View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions server hacked, need help
Log in to Ask a Question

server hacked, need help

general

Hi guys, à

My server has been hacked, I did a netstats and my server is attempting to contacts ftps around the world every 30 seconds,

I changed my root account, I most likely got the gumblar virus, how can I stop this thing ?!

Is that a cron job?

2 Replies

@Karnius:

Hi guys, à

My server has been hacked, I did a netstats and my server is attempting to contacts ftps around the world every 30 seconds,

I changed my root account, I most likely got the gumblar virus, how can I stop this thing ?!

Is that a cron job?

1. Shut it down now.

2. Take an image of it for future forensic investigation.

3. Rebuild from scratch or from a known-good backup.

That's really all you can do when you get rooted, as you, in most circumstances, have no way of knowing what exactly the perpetrator did to your server.

It's worth mentioning that gumblar propagates by infecting Windows machines with malware that steal stored passwords for FTP programs, Dreamweaver and such. So make sure you've changed your passwords and disinfected any Windows machines where you stored them, before rebuilding the server.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct