server hacked, need help
My server has been hacked, I did a netstats and my server is attempting to contacts ftps around the world every 30 seconds,
I changed my root account, I most likely got the gumblar virus, how can I stop this thing ?!
Is that a cron job?
2 Replies
@Karnius:
Hi guys, à
My server has been hacked, I did a netstats and my server is attempting to contacts ftps around the world every 30 seconds,
I changed my root account, I most likely got the gumblar virus, how can I stop this thing ?!
Is that a cron job?
1. Shut it down now.
2. Take an image of it for future forensic investigation.
3. Rebuild from scratch or from a known-good backup.
That's really all you can do when you get rooted, as you, in most circumstances, have no way of knowing what exactly the perpetrator did to your server.