[CentOS] server is always getting hacked

Sun Jun 28 19:54:32 UTC 2009
Geoff Galitz <geoff at galitz.org>


> I am not sure what else measures I can take. Can someone please assist?


1) Make a good backup of the hacked system for data archival and forensic
analysis.
2) Take the affected system off-line.
3) Check all other systems in your company as they are definitely at high
risk.
4) Completely re-format and re-install any and all hacked boxes.
5) Change all passwords everywhere and make sure they are not recycled.

Once the baddies got in, they had the chance to install a rootkit.  If you
inspect your box and do not see a rootkit it just means they did a good job
of hacking your box and there is most likely one installed, anyways.

Once the baddies get access to your box the game is over.

-geoff


---------------------------------
Geoff Galitz
Blankenheim NRW, Germany
http://www.galitz.org/
http://german-way.com/blog/