I am hacked?
Hi,
please see image.vBis puck237.dedicatedpane connected to my server?
is 115.168.43.158 connected to my server?
Or what is "ESTABLISHED" ?
I find this: /http://www.blocklist.de/en/view.html?ip=85.25.242.234
Thanks.
-
re: I am hacked? It looks like there is an automated ssh scanner on that host (or that server could be compromised) and it's trying to bruteforce or exploit randomly. You can check your /var/log/secure & messages log files to tell if that host was able to gain access to your server or not. It's recommended to tweak your sshd configs and consider changing your ssh port to something else other than the default 22. 0 -
re: I am hacked? Thanks.[quote="Sys Admin, post: 1476452">It looks like there is an automated ssh scanner on that host
"my host? "the host remote?0 -
re: I am hacked? Hi, From your screenshot, I can see that your server has been connected through ssh from the following location. 1. puck237.dedicatedpane with Process id : 22223 (in your server) 2. 115.168.43.158 with Process id : 7464 If the above ssh access is unauthorized access to your server, I suggest you to secure and harden your server. If the above mentioned process ids are still in place, try with, # cat /proc/22223/environ # cat /proc/7464/environ 0 -
re: I am hacked? Hello, I will suggest you please disable the all user shell access and change your ssh port also secure your server and run the RKHunter and maldet (LMD) scan on your server on your server 0 -
I strongly suggest you install ConfigServer Security Firewall along with Mod_Security. I am not trying to pimp it, I happened to be getting port scanned off the map until I figured out how to use Configserver. Installation: rm -fv csf.tgz wget http://www.configserver.com/free/csf.tgz tar -xzf csf.tgz cd csf sh install.sh Later go to whm Plugins configserver Now you need to configure it, takes about an hour to get through everything correctly the first time around, it will guide you on how to create a very secure environment and it is 100% free to use. 0
Please sign in to leave a comment.
Comments
5 comments