All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
my dedicated has been hacked
my dedicated (ovh) server has been hacked
i got up this morning to see that all sites on my server are 404 .. not found..
when I logged in i saw that my www folder is completely gone ..
I have a backup ( thank god ) and I am restoring it now .. but I just want to know how to check if the hacker has left any backdoors ..
Checked the ssh log , its not done like that.. there is no log messages for logins except my own IP .. so I suppose we are safe on that side..
my www folder was with owner apache
went into the apache logs , but its just too many records to look at.. dont know the exact time of the breach..
anyone can advice me how to check how its done and if there is any backdoors left ?
my active sites are on wordpress (thinking of probably outdated timthub) and one on phpfox social network script
Comments
Simple, just re-install the OS.
Had a FW installed? Changed the default SSH port?
I will reinstall the os easily, but I will have to restore the www again , right ?
So I want to make sure that there is nothing in the www folder.. and in general I am curious how that happened
@shigawire.. no FW installed .. got the fail2ban thingy only.. I will change the ssh port , thanks
Also check out this topic: http://www.lowendtalk.com/discussion/9772/my-vps-has-been-compromised
It might help you.
WP Super Cache and W3 Total Cache have some recent, remote code execution vulnerabilities
@doughmanes I dont use these
@Freek - thanks , will do
edit
cat /var/log/secure | grep Accepted - clean
who : clean
last: clean
cat /etc/passwd for new accounts : clean
So they didnt got in trough ssh ..
Forgot to mentions , I am using centos 5.8 64 bit , last update I have done was yesterday
I hope you mean 5.9
@rds100 - yes, sorry