Results 1 to 20 of 20
  1. #1
    Join Date
    Apr 2003
    Posts
    71

    Server Hacked (need to hire security auditor)

    Hi Guys,

    cPanel has been sending me emails about a smtpd having root access!! We got hacked last week and lost £600 in sales to some gimp in Indonesia. I think they still have root access.

    Can someone recommend a security auditing company to tighten the server up and make sure there are no backdoors? Our server admins are not good enough. (I pay them peanuts so what do you expect).

    Thanks!

  2. #2
    Steven at Rack911 is well known around here and I've never heard a single negative complaint about him. Rack911.com
    NewYorkCityServers.com - Specializing In Dedicated Servers and Financial Hosting
    True Enterprise Service, Tier 3 Manhattan Datacenter, 100+ Gbps Network, 100% Uptime Guarantee, 24x7 Support - Email, Tickets, Phone and Live Chat
    Bandwidth Graphs, Remote Power Control, Automated OS Re-installs, Secured IPMI+KVM Included With Every Server

  3. #3
    Join Date
    Apr 2003
    Posts
    71
    Thank you!

  4. #4
    Join Date
    Feb 2010
    Location
    Fort Lauderdale, FL
    Posts
    11
    I would give Michael a shout at http://aod.net great guy. Very reasonable priced <<snipped>>.
    Last edited by bear; 09-20-2013 at 07:21 PM.
    Voomo.com - Web Hosting Since 2008!
    Professional Shared, Reseller, VPS and Dedicated Server Solutions
    Company owned hardware, taking resposability for the quality of your service
    219-440-HOST | sales@voomo.com

  5. #5
    Join Date
    Jul 2008
    Location
    Manhattan, NY Seattle,WA
    Posts
    4,182
    Another for Steven at rack911, great guy and is very helpful.
    ⚡️ PUREVOLTAGE.COM ⚡️Custom Dedicated Servers, Colocation, VPS Contact us: sales@purevoltage.com Skype: Mobile.Jake
    AMD EPYC 7443P RYZEN 7950X3D ⚡️ NVME 10G - 100Gbps We do it all!

    New York City ★ Seattle ★ Los Angeles ★ Chicago ★ Dallas

  6. #6
    Join Date
    Jun 2008
    Location
    Europe
    Posts
    181
    Scott from admingeekz is good too.

  7. #7
    Join Date
    Jul 2003
    Posts
    612
    heard great things about rack911

  8. #8
    Join Date
    Apr 2003
    Posts
    71
    Steve is on it already. What a total legend..!

  9. #9
    Join Date
    Jun 2006
    Location
    Calgary, Alberta
    Posts
    688
    I also recommend Steven from Rack911.com

  10. #10
    Join Date
    Apr 2013
    Posts
    16
    LOL! my server guy take $20 for any job. And he done things like - spiral networking, privet clouding in my 24 servers, backup clouding, ddos remote protection kind of jobs too.. for one cost no hrly or anything.. and I'm not going to share him

  11. #11
    Join Date
    Jun 2006
    Location
    Calgary, Alberta
    Posts
    688
    Quote Originally Posted by noidea2013 View Post
    LOL! my server guy take $20 for any job. And he done things like - spiral networking, privet clouding in my 24 servers, backup clouding, ddos remote protection kind of jobs too.. for one cost no hrly or anything.. and I'm not going to share him
    If your relying on someone who only charges you $20 per job, you honestly need to re-evaluate who you have hired. Honestly seems like a disaster waiting to happen.

  12. #12
    Join Date
    Mar 2003
    Location
    /root
    Posts
    23,990
    Moved > Managed Hosting and Services.

  13. #13
    Join Date
    Jun 2008
    Location
    In Dreams
    Posts
    664
    Quote Originally Posted by noidea2013 View Post
    LOL! my server guy take $20 for any job. And he done things like - spiral networking, privet clouding in my 24 servers, backup clouding, ddos remote protection kind of jobs too.. for one cost no hrly or anything.. and I'm not going to share him
    24 servers and still hiring someone who is charging you $20/job :O
    You might know him more then yourself then

    Quote Originally Posted by benj114 View Post
    If your relying on someone who only charges you $20 per job, you honestly need to re-evaluate who you have hired. Honestly seems like a disaster waiting to happen.
    lolzzz
    agreed

  14. #14
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    10,657
    Quote Originally Posted by noidea2013 View Post
    LOL! my server guy take $20 for any job. And he done things like - spiral networking, privet clouding in my 24 servers, backup clouding, ddos remote protection kind of jobs too.. for one cost no hrly or anything.. and I'm not going to share him
    $20 an hour is pushing your luck but $20 a job and most likely any/everything job, Come on...
    UK Based Proactive Server Management.
    Zabbix Enterprise 24/7 Monitoring.

  15. #15
    Join Date
    Nov 2011
    Location
    Calgary, Alberta, Canada
    Posts
    699
    If they're getting root access from your SMTPD then they're most likely getting in through common exploits that target outdated software. I would definitely make sure that whoever your security auditor is that they make sure everything is being updated. Also, make sure that you dont have any pre-release yum repos installed and that your using either the STABLE or RELEASE (preferably STABLE) release tier for cPanel. I'd also be considering disabling SSH access for root or requiring a key file to SSH.
    Little Apps
    Open Source Software

  16. #16
    Join Date
    Jul 2013
    Posts
    63
    For cPanel i would recommend Mycpadmin, they are good at there work.

  17. #17
    Join Date
    Dec 2013
    Posts
    6
    My advice :

    Check if you have snmp on the server and if the community is a strong one.Most of the recoinnassance is made exploiting the snmp by enumerating the services and what they use.
    If you say is a SMTP exploit i think is a clamav milter exploit ( had that in my OSCP certification ) , which gives you instant access to the server.
    Avoid using .htpasswd and .htaccess protected login because is very easy to bypass it.
    Get an IDS to see whats happening and create rules for the attacks.

    If you have specific questions please let me know and im more than happy to help you out for free.

  18. #18
    Join Date
    Oct 2013
    Posts
    27
    Hey, what happened to your hacking problem? have you contacted anyone or resolved by own. If you have contacted anyone, then let us know your experience with them as we will have their feedback to contact them in future if needed, I too have got issues like this and have been managed by self till now, but having a good reference is always better.

  19. #19
    Quote Originally Posted by brooky View Post
    Hi Guys,

    cPanel has been sending me emails about a smtpd having root access!! We got hacked last week and lost £600 in sales to some gimp in Indonesia. I think they still have root access.

    Can someone recommend a security auditing company to tighten the server up and make sure there are no backdoors? Our server admins are not good enough. (I pay them peanuts so what do you expect).

    Thanks!
    If your server was well secured, it should never been hacked.
    As you said they may have installed backdoors, check also if a honeypot is running.
    Last edited by Emohost; 01-14-2014 at 12:19 PM. Reason: typo

  20. #20
    Join Date
    Apr 2003
    Posts
    71
    Thanks its now tighter than a ducks @rse h0le.

Similar Threads

  1. Joomla Security Auditor (April 2012)
    By Johnny Cache in forum Employment / Job Offers
    Replies: 1
    Last Post: 03-21-2012, 06:10 AM
  2. Performance & Security Auditor
    By Yujin in forum Managed Hosting and Services
    Replies: 5
    Last Post: 09-09-2010, 01:02 AM
  3. Replies: 6
    Last Post: 08-06-2008, 02:21 PM
  4. Looking for a HERO who can fix the security problem on a hacked server
    By kabuer in forum Systems Management Requests
    Replies: 7
    Last Post: 04-13-2007, 08:30 AM
  5. Replies: 6
    Last Post: 01-11-2007, 09:37 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •