Koozali.org: home of the SME Server

I think i got HACKED... AGAIN

FireWire

I think i got HACKED... AGAIN
« on: April 02, 2004, 07:27:02 PM »
Alright guys, here's the deal. I have a webserver setup on port 80.

When this happened the first time, my server just stopped working "externally". I was not able to access it outside my LAN.

So I formatted and reinstalled. It was working fine.

But when woke up this morning, the same thing is happening as first time.

I have a feeling I got hacked somehow, and probably by the same person.

The only clue that I can think of, is when I woke up during the night, the hard drive(s) of my server were spinning like crazy, the CPU usage was at 100%, and the internet was bogged down with INSANE traffic. That's when I think I was getting hacked...

Now the real problem is, how would I recover my server? How can I get it to work externally and on the web again and this time, prevent this rat bastard from hacking me again.

Thanks in advance.

Anonymous

I think i got HACKED... AGAIN
« Reply #1 on: April 05, 2004, 07:09:27 AM »
What do your logfiles say? anything noticeably "odd" about them?

Offline okepc

  • ****
  • 118
  • +0/-0
    • http://www.okepc.nl
I think i got HACKED... AGAIN
« Reply #2 on: April 05, 2004, 09:15:14 AM »
which version of e-smith/sme?

Ed

I think i got HACKED... AGAIN
« Reply #3 on: April 05, 2004, 08:48:53 PM »
Assuming that you reinstalled using 6.0 +, or 5.6 with patches (especially the ssh one).  Then, you probly have a trojan on your desktop.  Double check.

If you are using 5.6 or older without pathes or older, there is a SSH security issue and will be broken in again.

Ed

Jens

Another possibility
« Reply #4 on: April 06, 2004, 01:32:54 AM »
It could be insecure webserver software, e.g. an unpatched *nuke or bullitinboard. Lots of options there. In addition, I know of several people who ran the server  as server-only but open to the Internet. (I was one before I received a knock on the head by a Mitel tech).  ;-)