The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

possibly hacked

Discussion in 'General Discussion' started by inov, Dec 26, 2003.

  1. inov

    inov Member

    Joined:
    Mar 4, 2003
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Hi there

    Had some weird stuff going on with our server with files dissapearing (mysql and Exim files) and we looked at the logs and they had been deleted prior to the 24th, so makes me think that someone was hiding their tracks. A few other things have happened too. Wondering:

    a) is there anything I can do to try to see how secure our server is after the fact? what would people's suggestions be?

    b) I've run the trojan scanner and it's come up with hundreds of potential trojans which I think is a lot. A different cpanel server I have has come up with 18 potentials (but I suspect that these will be false readings normally).

    Would appreciate any advice anyone can give!

    Thanks
     
  2. compunet2

    compunet2 Well-Known Member

    Joined:
    Feb 21, 2003
    Messages:
    310
    Likes Received:
    0
    Trophy Points:
    16
    Install chkrootkit.
     
  3. RaveKnights

    RaveKnights Well-Known Member

    Joined:
    Nov 5, 2003
    Messages:
    81
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Some Where Out There!
    If you have a demo account on your server look inside that account for an directory called .images it will be hidden most likely.

    delete the directory and also check your /var/log/messages for any suspicious activity.
     
  4. inov

    inov Member

    Joined:
    Mar 4, 2003
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    thanks for these suggestions - going to look into it now. I did have a demo account (now switched off) so I will look into that too.

    I'm considering employing someone on a monthly retainer to manage the security aspects of the server - would this be a wise move?

    Ade
     
  5. hostedzone

    hostedzone Member

    Joined:
    Aug 8, 2003
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Maine, USA
    It would be a wise move if you don't have time to learn to do it or if the machine is critical. Just make sure you hire someone who actually knows what they are doing so you don't get hacked down the road while you are paying a poser to protect your box.

    Getting hacked is bad enough, don't need to be taken as well.
     
  6. inov

    inov Member

    Joined:
    Mar 4, 2003
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Yeah, wouldn't that be just the thing! ;)

    I'm considering a couple of companies to do this - companies who do remote server management. Is it appropriate for me to post their names on these forums for opinions? Thought I'd check first as don't know what the rules are for that sort of thing.

    Thanks

    Ade
     
  7. SarcNBit

    SarcNBit Well-Known Member

    Joined:
    Oct 14, 2003
    Messages:
    1,010
    Likes Received:
    3
    Trophy Points:
    38
    Of course it is.

    You should run a search on the names first to see if someone else has already started a thread. You could then post in that thread asking for updates. :)
     
  8. jphilipson

    jphilipson Well-Known Member

    Joined:
    Jan 8, 2003
    Messages:
    80
    Likes Received:
    0
    Trophy Points:
    6
    Sure you can, I will go first.. if you want the best, go with cheetaweb.com .. (no I have no affiliation), when in a bind they can figure anything out
     
  9. inov

    inov Member

    Joined:
    Mar 4, 2003
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    OK - looked at them and also look at http://www.easyservermanagement.com/ as well as http://www.rfxnetworks.com/. Both of these look good, but it would be useful to know about users thoughts. I have spent the entire day reading up on this stuff and I think there's quite a bit that can be done quite easily - its the management of it and the ongoing process (on top of the normal job!) that I could do with help with
     
Loading...

Share This Page