[CentOS] server is always getting hacked

Geoff Galitz geoff at galitz.org
Sun Jun 28 19:54:32 UTC 2009

> I am not sure what else measures I can take. Can someone please assist?

1) Make a good backup of the hacked system for data archival and forensic
2) Take the affected system off-line.
3) Check all other systems in your company as they are definitely at high
4) Completely re-format and re-install any and all hacked boxes.
5) Change all passwords everywhere and make sure they are not recycled.

Once the baddies got in, they had the chance to install a rootkit.  If you
inspect your box and do not see a rootkit it just means they did a good job
of hacking your box and there is most likely one installed, anyways.

Once the baddies get access to your box the game is over.


Geoff Galitz
Blankenheim NRW, Germany

More information about the CentOS mailing list