Thread: hacked server
View Single Post
  #7 (permalink)  
Old 07-08-2009, 08:39 PM
Spiral's Avatar
Spiral Spiral is offline
Registered User
  
Join Date: Jun 2005
Location: Area 51
Posts: 1,501
Spiral is on a distinguished road
Lightbulb
Quote:
My server is hacked by backd00red , they gained access to the server and changed rot password, they defaced most site on the server!
how can they access the root? i have a very strong password.
Quote:
my question, how do i secure the server now after it is reinstalled?
Quote:
Originally Posted by sphost View Post
is there is any reliable company out there that offer server securing service?
I will be glad to take a look and help you clean up the mess and secure your server. Contact me!

I have more than 30 years field experience in network and server security, written
many network security books, teach on the subject, and own several computer security
consulting firms with clients around the globe so I am definitely in a position to help
you recover and can show you a lot of things you maybe didn't think about originally
that may or may not of led to the current breach. The bigger question is if you
fully grasp the extent of your current situation you just described? There is also a
very good chance that whoever got into your server also installed backdoors for
themselves to regain access again at a later date and that will also need to be
determined and closed out in addition to hardening the security on your server.

Don't worry about any money at the moment, I am more concerned with
stopping attacks like these and I am only glad to help and can give you a
very big helping hand working through this issue. We need to get your server
back to a safe state and get you much better security so you don't have to
go through this again. I am most concerned that you may have far more issues
than you are aware (or even begin to grasp at the current moment) since I have
dealt with the clean up of thousands of these sort of attacks. I would almost
guarantee your server now has a huge number of backdoors and other security
compromises already in place to be concerned about above and beyond the
original path of exploit and that is what I would be most concerned about first.
If these issues are not handled properly right now, you are just going to run
into the same situation again or far worse. Once that is addressed then the
fun task of cleanup can press forward and then server security hardening so
that this becomes an isolated incident that doesn't repeat for you.

I will be on for another few hours and keep an eye on private messages
if you want to reach me. I'll also send you a message how to reach me.

EDIT: Regarding italics above. I'm going offline now but will be back tomorrow
Last edited by Spiral; 07-09-2009 at 12:24 AM. Reason: No longer online
Reply With Quote