LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Server hacked with phishing files
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-10-2009, 10:06 PM   #1
Rastus
LQ Newbie
 
Registered: Mar 2008
Location: San Antonio, Texas
Distribution: Debian -Lenny / Etch - RHEL
Posts: 3

Rep: Reputation: 0
Server hacked with phishing files

Hello,
My server has been hacked, and I am trying to resolve it. I have been working through the list of security tips here --> http://www.yolinux.com/TUTORIALS/Lin...tSecurity.html < - Up till now, I could delete the folders the hacker created, now I can't, I log in as root and when I try to delete them using rm -rf (directory name) I get permission denied. that's the most urgent thing I need help with.. my hacker is smarter than me it would appear, which right now is not saying much, then I need to find out hopw he got in and is still getting in.. this is a dedicated server running Redhat EL 4.6-32. Hope all that made sense.. I'm kinda stressed right now..

any help or insight offered is greatly appreaciated.
Kenny
 
Old 11-10-2009, 10:24 PM   #2
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 782
Blog Entries: 8

Rep: Reputation: 158Reputation: 158
I'm gonna say to try the standard and highly recommended CERT Intrusion Checklist first before doing anything else...and ignore recommendations to immediately reinstall your distribution, as you'd only get rehacked...the object is to learn how the server got cracked and learn from the experience.
 
Old 11-10-2009, 10:51 PM   #3
Rastus
LQ Newbie
 
Registered: Mar 2008
Location: San Antonio, Texas
Distribution: Debian -Lenny / Etch - RHEL
Posts: 3

Original Poster
Rep: Reputation: 0
Thanks.. going there now
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
tripwire flagged files, am i hacked? hank43 Linux - Security 2 11-11-2006 06:13 PM
RedHat 7.2 server hacked and all $HOME/public_html/index.htm files replaced abesharp Linux - Security 5 12-09-2004 03:05 AM
Server hacked cpanelskindepot Linux - Security 46 07-05-2004 06:19 PM
Server hacked php4u Linux - Security 1 07-05-2004 11:34 AM
server hacked!?!?! vittibaby Linux - Security 1 03-27-2004 12:31 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:26 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration