Results 1 to 12 of 12
Thread: Server Hacked
-
03-27-2012, 02:45 PM #1WHT Addict
- Join Date
- Sep 2011
- Posts
- 144
Server Hacked
Hi, anyone know any company providing server management service which is cheap? Our server got hacked and we want to investigate, remove infected files, and server hardening, and also check the intruder log for what they have done too. Company are welcome to pm me. Urgent! Thanks guys!
-
03-27-2012, 02:59 PM #2Hello World
- Join Date
- Nov 2009
- Location
- /etc/my.cnf
- Posts
- 10,657
-
03-27-2012, 03:00 PM #3Web Hosting Master
- Join Date
- Mar 2003
- Location
- Canada
- Posts
- 9,072
No advice for a server management company, but please don't cheap out on this... this is something important and if you were rooted (admin access gained for the entire server) then your safest bet is to format the server, start clean and move on. The concern with cleaning up a compromise is not knowing with 100% certainty that everything is safe. I'm not saying don't investigate how this happened, but for your peace of mind it's probably better to start over.
I would also consider hiring a server management company that us proactive in keeping your server up to date, staying on top of security patches, monitoring everything, etc. If you were hacked once, you'll probably be hacked again. It's just well worth it to spend the extra $$$ and have someone stay on top of these for you if you're not able to.
-
03-27-2012, 03:09 PM #4WHT Addict
- Join Date
- Sep 2011
- Posts
- 144
Ok. I would setup a new server anyway. Which company you would recommend to do hardening, security issue?
-
03-27-2012, 03:20 PM #5Hello World
- Join Date
- Nov 2009
- Location
- /etc/my.cnf
- Posts
- 10,657
I wish everyone thought like this however some people only use a management provider when the **** hits the fan then expects to pay peanuts to clean up a whole load of mess...
I could make more working in wendys then what some people around here are prepared to pay for management
Chances are the files are infected with afew nastys so simply upping sticks and transferring data would likely yield the same problem in future.
All the files will need to be scanned, etcLast edited by Server Management; 03-27-2012 at 03:23 PM.
-
03-27-2012, 04:39 PM #6Junior Guru
- Join Date
- Apr 2008
- Location
- UK
- Posts
- 239
Yeah as Patrick said - don't go for a cheapo 20 dollar an hour for security - get someone who knows what they are doing !
-
03-27-2012, 08:55 PM #7Disabled
- Join Date
- Feb 2010
- Location
- Worldwide
- Posts
- 61
Amen brotha!
-
03-28-2012, 12:22 PM #8Web Hosting Guru
- Join Date
- Mar 2012
- Posts
- 287
You'll need to spend a little (but not necessarily a lot!) to get the quality support necessary for custom server hardening. More often then not, servers are hacked through the website code... weather it be outdated CMS or software written by a programmer without security in mind. If that's the case, and you choose a company that's just going to apply some updates and "secure the server" the security hole might still be there! You'll need a support group that's willing to find and patch the actual exploit regardless of where it is.
-
03-28-2012, 05:36 PM #9WHT Addict
- Join Date
- Mar 2010
- Posts
- 140
Rightly said. The hack - assuming it has - could have happened at the OS or service level or application level. One would need to check at all levels.
Ideally a thorough vulnerability assessment and penetration test should be done but if you have a small or standard application suite with not much changed, you may need to focus more on the OS/services.
Also agree with the advice on rebuilding the server and reinstalling - if it has been compromised, rootkits, etc, would leave it almost permanently unclean.
BTW - what OS and application suite are you using?
Cheers!Last edited by sam9; 03-28-2012 at 05:38 PM. Reason: typos
-
03-28-2012, 05:56 PM #10You broke the internet!!
- Join Date
- Oct 2005
- Location
- Internet
- Posts
- 1,161
For your needs I would recommend platinumservermanagement.com -- they are cheap ($29 month) and do everything any other server tech will, except they aren't proactive which isn't what you really need.
They will do anything for you and get it done within 24 hours, usually an hour. Unless you need quick constant proactive service, use these guys. Your only going to be paying for faster service.
-
03-28-2012, 06:11 PM #11Disabled
- Join Date
- Dec 2010
- Location
- 127.0.0.1
- Posts
- 5,732
I agree with restarting, maybe format the Server to Centos 5.5, then secure your server, Install cPanel, setup cPHulk Brute Force Protection, Shell Fork Bomb Protection, Enable Traceroute, do EasyApache; ensure you have: Apache 2.2.22, PHP 5, 5.3.10, Mod Security, Suhosin for PHP, Zend Optimizer/Guard Loader for PHP. Disable: Frontpage and Magic Quotes and Enable Mysqli and anything else you want / remove and then build it.
Set up CSF, and do check server security and fix the warnings, install: ConfigServer Explorer, ConfigServer Mail Manage, ConfigServer Mail Queues and ConfigServer ModSec Control.
And a bit more but that's the drift of hardening your server.
-
03-28-2012, 10:42 PM #12Junior Guru
- Join Date
- Apr 2006
- Location
- Bogota, Colombia
- Posts
- 215
Ultimateservermanagement.com is a good company. They will help you no doubt. No cheap.
Similar Threads
-
Can my blog be hacked on shared hosting if my neighbour is hacked?
By zobe in forum Hosting Security and TechnologyReplies: 17Last Post: 03-10-2011, 04:09 AM -
Server hacked : how can I find out how they are uploading files to my server?
By listenmirndt in forum Hosting Security and TechnologyReplies: 4Last Post: 04-14-2007, 12:44 PM -
Server is hacked!~ which company provide secure and fast VPS server?
By kittyyau in forum VPS HostingReplies: 6Last Post: 08-24-2006, 04:11 PM -
Plesk server hacked, hiring to move clients to new server
By DaveNET in forum Employment / Job OffersReplies: 3Last Post: 07-30-2005, 09:56 PM -
Is my server hacked? Huge data is uploaded from server !!
By wmac in forum Web HostingReplies: 5Last Post: 08-05-2001, 10:50 PM