needed to boot fedora server in single user mode to recover forgotten/changed password. changed password with passwd command and rebooted. however, on reboot, the new password was not recognized "Login incorrect". I suspect the server has been hacked! Any other suggestions why the changed password would not be recognized? Any help would be appreciated!
Are you trying to log in on the console or via SSH? If via SSH, are root logins allowed? Did you scan your server for malware with chkrootkit and/or rkhunter?
I attempted both methods to regain control of the server. I've had rkhunter installed with daily reports sent via email and did not notice any suspicious activity. Not being as proficient in linux as I apparently need to be, I re-installed the Fedora 9 Perfect Server to resolve the issue. I need some advice on tools and utilities available to better secure this ispconfig server from future attacks. I found fail2ban and denyhosts but have a steep learning curve to get things configured properly. Maybe when you have some extra time, you can make a howto on securing a Fedora 9 server properly? Your howto on other subjects are outstanding!!!
There's a fail2ban tutorial for Fedora 9: http://www.howtoforge.com/preventing-brute-force-attacks-with-fail2ban-on-fedora9
Got ISPCONFIG back up and running after complete rebuild. However, now the BIND-server is offline in ISPCONFIG and I don't know how to get it going again.
[root@server1 ~]# netstat -tap Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:mysql *:* LISTEN 1833/mysqld tcp 0 0 *:81 *:* LISTEN 2156/ispconfig_http tcp 0 0 *:ssh *:* LISTEN 1739/sshd tcp 0 0 *:smtp *:* LISTEN 6001/master tcp 0 300 server1.bancroftandasso:ssh ip68-231-146-117:screencast ESTABLISHED 16070/sshd: bnovak tcp 0 0 *:imaps *:* LISTEN 1855/dovecot tcp 0 0 *op3s *:* LISTEN 1855/dovecot tcp 0 0 *op3 *:* LISTEN 1855/dovecot tcp 0 0 *:imap *:* LISTEN 1855/dovecot tcp 0 0 *:http *:* LISTEN 2195/httpd tcp 0 0 *:ftp *:* LISTEN 5916/proftpd: (acce tcp 0 0 *:ssh *:* LISTEN 1739/sshd tcp 0 0 *:smtp *:* LISTEN 6001/master tcp 0 0 *:https *:* LISTEN 2195/httpd [root@server1 ~]#
Falko, SInce my last message, I have built a completely new installation of a Fedora 9 server with ISPConfig. I have restored all of the ISPConfig database values from a backup from PHPAdmin. All of the services are operating properly, however, I am unable to access email. We previously used https://www.ebancroft.biz:81/webmail/ to access mail service, yet I recieve "You cannot login with the username and password entered. Please check your username and password and try again." I have returned to IPSConfig to re-enter the passwords, but same result.
Yes! I think I have bigger issues than that at this point. Some emails work, other don't and now I have FTP issues. I think i'm just going to re-install from the ground up with Fedora 9 Perfect Server and ISPConfig and re-enter ALL users.
