my server was cracked; now what?

[Dave Cramer]

Aaron,

Everyone so far is being polite. Regardless of how important this is  
to your business you MUST reformat it and rebuild it. If I were  
you're hosting company I'd pull the plug on the machine. What would  
happen if this machine were to fail due to hardware problems,  
consider this a learning experience of how to deal with hardware  
failures. They do happen!

Regards,

Dave
On 17-Jul-06, at 2:26 PM, Aaron Vegh wrote:

> Hi there,
> I discovered this afternoon that my server was rooted. I don't think
> they were in there very long, but after noticing some of my services
> down, I went in and through the .bash_history file, saw some commands
> that were not issued by me. I changed the password on the root
> account, rebooted the box and made sure all services were running.
> Other than seeing some passwords missing in my mysql database I don't
> know what else was done.
>
> Does anyone have any guidance for what to do with a machine after it's
> been rooted? I feel violated, but the server is also running important
> parts of my business, so I have to keep it going. I'd also love to
> know how they got in...
>
> Thanks,
> Aaron.
> --
> The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
>

--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml