Hello, I own a dedicated server from a company which apparently has recently been compromised, and is being used to send out (an unknown amount of) requests attempting to compromise other servers. This was brought to my attention by complaint emails by my host. The host has given me until 9:00pm CET tomorrow to provide them with proof that whatever it was that originally allowed someone to take access of the server has been fixed by myself. I'm not the most knowledgeable about this nor has it happened before for me to draw experience upon. A few more details - SSH was setup with a key system, which was removed unbeknown to myself. What can I do to look into what is vulnerable/log files etc on my system? It's a Linux server - FC4 edit: I just received another email from my host informing me of a TCP sweep originating from the system. What can I do to track down whatever is doing this and get rid of it and ultimately secure the system?
If you have to ask, you're probably not going to have the skills to deal with it in any sort of timely and effective manner Go to a good server admin company and get it fixed properly I'd recommend Rack911