Memories in Metal: The Emotional Resonance of Personalized Jewelry

Who Are Lawyers and Attorneys Who Handle Contested Divorce Cases?

How to Send a Legal Divorce Notice? Everything You Need to Know 

How to choose a bathroom faucet?

Everything You Need to Know About Engraved Wine Bottles 

Indonesia’s Aquatic Paradises

Nail Service Excellence: UNO Base Coat Unveiled

The Challenges Of Prisoner Re-Entry Into Society

8 Ways for Making the Move to a Care Home Smooth and...

A Guide to Embracing the Caregiver Role Wholeheartedly

HackingSoftwares

How To Handle A Server Hacking

by Michael George
written by Michael George

I had an issue with one of my servers going down repeatedly. This is very bad news for someone like me who makes a living as a web developer. Hosting websites and keeping my pages up and my clients happy is something that is very important to me, and when a server goes down, my clients are not happy and I am not happy.

Server and the Issue

I took a look at the server and the issue was that all of the available hard drive space had been used up. I deleted a bunch of files and cleared up several gigabytes of space. A couple of days later the server went down again. Same issue.

I also got an email regarding spam emails being sent from one of my IP addresses. I went looking for the largest files and directories on my server and discovered that my mail logs had been going crazy. I discovered then that my server had been compromised to send spam email.

Even worse.

I set about looking to discover what I could. I searched google because I know that sometimes hackers like to post about their accomplishments, sometimes hackers work in teams with other hackers and leave their chat logs open and searchable to the internet. I took a look through google and discovered a conversation showing how they had gotten into my server. I discovered that I had stupidly left an old account on that I had created for a customer that had the same username and password based on a dictionary word. I realized that I was an idiot.

I searched around and did what I could. Deleted the mail queues. Deleted the logs. Deleted extra users. Deleted the insecure user. Yet still my server continued sending email. I looked through the crontabs for all users and couldn’t find any processes or scripts. I then asked for help.

I found a very skilled programmer on twitter named @wh1zzz0 and approached him for help. He helped me go through and secure my server and then also showed me how to search for rootkits. A rootkit is something that a hacker can leave on a server for him to gain access later even if you’ve changed your passwords.

He told me about rkhunter (short for rootkit hunter), which is a piece of software that allows you to search your server for rootkits.

I downloaded and installed rootkit hunter from sourceforge: http://rkhunter.sourceforge.net/

Installing and running this searched for hundreds of commonly used rootkits and helped me discover the source of my problems.

I hope that my mistakes may help someone else learn and protect their server in the future.

0 comment
3
FacebookTwitterPinterestEmail

Related Posts

How to Manage Stress at Work

Microsoft Office Specialist Certification: What You Need to...

Cost And Features To Develop Clinic Management Software

What Is PLC Programming? A Tech Guide for...

Coding 101: 5 Secret Hacks of Expert Programers

Microsoft Teams vs Slack: Which Is Right for...

Reasons to Choose Custom Software Development

What Are the Benefits of Hiring a Managed...

Why Emails Go to Spam and How to...

Leave a Comment

Internal Server Error

Internal Server Error

Oops! Something went wrong.

The server encountered an internal error or misconfiguration and was unable to complete your request.

Error Code: 500