Web Hosting Talk : Web Hosting Main Forums : Dedicated Server : When a dedicated server gets compromised ....

[GaryPilot]

I have a dedicated/managed server at a host at $299 per month and the /tmp directory got compromised by a spammer. They sent out spam and so far 4 spam monitoring sites have black listed my IP.

The question is should this have been caught by the hosting company ? Should this have even happened?

[KarlZimmer]

Quote:

Originally Posted by GaryPilot

I have a dedicated/managed server at a host at $299 per month and the /tmp directory got compromised by a spammer. They sent out spam and so far 4 spam monitoring sites have black listed my IP.

The question is should this have been caught by the hosting company ? Should this have even happened?

Do they state that that is covered in their managed services?

[Techark]

Depends how long was it compromised?
No one can catch 100% of /tmp exploits the instant they happen.
If it was there for a week or so then yeah they should have caught it, it is was there a day then no not always will it be caught right away.

More important thing you should be asking is did they help you ID the cause how /tmp got compromised and help close the hole up or at least tell you what needed to be upgraded or removed to avoid it happening again.

No hosting company can stop you or your users from uploading or running outdated code on your web sites. The blame for how the files got there most likely rest with what ever user it was that failed to update their software.

Or you can ask them to tighten the screws so tight on the server security it becomes almost useless for regular hosting.

[creaws]

Someone must have found the spammer out, suspend the account and then let the client know, that´s the normal procedure.

[Jay Suds]

As with most other questions on here, "it depends". What exactly is included in the managed services they provide? Managed means many different things to many different people / companies. Some people consider a managed service to simply be unlimited support of all technical issues, with everything handled in a reactive manner. Others consider fully managed to be proactive handling updates, patching, monitoring, backups, response to downed services. And there's a lot that fall in between the first example and the second. We primarily do fully managed for Windows customers, and while it's actually quite rare for a whole box to get exploited, we do make it our mission to figure out what happened, and make sure it doesn't happen again.