Results 1 to 10 of 10
  1. #1
    Join Date
    Dec 2012
    Posts
    45

    Root Access of Server compromised

    Hello,

    One of my dedicated server's root access has been compromised due to which i could not SSH the server. How should i troubleshoot this issue ? Kindly suggest.

    Could you please suggest me probable troubleshooting steps which i could follow on server to resolve this issue ?

    Regards,
    Prashant

  2. #2
    Join Date
    May 2013
    Posts
    266

    Re: Root Access of Server compromised

    The first step is to regain your access to SSH. Most, if not all providers have a virtual console feature that you can use in case of an emergency to access your server via SSH. For example SolusVM offers this with the name of Serial Console.

    After you have access to your server you should first change your root password and even the SSH port if you want more security. After that you can continue investigating the issue, for example by checking your log files.

  3. #3
    Hi,

    Do you have access to the server now ? If you cant SSH the only option is to format the OS. Do you have a backup ?

    Regards,
    Alons
    Softaculous - Auto Installer for cPanel, Direct Admin, InterWorx, Plesk, H-Sphere
    The only Auto Installer that installs 260+ scripts. Install in just ONE STEP!
    Virtualizor - VPS Control Panel supporting OpenVZ, Xen, KVM and has 60+ OS Templates
    Webuzo - Softaculous for the Cloud i.e. Softaculous Standalone

  4. #4
    Join Date
    Feb 2006
    Location
    Greece
    Posts
    194
    Quote Originally Posted by alons View Post
    Hi,

    Do you have access to the server now ? If you cant SSH the only option is to format the OS. Do you have a backup ?

    Regards,
    Alons
    Maybe booting to recovery, mounting the disks and checking logs is also a possibility.

    Don't rush it

  5. #5
    Quote Originally Posted by chrismfz View Post
    Maybe booting to recovery, mounting the disks and checking logs is also a possibility.

    Don't rush it
    What I meant was to take a backup and reinstall. If a server has been compromised, you wouldnt want to keep it going.
    Softaculous - Auto Installer for cPanel, Direct Admin, InterWorx, Plesk, H-Sphere
    The only Auto Installer that installs 260+ scripts. Install in just ONE STEP!
    Virtualizor - VPS Control Panel supporting OpenVZ, Xen, KVM and has 60+ OS Templates
    Webuzo - Softaculous for the Cloud i.e. Softaculous Standalone

  6. #6
    Join Date
    Feb 2006
    Location
    Greece
    Posts
    194
    Quote Originally Posted by alons View Post
    What I meant was to take a backup and reinstall. If a server has been compromised, you wouldnt want to keep it going.
    Of course but the OP didn't mentioned anything else.
    Linux distro ? Plesk ? cPanel ? Nothing ?

    It could be 1000 other things.

    authentication or sshd issue, firewall issue or changed password when drunk.

    From recovery he can check logs at least. If there is no logs at all OK he got compromised

  7. #7
    Join Date
    Mar 2003
    Location
    WebHostingTalk
    Posts
    16,966
    Moved > Hosting Security and Technology .
    Specially 4 You
    .
    JoneSolutions.Com ( Jones.Solutions ) is on the net 24/7 providing stable and reliable web hosting solutions and services since 2001

  8. #8
    In linux you can change any thing with recovery mod or chroot, Where hosted your dedicated server (Data Center) ?
    0WEB | Linux VPS VPN Web Hosting SMTP Relay Nginx Directadmin License
    █ Unix Like System's SysAdmin
    0WEB.US : Web Hosting | VPS | SMTP Relay | License | VPN
    █ Call US : (IRAN) 930 400 1986 | (USA) 206 456 1683

  9. #9
    Quote Originally Posted by alons View Post
    Hi,

    Do you have access to the server now ? If you cant SSH the only option is to format the OS.
    What he should do it to restart server in rescue mode and change root password. Reboot it and inspect server now you got ssh access back, and ofcourse limit ssh access to only your IP. You need to analyze what happened.
    NMSERVERS - managed hosting, administration, performance analysis and system security services

  10. #10
    First go to your dedicated server webhosting portal and get the KVM access. Through KVM you can check the logs. IF possible, you can recover your SSH connection. I would say reload the OS if you didn't get any idea how you got compromised.

Similar Threads

  1. Server hacked - root access compromised
    By TheVisitors in forum Hosting Security and Technology
    Replies: 22
    Last Post: 09-13-2013, 06:45 PM
  2. Root Certificate Authority, Diginotar, Compromised
    By Ceetoe in forum Hosting Security and Technology
    Replies: 3
    Last Post: 09-02-2011, 11:22 PM
  3. Did someone manage to get root access to my server?
    By vpswing in forum Hosting Security and Technology
    Replies: 7
    Last Post: 07-10-2011, 10:09 PM
  4. New with VPS: How to access root server
    By zionchild in forum VPS Hosting
    Replies: 11
    Last Post: 05-29-2010, 12:23 PM
  5. Do not share server with root access
    By efarmer in forum Dedicated Server
    Replies: 18
    Last Post: 08-03-2005, 01:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •