Server compromised Question

mitt

• February 09, 2015 12:38

Hi All, got a message indicating LFD failed and not long after a notification that there was a successful root login. Root password has been changed and we no longer have root access. This attack is a combo of vulnerabilities as our root password is a random 12 character password. We pulled the server and have physical access to it. Looking for some suggestions to regain control over the machine.. or any suggestions at all. thanks.

• 

  kernow

  • February 09, 2015 19:32

  Some may tell you to format the OS and reinstall from backups.............. it is the only sure way to be safe. But, what damage has been done so far? You may want to try blocking all access to WHM and ssh except through your own IP address and see what happends. If the hacker is blocked out you may be lucky. You can do this in WHM>>>>>security center>>>>host access control.

  0
• 

  cPanelMichael

  • February 11, 2015 16:39

  Hello :) You should consult with a system administrator to determine the source of the attack if possible, and then transfer the accounts or back them up for restoration on a server with a fresh installation of the OS and cPanel. Going forward, the following URLs should help you ensure your server is secure: Security Advisor - cPanel Documentation Recommended Security Settings - cPanel Documentation Tips to Make Your Server More Secure - cPanel Documentation [Tutorial] Interested in increasing the security of your server? Read this. (sshd hardening) - cPanel Forums Thank you.

  0

Please sign in to leave a comment.