Hi someone recently got into my server and changed the root password. However i was able to change it back. I was just wondering how can i check to see if any damage was caused? And im running cpanel on my fedora server how can i make sure that everything is setup right so users cant access files and folder they are not suppose to be in or places where they can easily upload bots to. Let me know thanks!
you may check the log file, it will help you to see what the attacker have done. or ask some expert to investigate this issue completely.
Honestly, why even say this? Your making no sense. Logs will be cleaned/patched upon attackers rootkit initiation Rootkit / backdoor installed to gain access at a later point in time Loggers - log passwds, keys & activity defacement/php shells - later access or deface You need a server administrator to clean your server system, a full reinstall of OS is highly recommended, take backups of your data ASAP. Finding the original breach of security will be a priority for you, as you dont need another breach happening.