Like the title stated, my server just got ddosed and hacked yesterday, fortunately no data was lose. I heard from my mate that the hacker had installed a shell on my server, thus I need someone on here who's really good with server stuff to help me secure and remove the shell. I'm willing to pay and go first if you're a reputable person on here, so if you're intersted, do PM me with your vouches or anything that could prove you're trusted. Regards, Jack
The only way to ensure that your server will be clean, is to reinstall the OS. If a hacker was able to put some sort of backdoor in, and you don't find it, it will be time wasted on trying to secure a compromised box. Take a backup of your site(s), and do a fresh OS reload. Once done, start securing the server. Do things like change the ssh port, disable root log in, add a firewall, etc, etc. Once you have done what you need, move the site(s) back onto the server. Probably not the answer you were looking for, but, it is the best way.
hello I just happen to noties this wild I was just surfing the net to answer to your question the server does not need to be reinstalled they can be clean with solftware what you wont to do is changed the password root password or trun off root acesss turning off root access directly and changed the password to kill the shell you need to check whats the users account and disable the account its not really hard to do done it lots of times if you need help pm me if you could explain how you think you got hack would love to know
Horrible idea. Rootkits are common- how do you verify that a rootkit has not been dropped? You can't trust the binaries present on the server, so you have to re-install.
dont think so I work for a data center called interland now known as PEER 1 Dedicated Servers Managed Hosting and Colocation. what we do we installed solftware that scans deleteds quarantines cleans the also patches so on... so if the company is on the wrong side of doing that and they guarantee work and articulatory. what ever way he goes and knowns what he doing. most companys do it free or they charged for the service so on
I agree with noonbaja. Just imagine you are doing backup for a large server which have around 500GB space used, rebuilding your server is not a good choice here. Security fix, patch, scan, remove is what we should do if you already have the symptom of getting attacked.