[CentOS] server is always getting hacked
justin.bull at sohipitmhz.com
Sun Jun 28 19:10:37 UTC 2009
On Sat, Jun 27, 2009 at 12:21 PM, Mag Gam<magawake at gmail.com> wrote:
> I am not sure what else measures I can take. Can someone please assist?
You should install an Intrusion Detection System (IDS) as they are
great tools to assist you in how the crackers are gaining access into
>We see load averages of 500+ and see people from all over the world
>logging into our server (used last).
If I understood you correctly, you're saying that running the "last"
command shows logins worldwide that are not yours? Immediately suspend
/ disable / lockdown the accounts they're logging into if they're not
important (say a user thats only used for a daemon).
If I were you I would immediately set up keys for your ssh, disabling
root ssh login (you can gain root via "su -" or "sudo" once you
login), and only enable protocol 2 for ssh.
Install an iptables frontend like APF to help you ban malicious IP addresses.
Are you running the latest version of CentOS? Make sure they don't
have a critical exploit like a kernel privilege escalation exploit.
http://www.sohipitmhz.com/pubkey.txt (PGP Public Key)
More information about the CentOS