Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 4th February 2009, 14:25
zinovsky zinovsky is offline
Junior Member
 
Join Date: Oct 2008
Posts: 26
Thanks: 3
Thanked 0 Times in 0 Posts
Exclamation Urgent need help my server is hacked !!!!

Hi,
My server is now hacked 2 times in 2 weeks, today again was hacked, i have alll the ports closed , i closed ftp 21 ,also ssh22 ,but even that they could enter to the server and hack my webpage , i use joomla for building the webpage can be the reason ? or that i have the firewall off because of selinux is desables.
this are my configurations :
ISPconfig
centos 5.2 i used perfect server tutorial of falco
I have all unecessery ports closed even FTP - 21 and SSH 22

Thank you in advance for your help.
__________________
www.googez.com ; www.unixmen.com
Reply With Quote
Sponsored Links
  #2  
Old 4th February 2009, 15:54
bernholdt bernholdt is offline
Senior Member
 
Join Date: Jun 2007
Posts: 156
Thanks: 47
Thanked 13 Times in 11 Posts
Default

Well i was unlucky to get my site hacked aswell.
I found a rs57 shell on my server that was uploaded trough a image uploading function.
look trough you web folder and see if you can find any wierd looking scripts.

If i were you i would backup my joomla database and template folder reinstall the server and start over with a fresh joomla. (remember to backup userfiles images etc.etc.

I can recomend you to install OSSEC wich is a intrusion detection system then you can get noticed of all scan attacs. And it would most certain warn you if someone is trying to exec a shellscript. I installed OSSEC after my own server got hacked and i enjoy open my mail and be noticed of everything unsual happening on my server.
Reply With Quote
  #3  
Old 5th February 2009, 13:38
marpada marpada is offline
Senior Member
 
Join Date: Sep 2008
Posts: 139
Thanks: 2
Thanked 14 Times in 14 Posts
Default

Joomla can be a PITA, but you can keep it secure if:

Use the recommended php settings ( open_basedir, fopen_url)
Use the recommended folder permissions (not chmod 777 all forlder)
Just install well-known, active modules
Keep your joomla core and modules updated.
mod_security and suhosin are also very helpful
________
VAPORIZER SOLDERING VS VAPO BULB
________
Gm foods

Last edited by marpada; 13th May 2011 at 03:06.
Reply With Quote
  #4  
Old 5th February 2009, 18:23
touchtecservers touchtecservers is offline
Junior Member
 
Join Date: Feb 2009
Posts: 9
Thanks: 0
Thanked 1 Time in 1 Post
 
Default

You could also create a bash script that is run hourly or daily by cron that searches for all executable files in paths that you know can be uploaded to. It could then either email you these as a list, or archive them, or delete them.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail -Ubuntu 8.04 c4rdinal HOWTO-Related Questions 112 23rd August 2011 11:49
Connection dropped by IMAP server gublym Server Operation 5 23rd January 2009 10:47
postfix bounced email question daveb Server Operation 8 3rd February 2008 21:32
Debian server hacked TheRudy Installation/Configuration 2 16th July 2006 10:35
Webmail Relay Error palkat General 17 23rd April 2006 19:12


All times are GMT +2. The time now is 08:22.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.