Results 1 to 9 of 9
Thread: Server hacked maybe?
-
05-03-2011, 10:22 PM #1Disabled
- Join Date
- Sep 2010
- Posts
- 627
Server hacked maybe?
Does anyone know what could cause this?
Server goes down randomly at 5AM.
Server comes back 1h 09m later. Uptime has reset.
Emails are not sending. I look into the issue - the problem is that "/" is chmodded to 777. I didn't do this, and I have no scripts that can do this.
Nothing else appears to have been changed.
Nothing out of the ordinary in access logs, no bruteforce attempts or anything. FTP password is secure (12 character lowercase+uppercase+numbers). Root password is even longer and more complicated. Both FTP and SSH are on non-standard ports.
No user accounts have been added.
I ran a full ClamAV scan which found nothing.
Does this sound like a hacker or some random bug?
-
05-03-2011, 10:54 PM #2Web Hosting Master
- Join Date
- Sep 2004
- Location
- Miami, FL
- Posts
- 2,762
Doesn't sound like a hacker to me. The only thing it really sounds like is a script running in the background or perhaps a Cron Job doing whatever it is doing.
If it is only happening at around 5AM then it should and would most probably be a cron job running. Check all your crons and see which is causing the problem. Also check everything which is running, maybe a script it doing it as well.Aaron Ong
Dedicated Servers - 100TB Servers - 100Mbps Unmetered Servers - Web Hosting - CDN Network
Servers in Central, East/West Coast USA, EUROPE and ASIA
Welltodo Century - www.welltodocentury.com
-
05-03-2011, 10:55 PM #3Disabled
- Join Date
- Sep 2010
- Posts
- 627
Only cron I have running is DDoS-Deflate.
This has never happened before, just today. I changed nothing to cause this.
-
05-03-2011, 11:30 PM #4Web Hosting Master
- Join Date
- Sep 2004
- Location
- Miami, FL
- Posts
- 2,762
Is it a new install? What is on there?
Aaron Ong
Dedicated Servers - 100TB Servers - 100Mbps Unmetered Servers - Web Hosting - CDN Network
Servers in Central, East/West Coast USA, EUROPE and ASIA
Welltodo Century - www.welltodocentury.com
-
05-03-2011, 11:35 PM #5Disabled
- Join Date
- Sep 2010
- Posts
- 627
Not new install, been going for a few months now.
I run MySQL (all remote access blocked with iptables), nginx httpd, svnserve, vsftpd.
-
05-03-2011, 11:39 PM #6Web Hosting Master
- Join Date
- Mar 2009
- Posts
- 3,816
you have / chmoded 777 and your system still works?
-
05-03-2011, 11:40 PM #7Disabled
- Join Date
- Sep 2010
- Posts
- 627
-
05-04-2011, 12:05 AM #8The Linux Specialist
- Join Date
- Mar 2003
- Location
- /root
- Posts
- 23,991
If it is rebooting by itself, then you need to check your hardware too.
Specially 4 U
Reseller Hosting: Boost Your Websites | Fully Managed KVM VPS: 3.20 - 5.00 Ghz, Pure Dedicated Power
JoneSolutions.Com is on the net 24/7 providing stable and reliable web hosting solutions, server management and services since 2001
Debian|Ubuntu|cPanel|DirectAdmin|Enhance|Webuzo|Acronis|Estela|BitNinja|Nginx
-
05-04-2011, 12:06 AM #9Disabled
- Join Date
- Sep 2010
- Posts
- 627
Similar Threads
-
Can my blog be hacked on shared hosting if my neighbour is hacked?
By zobe in forum Hosting Security and TechnologyReplies: 17Last Post: 03-10-2011, 04:09 AM -
Server hacked : how can I find out how they are uploading files to my server?
By listenmirndt in forum Hosting Security and TechnologyReplies: 4Last Post: 04-14-2007, 12:44 PM -
Server is hacked!~ which company provide secure and fast VPS server?
By kittyyau in forum VPS HostingReplies: 6Last Post: 08-24-2006, 04:11 PM -
Plesk server hacked, hiring to move clients to new server
By DaveNET in forum Employment / Job OffersReplies: 3Last Post: 07-30-2005, 09:56 PM -
Is my server hacked? Huge data is uploaded from server !!
By wmac in forum Web HostingReplies: 5Last Post: 08-05-2001, 10:50 PM