The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Possibly Hacked

Discussion in 'General Discussion' started by gpreston, Jan 14, 2005.

  1. gpreston

    gpreston Well-Known Member

    Jan 31, 2004
    Likes Received:
    Trophy Points:
    West Chester, PA
    So today my dedicated server (running RH9) was shut down by my host. They pulled the plug after seeing an insane amount of UDP traffic slamming this one IP. Now, I unfortunately don't have much experience with this at all. I've tried to do my best to keep the box secure and tied down as best as possible.

    What I'd like to try and get from the community here is tips on what to look for on my server when my host brings the server back up for me during business hours. Ways to detect things that would be abnormal and how to track down where on the server it is coming from (what script is generating the traffic?). Things like that. Any help would be GREATLY appreciated.

    Thank you now for any time and effort you put forth.
  2. chirpy

    chirpy Well-Known Member

    Jun 15, 2002
    Likes Received:
    Trophy Points:
    Go on, have a guess
    I would suggest that you do a search on the forums for installing a firewall (APF) if you're running on a Linux server with in and out bound port filtering. You've most likely had a PHP script exploited through the recent santy worm - again a search of the forum on ways to tackle this issue searching for phpBB should throw up helpful threads. You should also install mod_security with a good set of rules that tackle said worm. You will also have to clean up and worms that have been installed.

    Ultimately, though, if you don't know how to do these things, then the only way you'll knw that it has been cleaned up and fixed is to hire someone who knows what to look for and how to fix it. You also need to be sure that you haven't had a root hack, which would mean the server OS having to be re-installed and reocovery of user data from backup.

Share This Page