Topic: I think i got HACKED... AGAIN

[FireWire]

Alright guys, here's the deal. I have a webserver setup on port 80.

When this happened the first time, my server just stopped working "externally". I was not able to access it outside my LAN.

So I formatted and reinstalled. It was working fine.

But when woke up this morning, the same thing is happening as first time.

I have a feeling I got hacked somehow, and probably by the same person.

The only clue that I can think of, is when I woke up during the night, the hard drive(s) of my server were spinning like crazy, the CPU usage was at 100%, and the internet was bogged down with INSANE traffic. That's when I think I was getting hacked...

Now the real problem is, how would I recover my server? How can I get it to work externally and on the web again and this time, prevent this rat bastard from hacking me again.

Thanks in advance.

[Anonymous]

What do your logfiles say? anything noticeably "odd" about them?

[okepc]

which version of e-smith/sme?

[Ed]

Assuming that you reinstalled using 6.0 +, or 5.6 with patches (especially the ssh one).  Then, you probly have a trojan on your desktop.  Double check.

If you are using 5.6 or older without pathes or older, there is a SSH security issue and will be broken in again.

Ed

[Jens]

It could be insecure webserver software, e.g. an unpatched *nuke or bullitinboard. Lots of options there. In addition, I know of several people who ran the server  as server-only but open to the Internet. (I was one before I received a knock on the head by a Mitel tech).