Hope this helps, good luck.

    | John Edel Jetfire Networks L.L.C. Trusted Hosting Solutions
    | Consistent, Reliable, Stable OpenVZ & KVM Virtual Private Servers
    | SpamWall AV & Full SMTP Filtering
    Now an SSLStore Titanium Partner!

  3. #3
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    8,910
    If the attacker gained root you're better off deploying a new server and hiring a server management company to keep things secure. Security is not a one time thing, it's an ever changing process that constantly has to be worked on. Also, once a server has been rooted it should never be trusted again, despite any reassurances from various root kit checkers, etc. Play it safe, start off fresh.
    Patrick William | RACK911 Labs | Software Security Auditing
    400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com

    www.HostingSecList.com - Security notices for the hosting community.

  4. #4
    Join Date
    Apr 2009
    Posts
    211
    YOu could use find / -type l, but resetup wins anyway.
    █▌KVM-based SSD VPS
    ▌Unmetered Dedicated Servers
    ▌Colocation at 100 Delawanna Ave, Clifton, NJ

  5. #5
    Join Date
    Aug 2005
    Location
    behind my screen
    Posts
    402
    I agree a server that has been rooted cannot be trusted time to wipe...

  6. #6
    You could try this tutorial too. The tutorial works with dedicated servers as well.
    http://www.webhostingtalk.com/showthread.php?t=468168

Similar Threads

  1. Server/script exploited
    By photoads in forum Hosting Security and Technology
    Replies: 4
    Last Post: 11-03-2006, 02:27 AM
  2. server exploited / hacked ?
    By xtreme2490 in forum Hosting Security and Technology
    Replies: 16
    Last Post: 07-28-2005, 11:01 AM
  3. Server exploited
    By fermar21 in forum Web Hosting
    Replies: 11
    Last Post: 10-22-2004, 11:20 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •