Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Thread Tools Display Modes
Old 4th February 2009, 14:25
zinovsky zinovsky is offline
Junior Member
Join Date: Oct 2008
Posts: 26
Thanks: 3
Thanked 0 Times in 0 Posts
Exclamation Urgent need help my server is hacked !!!!

My server is now hacked 2 times in 2 weeks, today again was hacked, i have alll the ports closed , i closed ftp 21 ,also ssh22 ,but even that they could enter to the server and hack my webpage , i use joomla for building the webpage can be the reason ? or that i have the firewall off because of selinux is desables.
this are my configurations :
centos 5.2 i used perfect server tutorial of falco
I have all unecessery ports closed even FTP - 21 and SSH 22

Thank you in advance for your help.
www.googez.com ; www.unixmen.com
Reply With Quote
Sponsored Links
Old 4th February 2009, 15:54
bernholdt bernholdt is offline
Senior Member
Join Date: Jun 2007
Posts: 156
Thanks: 47
Thanked 13 Times in 11 Posts

Well i was unlucky to get my site hacked aswell.
I found a rs57 shell on my server that was uploaded trough a image uploading function.
look trough you web folder and see if you can find any wierd looking scripts.

If i were you i would backup my joomla database and template folder reinstall the server and start over with a fresh joomla. (remember to backup userfiles images etc.etc.

I can recomend you to install OSSEC wich is a intrusion detection system then you can get noticed of all scan attacs. And it would most certain warn you if someone is trying to exec a shellscript. I installed OSSEC after my own server got hacked and i enjoy open my mail and be noticed of everything unsual happening on my server.
Reply With Quote
Old 5th February 2009, 13:38
marpada marpada is offline
Senior Member
Join Date: Sep 2008
Posts: 139
Thanks: 2
Thanked 14 Times in 14 Posts

Joomla can be a PITA, but you can keep it secure if:

Use the recommended php settings ( open_basedir, fopen_url)
Use the recommended folder permissions (not chmod 777 all forlder)
Just install well-known, active modules
Keep your joomla core and modules updated.
mod_security and suhosin are also very helpful
Gm foods

Last edited by marpada; 13th May 2011 at 03:06.
Reply With Quote
Old 5th February 2009, 18:23
touchtecservers touchtecservers is offline
Junior Member
Join Date: Feb 2009
Posts: 9
Thanks: 0
Thanked 1 Time in 1 Post

You could also create a bash script that is run hourly or daily by cron that searches for all executable files in paths that you know can be uploaded to. It could then either email you these as a list, or archive them, or delete them.
Reply With Quote


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail -Ubuntu 8.04 c4rdinal HOWTO-Related Questions 112 23rd August 2011 11:49
Connection dropped by IMAP server gublym Server Operation 5 23rd January 2009 10:47
postfix bounced email question daveb Server Operation 8 3rd February 2008 21:32
Debian server hacked TheRudy Installation/Configuration 2 16th July 2006 10:35
Webmail Relay Error palkat General 17 23rd April 2006 19:12

All times are GMT +2. The time now is 12:10.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.