Results 1 to 20 of 20
-
09-20-2013, 01:22 PM #1Junior Guru Wannabe
- Join Date
- Apr 2003
- Posts
- 71
Server Hacked (need to hire security auditor)
Hi Guys,
cPanel has been sending me emails about a smtpd having root access!! We got hacked last week and lost £600 in sales to some gimp in Indonesia. I think they still have root access.
Can someone recommend a security auditing company to tighten the server up and make sure there are no backdoors? Our server admins are not good enough. (I pay them peanuts so what do you expect).
Thanks!
-
09-20-2013, 01:24 PM #2Attack The Day
- Join Date
- May 2010
- Location
- NYC
- Posts
- 835
Steven at Rack911 is well known around here and I've never heard a single negative complaint about him. Rack911.com
NewYorkCityServers.com - Specializing In Dedicated Servers and Financial Hosting
True Enterprise Service, Tier 3 Manhattan Datacenter, 100+ Gbps Network, 100% Uptime Guarantee, 24x7 Support - Email, Tickets, Phone and Live Chat
Bandwidth Graphs, Remote Power Control, Automated OS Re-installs, Secured IPMI+KVM Included With Every Server
-
09-20-2013, 01:29 PM #3Junior Guru Wannabe
- Join Date
- Apr 2003
- Posts
- 71
Thank you!
-
09-20-2013, 01:45 PM #4Newbie
- Join Date
- Feb 2010
- Location
- Fort Lauderdale, FL
- Posts
- 11
I would give Michael a shout at http://aod.net great guy. Very reasonable priced <<snipped>>.
Last edited by bear; 09-20-2013 at 07:21 PM.
██ Voomo.com - Web Hosting Since 2008!
██ Professional Shared, Reseller, VPS and Dedicated Server Solutions
██ Company owned hardware, taking resposability for the quality of your service
██ 219-440-HOST | sales@voomo.com
-
09-20-2013, 01:53 PM #5
Another for Steven at rack911, great guy and is very helpful.
⚡️ PUREVOLTAGE.COM ⚡️Custom Dedicated Servers, Colocation, VPS Contact us: sales@purevoltage.com Skype: Mobile.Jake
AMD EPYC 7443P RYZEN 7950X3D ⚡️ NVME 10G - 100Gbps We do it all!
★ New York City ★ Seattle ★ Los Angeles ★ Chicago ★ Dallas ★
-
09-20-2013, 02:16 PM #6Temporarily Suspended
- Join Date
- Jun 2008
- Location
- Europe
- Posts
- 181
Scott from admingeekz is good too.
-
09-20-2013, 02:25 PM #7Web Hosting Master
- Join Date
- Jul 2003
- Posts
- 612
heard great things about rack911
-
09-20-2013, 02:38 PM #8Junior Guru Wannabe
- Join Date
- Apr 2003
- Posts
- 71
Steve is on it already. What a total legend..!
-
09-20-2013, 04:42 PM #9Web Hosting Master
- Join Date
- Jun 2006
- Location
- Calgary, Alberta
- Posts
- 688
I also recommend Steven from Rack911.com
-
09-20-2013, 09:28 PM #10Temporarily Suspended
- Join Date
- Apr 2013
- Posts
- 16
LOL! my server guy take $20 for any job. And he done things like - spiral networking, privet clouding in my 24 servers, backup clouding, ddos remote protection kind of jobs too.. for one cost no hrly or anything.. and I'm not going to share him
-
09-20-2013, 09:33 PM #11Web Hosting Master
- Join Date
- Jun 2006
- Location
- Calgary, Alberta
- Posts
- 688
-
09-20-2013, 09:43 PM #12The Linux Specialist
- Join Date
- Mar 2003
- Location
- /root
- Posts
- 23,990
Moved > Managed Hosting and Services.
-
09-20-2013, 11:03 PM #13Cloud Reseller Experts
- Join Date
- Jun 2008
- Location
- In Dreams
- Posts
- 664
-
09-21-2013, 10:10 PM #14Hello World
- Join Date
- Nov 2009
- Location
- /etc/my.cnf
- Posts
- 10,657
-
09-22-2013, 01:48 AM #15Web Hosting Master
- Join Date
- Nov 2011
- Location
- Calgary, Alberta, Canada
- Posts
- 699
If they're getting root access from your SMTPD then they're most likely getting in through common exploits that target outdated software. I would definitely make sure that whoever your security auditor is that they make sure everything is being updated. Also, make sure that you dont have any pre-release yum repos installed and that your using either the STABLE or RELEASE (preferably STABLE) release tier for cPanel. I'd also be considering disabling SSH access for root or requiring a key file to SSH.
Little Apps
Open Source Software
-
09-22-2013, 12:48 PM #16Temporarily Suspended
- Join Date
- Jul 2013
- Posts
- 63
For cPanel i would recommend Mycpadmin, they are good at there work.
-
12-10-2013, 01:13 PM #17Temporarily Suspended
- Join Date
- Dec 2013
- Posts
- 6
My advice :
Check if you have snmp on the server and if the community is a strong one.Most of the recoinnassance is made exploiting the snmp by enumerating the services and what they use.
If you say is a SMTP exploit i think is a clamav milter exploit ( had that in my OSCP certification ) , which gives you instant access to the server.
Avoid using .htpasswd and .htaccess protected login because is very easy to bypass it.
Get an IDS to see whats happening and create rules for the attacks.
If you have specific questions please let me know and im more than happy to help you out for free.
-
12-12-2013, 09:58 AM #18Temporarily Suspended
- Join Date
- Oct 2013
- Posts
- 27
Hey, what happened to your hacking problem? have you contacted anyone or resolved by own. If you have contacted anyone, then let us know your experience with them as we will have their feedback to contact them in future if needed, I too have got issues like this and have been managed by self till now, but having a good reference is always better.
-
01-14-2014, 12:19 PM #19Newbie
- Join Date
- Sep 2013
- Posts
- 11
-
01-14-2014, 12:33 PM #20Junior Guru Wannabe
- Join Date
- Apr 2003
- Posts
- 71
Thanks its now tighter than a ducks @rse h0le.
Similar Threads
-
Joomla Security Auditor (April 2012)
By Johnny Cache in forum Employment / Job OffersReplies: 1Last Post: 03-21-2012, 06:10 AM -
Performance & Security Auditor
By Yujin in forum Managed Hosting and ServicesReplies: 5Last Post: 09-09-2010, 01:02 AM -
WordPress sites keep getting hacked - Need Server/Security Experts to look into
By gariben in forum Systems Management RequestsReplies: 6Last Post: 08-06-2008, 02:21 PM -
Looking for a HERO who can fix the security problem on a hacked server
By kabuer in forum Systems Management RequestsReplies: 7Last Post: 04-13-2007, 08:30 AM -
Looking for a system admin who can fix the security problem on a hacked server
By cyberturk in forum Employment / Job OffersReplies: 6Last Post: 01-11-2007, 09:37 PM