My server has been hacked again. Please Help me!

hackboys

Active Member
Feb 12, 2008
34
2
58
Hi there,
I had my server hacked , I found this script that was run as root:

[snipped]


How can i defender my server from this script (Back Connect Backdoor) ?
 
Last edited by a moderator:

eth00

Well-Known Member
PartnerNOC
Mar 30, 2003
721
1
168
NC
cPanel Access Level
Root Administrator
Are you literally running RH9? That is an incredibly old release that is open to who knows how many exploits.

If the attacker gains root it is hard to block them from doing much. A properly configured firewall can help block a backdoor like that from working but if they have root wiping the iptables rule would allow it to work.

What kernel were you running when you got exploited? You probably need to update it or get an entirely new OS.
 

BianchiDude

Well-Known Member
PartnerNOC
Jul 2, 2005
617
0
166
Hi there,
I had my server hacked , I found this script that was run as root:

[snipped]

How can i defender my server from this script (Back Connect Backdoor) ?
Thanks for posting this, now even more hackers will have that backdoor and exploits.

Seriously dude, you still have a RH 9 install disk? That belongs in a museum.

RH9 was released like 5 years ago, and even at that time it wasn't that good. The RH series was totally discontinued after that, and is now RHE. RHE 5 is out, or if you want a free OS go with CentOS 5.
 
Last edited by a moderator:

madaboutlinux

Well-Known Member
Jan 24, 2005
1,051
2
168
Earth
Your server is definitely rooted and cannot be cleaned up. The best way it to re-install the machine and apply some security tweaks.

The most important is your kernel which need to be kept updated as such rootkits are uploaded using a security hole in the kernel. You can then enable Apache suexec, PHP suexec, enable open_basedir, disable some php functions using which server side commands can be executed, install CSF firewall, mount /tmp and /dev/shm with noexec,nosuid mode and a few other important changes.