000

Well-Known Member
Jun 3, 2008
227
6
68
Hi,

please see image2.PNGis puck237.dedicatedpane connected to my server?
is 115.168.43.158 connected to my server?

Or what is "ESTABLISHED" ?

I find this: /http://www.blocklist.de/en/view.html?ip=85.25.242.234

Thanks.
 

Sys Admin

Well-Known Member
Apr 29, 2007
67
0
156
cPanel Access Level
Root Administrator
re: I am hacked?

It looks like there is an automated ssh scanner on that host (or that server could be compromised) and it's trying to bruteforce or exploit randomly. You can check your /var/log/secure & messages log files to tell if that host was able to gain access to your server or not. It's recommended to tweak your sshd configs and consider changing your ssh port to something else other than the default 22.
 

Aaron.Edwards

Active Member
Sep 21, 2013
36
0
6
cPanel Access Level
Root Administrator
re: I am hacked?

Hi,

From your screenshot, I can see that your server has been connected through ssh from the following location.

1. puck237.dedicatedpane with Process id : 22223 (in your server)

2. 115.168.43.158 with Process id : 7464

If the above ssh access is unauthorized access to your server, I suggest you to secure and harden your server. If the above mentioned process ids are still in place, try with,

# cat /proc/22223/environ

# cat /proc/7464/environ
 

24x7server

Well-Known Member
Apr 17, 2013
1,907
95
78
India
cPanel Access Level
Root Administrator
re: I am hacked?

Hello,

I will suggest you please disable the all user shell access and change your ssh port also secure your server and run the RKHunter and maldet (LMD) scan on your server on your server
 

Viborahost

Registered
Oct 6, 2013
4
0
1
cPanel Access Level
Root Administrator
I strongly suggest you install ConfigServer Security Firewall along with Mod_Security. I am not trying to pimp it, I happened to be getting port scanned off the map until I figured out how to use Configserver.

Installation:
rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

Later go to whm Plugins
configserver

Now you need to configure it, takes about an hour to get through everything correctly the first time around, it will guide you on how to create a very secure environment and it is 100% free to use.
 
Last edited by a moderator: