Results 1 to 8 of 8
  1. #1
    Join Date
    Jan 2005
    Posts
    268

    My server got hacked

    hi everyone

    i think my server got hacked. I wanna format my OS, should i go ahead move /home dir to backup hdd or using cpanel backup daily before format OS ? Thanks

  2. #2
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    14,135

    Re: My server got hacked

    Originally posted by AndyJ
    hi everyone

    i think my server got hacked. I wanna format my OS, should i go ahead move /home dir to backup hdd or using cpanel backup daily before format OS ? Thanks
    Firstly, you need to verify that it's a restore worthy hack. If some site on your server just got hacked, then most likely it's not. Now, if the user got full root access, then, most definitely, YES you need to format.

    If its a restore worthy hack, you can forget about using any and all information you have on your server at the time. This is one of the reasons off site backups are so critical, because if it's ON the server, chances are it can be corrupted again, or that someone's got their fingers in it already, and poisoned the file, giving them a backdoor into your server.
    Tom Whiting, WHMCS Guru extraordinaire
    Linux problems? WHMCS Problems? Give me a shout
    Check out my WHMCS Addons

  3. #3
    Join Date
    Oct 2003
    Posts
    9,264
    AndyJ,

    Congratulations on your first hack!
    I'd highly recommend getting your server auditted or having them perform the restore on your behalf.

    Otherwise you're just going to get reowned after restoring.
    I'd recommend checking out www.rack911.com - save yourself the trouble of getting reowned afterwards.

  4. #4
    Join Date
    Aug 2003
    Location
    Gods Own Country
    Posts
    892
    Before coming to a conclusion , Always have a Security Admin to check your server ( I mean get it audited ) and then see if the server really needs to be formated and restored
    Blessen Cherian
    Follow me on twitter.com/blessenonly
    Two decade in Web Hosting Industry

  5. #5
    Join Date
    Jan 2005
    Posts
    268
    yea, thanks all your output,

    BTW, how do i do security audit ? i know that there are some command, but dont really know what they are. Thanks

  6. #6
    Join Date
    Nov 2003
    Location
    India
    Posts
    155
    Andy, as already suggested by David, take help of some professionals, rack911.com are good with handling these kind of issues, better contact them.

    Regards

  7. #7
    Join Date
    Mar 2004
    Location
    Singapore
    Posts
    6,990
    I seconded rack911 thelinuxguy, he specialises especially in one time security jobs. Have used his services quite a number of times, very fast and good!

  8. #8
    Join Date
    Aug 2003
    Location
    Gods Own Country
    Posts
    892
    I would suggest you to serach in Google.com with " Linux Server Security Audit " . It will give you articles which are based on Linux Security Audit .
    Blessen Cherian
    Follow me on twitter.com/blessenonly
    Two decade in Web Hosting Industry

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •