Portal Home > Knowledgebase > Articles Database > Server exploited
Server exploited
Posted by oozypal, 03-01-2011, 07:32 AM |
Hello,
Someone exploited my dedicated server. He made few syomlinks to essential files under the root. I have removed those symlinks.
Can you guys show me how to search for symlinks inside all public_html of all accounts.
In addition, what should I do to improve security of my server. someone told me that there are out of the box default config that are security unsafe; how can I remove these config and secure the server.
Thank you
OOzy
|
Posted by Johnny Cache, 03-01-2011, 09:52 AM |
Hello,
Almost everyone here would suggest that you completely wipe and restore your server, without question, if it has been rooted.
If you are using cPanel, I would suggest installing CSF/LFD after you wipe and reload your OS:
http://www.configserver.com/cp/csf.html
Hope this helps, good luck.
|
Posted by Patrick, 03-01-2011, 11:48 AM |
If the attacker gained root you're better off deploying a new server and hiring a server management company to keep things secure. Security is not a one time thing, it's an ever changing process that constantly has to be worked on. Also, once a server has been rooted it should never be trusted again, despite any reassurances from various root kit checkers, etc. Play it safe, start off fresh.
|
Posted by Natcoweb, 03-01-2011, 03:46 PM |
YOu could use find / -type l, but resetup wins anyway.
|
Posted by cpanellover, 03-01-2011, 05:33 PM |
I agree a server that has been rooted cannot be trusted time to wipe...
|
Posted by M Bacon, 03-01-2011, 05:44 PM |
You could try this tutorial too. The tutorial works with dedicated servers as well.
http://www.webhostingtalk.com/showthread.php?t=468168
|
Add to Favourites Print this Article
Also Read