Our servers has been hacked today. Hacker pickup our login details of servers using web site link form myphoto.cc and it 100% like as yahoo mail.I have just login to this server using my yahoo. but on this time they pickup my user name and password and change the DNS of all the my sites. Please help me. How can i find him? please help me DP's
download all the logs you can from the server, if you can still access it if you're a host provider, i think your first priority should be setting up a new server or getting that one restored. even if you still have root access and change your login, they could have planted anything on your server, a reinstall is really the only way to go. hopefully you have remote backups of the sites, and dont forget to change the passwords of these accounts when they are restored so the hackers don't walk straight back in. if you know how they got in, i'd make sure that can't be done again or you'll be back to square 1 in no time. good luck!
Words of wisdom for dedicated server owners... ALWAYS ... ahem... ALWAYS have multiple passwords. If you don't, you're asking for it. Yes, yes, passwords are hard to remember... Especially when we have multiple sites like many of us do. But at minimum, you should have 4 levels of security. I have 4 major passwords I use 1, is for websites such as this one here. Easy to type in, remember, etc. I use it for general logging in where no much information is held, and when signing up for a site, I don't worry about it too much. 2, is an upgraded password for logging in as an admin into my vb sites or admin sections. Still no server access, but damage could be done so it needs to be harder 3. SSH user access. Each site should have a user, and your FTP or SSH access should have a different username, and a different password, a much harder password. 4. Root access. The apex of all passwords. This should be stupid hard, with letters, numbers, and symbols. REMEMBER: Your security is only as worthy as the webmaster on the other end. You enter your username and password on a site like this in plain text format. With just a little whip of code, they can have your username (which is usually the same over all the forums) your normal password, your e-mail, and your website/server... If you use the same password, and they grab it, then your screwed. Picking a password: This is where the always made fun of LEET speek comes in handy. Let's say I make up a password: "monkeyboy" Fine. So I can use it to log into digitalpoint. Let's say I wanted to make it my admin Password. I want to remember it, so let's LEET it up. M0nk3yb0y better, and harder to get. But I can still remember it. I replaced the "o"s with zero's, and the E's with 3's. And a capital "M" to boot. Now let's make the same as my ftp password. M0nk3yb0y#@! Same as my admin password, but I just added the numbers 321 at the end, but holding down the shift key. Don't make it that easy, but you get the idea. Even just doing $$$ at the end is better then nothing. Now, let's make this my ROOT password. #@!M0nk3yb0y#@! There, I just added the 321 in the front and at the end. I now have my four levels of security, but all with the same password that I can remember. I did a report about this many years ago, never published it.... Basically it showed that far too many people used the same password for just about everything. With all the phishing sites, and unscrupulous webmasters out there... Don't be fool, and protect yourself. I'm not saying this was this guys problem, but maybe I could help impart some friendly advice to the new guys out there. Carter