How to restore the hacked server installed Cent OS?

[timiao]

Our server was hacked and the password of "root" was modified. The Cent OS version is 3.9 and i386. How to change the password to enter the OS?

I also need to upgrade the OS. Any help will be appreciated.

Thanks!

[Daniel_B]

I can't post links, so I can only tell you how to get there. Google "centOS change root password" and go the 4th result, it should be titled "Linux reset forgotten root password"

[Segfault]

You really do not need to change the password, you need to boot up with some LiveCD, get user files out from there and do a clean install of OS.

A case like this should be thoroughly investigated to find out how they got in, whether it was a poorly configured application or something wasn't updated. So it won't happen again.

[timiao]

thanks all . i got it.
Now, i run into another problem. When I use

Code:

 yum upgrade

to upgrade the OS from 3.9 to the latest version, I reboot computer after all runnings finished.

But, after typing

Code:

lsb_release -a

the following information shows:

LSB Version: 1.3
Distributor ID: CentOS
Description: CentOS release 3.9 (Final)
Release: 3.9
Codename: Final

Why the OS didnot be upgraded?

[Segfault]

I think you did not understand. The computer is compromised. You cannot trust it any more. You have to do fresh install.

[oz]

I agree with Segfault that a clean install is in order if the system was compromised and someone else has had the root password. Just resetting the password isn't enough to make sure that the system hasn't been changed in some way.

Just curious, did you do a fresh install, timiao?


Edit: oops, segfault was a second quicker than me on the submit button, but it's funny that we were thinking exactly the same at the same time.

[Segfault]

Well, everybody with little experience thinks same facing problem like this one.

[timiao]

I think you did not understand. The computer is compromised. You cannot trust it any more. You have to do fresh install.

Thanks Segfault,

Now, I restored the password. and, I can enter the OS.

I want to upgrade the current OS from version 3.9 to 5.2 or the latest version on another compuer.

so, I used

Code:

 yum upgrade

But, after rebooting, the OS version information shows still version 3.9.

[oz]

I wouldn't advise doing an upgrade, but do a fresh install with the latest version of CentOS. The system has been tampered with according to your earlier post and an upgrade isn't going to necessarily solve any issues that remain after the system was compromised.

[timiao]

I wouldn't advise doing an upgrade, but do a fresh install with the latest version of CentOS. The system has been tampered with according to your earlier post and an upgrade isn't going to necessarily solve any issues that remain after the system was compromised.

Thanks ozar, I agree with you. I will re-install a latest version CentOS at the compromised computer.

But, now another computer is also installed CentOS 3.9 as the hacked one. For avoiding being hacked, I want to upgrade it.