May Have Been Hacked, In Dire need of Assistance

**cpeters** · 04-04-2006

Good afternoon all,
For the past 2 days my server host has had to shut me down. I call in and find someone has gotten in to one of my sites and has loaded a phishing program into a directory. I go in clean it all out, and check my logs. I don't see anything funny. Tighten up the security and go out. Somehow they have gotten back in and reloaded it. It shows it is being run by apache. I cannot find where this hole is! I need another set of eyes to run through things with me as my linux skills aren't strong enough (yet) to find the problem. If anyone can give help please email me direct as well as here at cpeters@alehouse-designs.com

**adrenaline** · 04-05-2006

This sounds like a lot of fun but you will have to give me a ton more information. Why don't you PM me the infected log file.
Let me know distro services etc...
Mike

**logan5** · 04-05-2006

I can't tell you how they got in in the first place, but it sounds to me that something you might want to do is to educate yourself on rootkits.

Here's some info

http://www.cs.wright.edu/~pmateti/Co...on/obrien.html

Here's some progams that might help.

http://sourceforge.net/projects/checkps/
http://www.chkrootkit.org/
http://vancouver-webpages.com/rkdet/
http://www.rootkit.nl/projects/rootkit_hunter.html

Thread Tools

Display

May Have Been Hacked, In Dire need of Assistance

Posting Permissions