Urgent need help my server is hacked !!!!

Discussion in 'Server Operation' started by zinovsky, Feb 4, 2009.

  1. zinovsky

    zinovsky New Member

    My server is now hacked 2 times in 2 weeks, today again was hacked, i have alll the ports closed , i closed ftp 21 ,also ssh22 ,but even that they could enter to the server and hack my webpage , i use joomla for building the webpage can be the reason ? or that i have the firewall off because of selinux is desables.
    this are my configurations :
    centos 5.2 i used perfect server tutorial of falco
    I have all unecessery ports closed even FTP - 21 and SSH 22

    Thank you in advance for your help.
  2. bernholdt

    bernholdt Member

    Well i was unlucky to get my site hacked aswell.
    I found a rs57 shell on my server that was uploaded trough a image uploading function.
    look trough you web folder and see if you can find any wierd looking scripts.

    If i were you i would backup my joomla database and template folder reinstall the server and start over with a fresh joomla. (remember to backup userfiles images etc.etc.

    I can recomend you to install OSSEC wich is a intrusion detection system then you can get noticed of all scan attacs. And it would most certain warn you if someone is trying to exec a shellscript. I installed OSSEC after my own server got hacked and i enjoy open my mail and be noticed of everything unsual happening on my server.
  3. marpada

    marpada New Member

    Joomla can be a PITA, but you can keep it secure if:

    Use the recommended php settings ( open_basedir, fopen_url)
    Use the recommended folder permissions (not chmod 777 all forlder)
    Just install well-known, active modules
    Keep your joomla core and modules updated.
    mod_security and suhosin are also very helpful
    Gm foods
    Last edited: May 13, 2011
  4. touchtecservers

    touchtecservers New Member

    You could also create a bash script that is run hourly or daily by cron that searches for all executable files in paths that you know can be uploaded to. It could then either email you these as a list, or archive them, or delete them.

Share This Page