Results 1 to 7 of 7
  1. #1
    Join Date
    Sep 2009

    How did my developer get access to my server after I deleted his FTP user account?


    I have been working with my developer for a while. He used to have access to the root folder a while ago. I have then seen some strange activity on the server 1 month ago. Therefore I have restricted access to a specific folder that he needs to work on, and changed the cpanel and WHM passwords so he won't access it.

    Today I fired him, however right before I fired him I deleted all his user accounts, so he won't access the server. He then somehow accessed my server a few hours later and overwritten all my new files with some old files I previously has.

    When I submitted a ticket regarding this, softlayer couldn't find a trace of him logging in to the specific directory . Then I spoke with softlayer again and they said that he might have opened a backdoor if he had access to my previous files.

    How might this happen? Were can I find a service that patch up the open holes he got int through?

  2. #2
    Join Date
    Apr 2009
    You shouldn't have allowed him access to your production server at all. What I do is get a VPS and let the developer work on there. I manually transfer the changes to the production server. I think you should consider something like this in the future.

  3. #3
    Join Date
    May 2008
    Looks like he didn't get what he wanted for his/her job and just removed it.
    He probably wrote backdoor into his project so in case he get fired or scammed he could just delete his work.
    I might be wrong.

  4. #4
    Join Date
    May 2006
    NJ, USA
    Or a ssh key.
    simplywww: directadmin and cpanel hosting that will rock your socks
    Need some work done in a datacenter in the NYC area? NYC Remote Hands can do it.

    Follow my "deals" Twitter for hardware specials.. @dougysdeals

  5. #5
    Join Date
    Dec 2010
    Maybe he was uploaded a Perl Script for acces like FTP.

  6. #6
    Join Date
    Oct 2010
    Hosting is like a box of chocolates, you never know what you're gonna get.

  7. #7
    Join Date
    Jan 2003
    Budapest, Hungary
    Probably a backdoor. You should check the scripts. Also if he had root, you probably should rkhunt and chkrootkit also.
    Also look for additional software running and listening, like in inetd.conf or in linux you can find out which software is listening by using 'netstat -ln' command, in freebsd it's easier to use sockstat -l, in windows as far as i remember it's netstat -nb
    Last edited by Azar-A; 06-06-2011 at 09:33 PM. website / e-mail: info @
    HU/EU Co-Location / Managed and Unmanaged VDS & Dedicated servers in Hungary with unmetered connections

Similar Threads

  1. Remote backups with user ftp access
    By RW-Steven in forum Running a Web Hosting Business
    Replies: 5
    Last Post: 03-19-2007, 02:53 AM
  2. FTP access for user
    By anlene in forum Hosting Security and Technology
    Replies: 3
    Last Post: 06-05-2006, 12:24 PM
  3. ftp from SSH as user and access / (root)
    By .com in forum Hosting Security and Technology
    Replies: 2
    Last Post: 09-04-2003, 06:38 AM
  4. how do i create a root user with ftp access to entire server?
    By kimrari in forum Hosting Security and Technology
    Replies: 10
    Last Post: 05-21-2003, 06:37 PM
  5. Restrict access for ftp user?
    By keyDet79 in forum Hosting Security and Technology
    Replies: 3
    Last Post: 04-20-2003, 05:44 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts