I was unable to login to Kloxo-MR admin panel on xen vps with Nginx for 2 weeks. A malicious hacker prevented me gaining access to my server files.
On Kloxo-MR forums, the developer said to disable ip tables
In your VPS, IPTables is enable by default. The simple action is remove with 'yum remove iptables*'. Yes, Kloxo-MR try 'disable' for IPTables but sometimes this 'trick' not work perfectly. Possible something about webmail. It's more easy to fix after you fix above problems. Try also cp.domain.com
Do you think it's safe to disable ip tables? I want security above all else. I want to prevent hacking and DDOS attacks which I experienced after gaining login access to Kloxo-MR.
If you don't have any iptables rules, it's doing you no good anyways. It will not help prevent any sort of attack. You can use iptables -L to check if any rules exist and determine if you want them or not.
Assuming your services are locked down, it's perfectly safe to turn off iptables.
It looks like the hacker has played on the firewall. Rather than uninstallaing the firewall,
1)Try clearing all the rules and add a new set of rules.
2) Make sure that there are no rules added on the files /etc/hosts.deny or /etc/hosts.deny
Any entries in the files above can restrict the access.
Anyway; if you find a server hacked, the best way to go is to reload OS on the server and restore data from backups. There is a high chance of any backdoor script being left on the server, which can be used to gain access again.
✪SysAlly-cPanel,Plesk (Linux,Windows) server management
✪cpXstack -GPL licensed nginX+PHP-FPM stack for Cpanel
✉ info [at] piserve [dot] com
☏ +91-484-3191-121 ☏skype: sys-ally, mohankurian2