Linoded compromised for "Outbound DoS" - Need to R

Linode.com contacted me on Saturday about an outbound DoS that occured from my linode. It seems that my linode was compromised.

Linode then asked me to redeploy. However, I had a programmer set up my linode initially (this was over 2 years ago), and I do not feel comfortable doing it myself.

Would someone give me a hand? I need my linode for several wordpress blogs and had virtualmin and webmin installed (I know these two to handle simple mysql issues, etc.).

Can someone find out who compromised my linode? I am somewhat reluctant to foot the bill for damages caused by someone else.

I hope I can find help here. Thanks for your comments, guys.

7 Replies

This guy over on SliceHost seems to have a good reputation and following (that is of course if you can't find a fellow Linode-r to help you out).

http://forum.slicehost.com/comments.php … ionID=4628">http://forum.slicehost.com/comments.php?DiscussionID=4628

What amount do you believe will be fair for him to charge me?

7 billion pickled herrings

No clue - that thread states he's fair, quick, and reliable - none of which I can personally vouch for (not having ANY OTHER knowledge of that person except for that thread).

He'll charge what he charges - it's up to you to decide if it's worth it TO YOU or not.

If you can't afford (or are unwilling) to farm out sysadmin stuff, then it's best to roll up your sleeves and learn the basics yourself. It's not rocket science (although hardening a server seems to be something you really REALLY need to work on).

Also, learn to BACKUP! If you had a backup (i.e. bare metal recovery) we wouldn't be having this conversation.

Documenting a bare metal recovery is a standard practice for any server admin.

I do have backups (by linode), however they told me that I still need to redeploy. They have shut off my vps temporarily and I have since experienced damages from lost income and advertising efforts and expenses which cannot be paused temporarily.

@linqueue:

I do have backups (by linode), however they told me that I still need to redeploy. They have shut off my vps temporarily and I have since experienced damages from lost income and advertising efforts and expenses which cannot be paused temporarily.

No offense but:

1) Where's your original programmer?

2) If he's gone, get him back.

3) If this is a money making venture, you need a sysadmin to deal with things like this. No, not your 16 year old nephew, or that "geek kid next door".

4) Learn how things work, yourself, so you don't need #3 anymore.

> 1) Where's your original programmer?

In India :) I lost his contact info - never had the need to contact him again. After he had set up the linode, I was fine administering the sites through virtualmin/webin and wordpress. WAS. I guess I'm not anymore.

> 3) If this is a money making venture, you need a sysadmin to deal with things like this. No, not your 16 year old nephew, or that "geek kid next door".

Makes a few hundred $ a month, not much.

> 4) Learn how things work, yourself, so you don't need #3 anymore.

I will put my best foot forward in learning things myself. As for the time being, getting the sites back up as soon as possible is my priority.

@linqueue:

Can someone find out who compromised my linode? I am somewhat reluctant to foot the bill for damages caused by someone else.

I doubt you'll be able to find out "who" as in Joe Bloggs, but you might be able to find an IP address, then email the abuse@serviceprovider and pray they do something.

Do you have any idea how it was compromised, what's running on the server?

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct