Hello all. Im here to ask for some urgent help, will be really grateful if anyone can help.
Im a web programmer on a small web agency in São Paulo. We have this remote server (a RedHat dedicated server) where our site and many client sites are hosted.
Since we got noone to manage the server, Ive been doing it myself (mostly simple tasks like creating users, installing stuff, restarting apache, etc). I got the server all configured an running, i didnt do it myself.
Today we received an e-mail from the server company saying that our server was being used for DDS attacks. A since we (I) are responsible for managing it, was up to me to find whats was going on an prevent it.
So first Ive changed the root password. All ok. Than I found our security logs and saw that our server was constantly receiving repeated login attempts from my IPs, trying to login usually as root.
So I did some research, found people with similiar situations and found the advice that I should change our SSH port from 22 to something else, that it should help avoiding this kind of attacks.
So I followed this procedure (http://forums.burst.net/archive/index.php/t-3100.html
) to change the SSH port to 47, also opening that port on iptables.
Restarted ssh, restarted iptables. All seems fine: I could log in SSH with port 47, perfect.
But something happened. Now none of our domains are loading. For example:
No error messages are received, it just times out. Also, the requests are not logged, is like it never happens, but no error is ever received.
Ive restarted apache and mysql: did not solve. Ive undone the changes I had done: no changes.
So I just dont know what to do anymore. Where should I look to know whats going on? What can be happening? What I broke here, how?
Please, please, help. Any tip, hint, information, anything will be much appreciated.