Hi guys, what is the proper step if i've been rooted? Do i need to look at ALL my sites code one line by one line? Is there any script or technique that you have successfully used? cheers, toby
if you using linux specially redhat or centos you can use rkhunter or chkrootkit to scanning your system what is your server provide ? is it hosting company or anything else ?
if hacker hasn't contaminated the log files, maybe there's a chance for you to check it and find out something interesting. It's no harm at all to check it.
Are you running a control panel (i.e. cPanel/WHM)? If so, if you choose the OS Reload route (suggested) backup your accounts, but restore with --skipprivs in the command line to prevent the "hacker" from having a root reseller account - then check& restore manually (alternatively, just reset all account permissions with one ACL). Also upgrade your kernel. Jay
The "heart" of linux is it's kernel: http://kernel.org/ Recently, expoits were published that allowed root escalation on older kernels. You shouldn't recompile a kernel yourself if you're unsure what you're doing, as if you mess up it will result in an unbootable system. Hope that helps, Jay
Generally if your rooted a reload is the best option just to make 100% sure you've got a clean system. It's a pain in the rear but as well as running Chkrootkit/RKhunter you can also check the list of users on that machine to see if there's any you don't recognise. In most cases you don't need to compile your own kernel from source, just keep the OS upto date and use the provided kernel. However if your willing to compile your own kernel, then you should also consider adding patches i.e GRSecurity.
I agree with what everyone has said here, Backup your info (if you have any backups from right before you got hacked, use those) reload your OS, and MAKE SURE TO COME UP WITH A SECURE, STRONG PASSWORD!
i think your server has been exploited with some software, the new 2008 special software that only a little big hackers know it. what did you have on server ? this is very important, please tell me
i have moved to another dedicate server host. I didnn't like my old host. I feel their support sucks now