I am being hacked out of bussiness, Please help.
I own a internet radio station. I am posting here today because our system admin has been unable to stop an attack. Our server is based in Chicago and we are in Michigan. Our server is set up with a IP table and a IDS. So yah sure we get attacked left and right, easily 1,000 times a day, but they up until recently have kept us safe.
A few weeks ago things started to go wrong. Strange events began to happen, but nothing odd would show up in any logs and the IDS would think everything was fine. The server appreciated to be shitting its self but with no evidence of anything going on. Last night our server admin had an SSH tunnel up to the server and was working on it trying to figure out what was going on with the server. Then then noticed something odd. Another root user from an outside IP address appeared. We had been compromised. We baned that entire IP range, the hacked was out for the time, but the logs showed nothing... we now understood what had been happening.
My system admin said they must have packed sniffed us, decrypted the Key as it was sent out, then cyphered it. But the key changes every hour and is encrypted to the highest level, it would take a mainfram to decrypt in less then an hour. The admin changed the root password, a new key was sent, 7 min latter, root was compromised again. It took them 7 min to cyper this key. Either they have a mainframe or know something we don't.
So now that brings me to the present. Our server has been so screwed up we need to reinstall the OS. My system admin has no idea how to secure the sever once it is back up so for now we are shut down and losing money. He says the key is as encrypted as linux allows and he is using every security measure he knows of. So I am here looking for ideas on how we can solve this problem.