re: I am hacked?
It looks like there is an automated ssh scanner on that host (or that server could be compromised) and it's trying to bruteforce or exploit randomly. You can check your /var/log/secure & messages log files to tell if that host was able to gain access to your server or not. It's recommended to tweak your sshd configs and consider changing your ssh port to something else other than the default 22.
It looks like there is an automated ssh scanner on that host (or that server could be compromised) and it's trying to bruteforce or exploit randomly. You can check your /var/log/secure & messages log files to tell if that host was able to gain access to your server or not. It's recommended to tweak your sshd configs and consider changing your ssh port to something else other than the default 22.
re: I am hacked?
Hi,
From your screenshot, I can see that your server has been connected through ssh from the following location.
1. puck237.dedicatedpane with Process id : 22223 (in your server)
2. 115.168.43.158 with Process id : 7464
If the above ssh access is unauthorized access to your server, I suggest you to secure and harden your server. If the above mentioned process ids are still in place, try with,
# cat /proc/22223/environ
# cat /proc/7464/environ
Hi,
From your screenshot, I can see that your server has been connected through ssh from the following location.
1. puck237.dedicatedpane with Process id : 22223 (in your server)
2. 115.168.43.158 with Process id : 7464
If the above ssh access is unauthorized access to your server, I suggest you to secure and harden your server. If the above mentioned process ids are still in place, try with,
# cat /proc/22223/environ
# cat /proc/7464/environ
re: I am hacked?
Hello,
I will suggest you please disable the all user shell access and change your ssh port also secure your server and run the RKHunter and maldet (LMD) scan on your server on your server
Hello,
I will suggest you please disable the all user shell access and change your ssh port also secure your server and run the RKHunter and maldet (LMD) scan on your server on your server
I strongly suggest you install ConfigServer Security Firewall along with Mod_Security. I am not trying to pimp it, I happened to be getting port scanned off the map until I figured out how to use Configserver.
Installation:
rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
Later go to whm Plugins
configserver
Now you need to configure it, takes about an hour to get through everything correctly the first time around, it will guide you on how to create a very secure environment and it is 100% free to use.
Installation:
rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
Later go to whm Plugins
configserver
Now you need to configure it, takes about an hour to get through everything correctly the first time around, it will guide you on how to create a very secure environment and it is 100% free to use.
Last edited by a moderator:
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| S | WHM and Cpanel is giving 500 internal server error as someone hacked | Security | 1 | |
|
Server Hacked through Backdoor | Security | 6 | |
| K | My WHM/cpanel account hacked? No access to root | Security | 9 | |
| M | Server hacked help Bitcoin readme | Security | 1 | |
|
CPanel Hulk hacked? | Security | 1 |