Results 1 to 7 of 7

Thread: Hacked Server

  1. #1
    Join Date
    Feb 2004
    Posts
    54

    Hacked Server

    My server was hacked over the weekend and after disabling, the hackers account and running all the necessary checks I thought that i had got rid of him.

    The problem now is that my server is rebooting, first it was every 3 hours, now it is rebooting roughly every 1 hour 45 minutes. This is worrying me as I cannot find anything on the server that may be the cause of this.

    I have ran all the virus checks and system checks that I know about and nothing seems to be able to find anything.

    Does anyone have any suggestions on this.

  2. #2
    Join Date
    Apr 2002
    Location
    West Yorkshire
    Posts
    1,357
    Which OS?
    -- Matthew

  3. #3
    Have you run ckrootkit? This will help you find any rootkits.

    Most times after a hacker comprimise you will have to look into an OS reinstall. This is sometimes the only sure way that there are no traces of a rootkit/trojan.
    crucialparadigm - Affordable, Reliable, Professional :
    Web Hosting
    24/7 Support Web Hosting Reseller Hosting Cloud/VPS Plans Dedicated Servers

  4. #4
    Join Date
    Feb 2004
    Posts
    54
    I am using Windows 2000.

    I think it may be something to do with winlogon.exe, I have two of these running. Any ideas what I need to do to the winlogon.exe?

  5. #5
    Greetings:

    If your server has been hacked (they actually broke in), then your best bet is to wipe the system, reinstall the operating system, install any applications which need to be installed fresh, and restore from a backup made prior to the hack.

    Then secure your server, and keep it secure. Security is a way of life; there is no such thing as "one time" server hardening.

    Thank you.
    ---
    Peter M. Abraham
    LinkedIn Profile

  6. #6
    I'm guessing you've checked no at jobs are running?
    Are you a webhost?
    Want more customers?
    Add your plans at Webhost-kb.com

  7. #7
    Join Date
    Jun 2002
    Location
    Tennessee
    Posts
    61
    I have had a good track record of getting comprimised systems back up and running. Takes a lot of know how, but it can be done. Make sure that you go through all the services that are running on the server to make sure there aren't any ones in there that shouldn't be there. Look in the registry for any keys that shouldn't be there, etc.

    It can be a tough task, but it can be done. When you have a bunch of customer sites on your server, taking them down for any more time can be a tough call.
    |Layerblue Networks - What Can Blue Do For You?
    |Offering Windows Web Hosting Solutions Since 2002
    |Windows 2003 Web Hosting - Shared Hosting - Reseller Hosting - Multiple Domain Hosting

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •