LAMP server hacked
I'm having issues securing my server. It was hacked and the php source was taken. I know this for a fact.
What I'd like help with is securing the server. I don't know the source of the hole, but I suspect SQL injection. I'm trying to find leads in the logs. Nothing has turned up via chkrootkit.
I'm pretty sure I've done a terrible job securing mysql on the server, and that the user running it has way too much power. That's the first thing I'm going to look into.
It's just running LAMP with ssh access.
Linux 220.127.116.11-88.fc7 #1 SMP Thu May 15 00:02:29 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux