Results 1 to 5 of 5
  1. #1

    My server hacked plz help me

    Hello dear

    My all server is hacked today

    and I don't know tell now how the hacker hack my server

    can you plz help me

    I do these in my server

    1 - APF Firewall installed and configurated
    2- No one have ssh or jailed
    3- desable telnet
    4- Mod_security in httpd installed and working fine
    5- secure tmp
    6 - secure compiler
    7- Php in safe mode and desable all dangerous function
    8- checkroot trojan
    9- tweak securiry

    the hacker do that

    enter to the ssh with use ( sbin)

    root : w
    sbin pts/0 62.215.60.227 11:03pm 8:47 1.74s 0.00s -bash
    sbin pts/1 62.215.60.227 11:14pm 1:10m 0.00s 0.00s -bash
    sbin pts/2 62.215.60.227 11:17pm 4:39 0.23s 0.04s -bash
    root pts/4 66.79.160.253 1:15am 9:23 0.00s 0.00s -bash


    and can reach to all accounts in the server
    and delete every thing
    and put index.html

    finger sbin

    Directory: /home/sbin Shell: /bin/bash
    On since Wed Mar 31 23:03 (EET) on pts/0 from 62.215.60.227
    9 minutes 12 seconds idle
    On since Wed Mar 31 23:14 (EET) on pts/1 from 62.215.60.227
    1 hour 10 minutes idle
    On since Wed Mar 31 23:17 (EET) on pts/2 from 62.215.60.227
    5 minutes 4 seconds idle
    Last login Thu Apr 1 01:20 (EEST) on pts/7 from 213.178.237.69
    No mail.
    No Plan.


    he cause mass defacement

    and I want ur help for Attack method and how to prevent in the future

    Plz help me
    Thanks a lot

  2. #2
    Join Date
    Jul 2003
    Location
    Connecticut
    Posts
    3,038

  3. #3
    Join Date
    Mar 2003
    Location
    Rio de Janeiro - Brazil
    Posts
    291
    Is your kernel updated?

    What OS are you using? Any control panel?

  4. #4
    Greetings:

    http://httpd.apache.org -- Is your Apache patched and up to date?

    Is PHP and your other server applications patched and up to date?

    Is your kernel up to date?

    Wether by yourself or another party, is some one doing daily (several times a day) review of the log file activity?

    Do you have SSH restricted by IP address?

    Thank you.
    ---
    Peter M. Abraham
    LinkedIn Profile

  5. #5
    Join Date
    Nov 2002
    Location
    WebHostingTalk
    Posts
    8,878

    Re: My server hacked plz help me

    Originally posted by freemancryin
    Hello dear

    <<snip>>


    he cause mass defacement

    and I want ur help for Attack method and how to prevent in the future

    Plz help me
    Thanks a lot
    I did a search on all of the threads you have started and have come to the conclusion that you have none of the skills required to secure nor run a server. Now I don't mean to be a jerk, but, you do not belong as the administrator of any server.

    Do a search (I cant recall the guys name off the top of my head) for someone who can at least harden the box for you. There are some great resources out here that can help manage the servers for you.

    You need to start there, before subjecting your customers to anymore problems.

    Sirius
    I support the Human Rights Campaign!
    Moving to the Tampa, Florida area? Check out life in the suburbs in Trinity, Florida.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •