until 2 hours ago everythng was fine. now i cant connect ftp, ssh etc.. but sites open in browser(main page slow, other pages fast). i have rebooted server 3 times but everything is same. i also found out an iframe code in one of my sites(i havent added) i think someone crashed my server. what do i have to do? do u suggest any antiviruses? p.s. Linux Server
Maybe someone utilised vulnerabilities in your script or server software. I'd suggest you to contact your server provider, make backups, rebuild server with latest packages and restore the account backups.
nothing can be done until ssh is backup . once its back you can have a look at the access logs , http logs , raw access logs . processes running , run rootkit checks , Anti virus are not required , check for script updates , patches to os , server software , harden server .
eh.. i checked ssh logs, there was a brute force sincs 4april and he succeed yesterday. anyways, my server is messed up. can anyone help me with it? my sites not opening anymore, even tho apache is running. i lost 50k unique hits yesterday.. i will pay if you dont want too much money..
I can help. Please PM me. I will do i9t for free if it isnt complicated. If it is, I would charge a small fee
imo your server needs to be either reinstalled or get a new server, as the hacker could've planted malicious scripts anywhere on the box, you could end up in the situation in you're in now at any time. once a server is comprimised you really need to start fresh, then lock everything down so it's secure and restore from your latest backup.