We help IT Professionals succeed at work.
Get Started
How to stop Malicious outbound attack from dedicated server
We have a dedicated server which seems to be hacked. Here is what the techs from the company where we host the server are saying:
We have received reports of malicious outbound traffic originating from your server. This indicates possible server compromise. You will need to audit your system to ensure all scripts are currently updated to the most current version.
high
168.9% of 50.0 kpps 41.12 Mbps
119.48 kpps 0:20
(Ongoing) Tue, Nov 24 2009, 08:37:15
Total 08:37:15
Total Traffic
(Misuse) RIPE
89.13. 230.151/32
------
Dear customer,
At current it does not look like your server has been root comprised by a base scan from rkhunter. All results have been written to the logfile (/var/log/rkhunter.log)
It does look like there are several files in the /tmp file that look to have possibly been unload through a vulnerability in one of your programs. You will need to audit your sites and program setup to further diagnose these issues and prevent this type of issue.
---------
What I need is to know what script to use or what to do so this can be stopped and doesnt happen again. Please provide all steps on how to stop this.
The host company can shut down the server if we dont get it resolved soon.
Thanks,
Wally
We have received reports of malicious outbound traffic originating from your server. This indicates possible server compromise. You will need to audit your system to ensure all scripts are currently updated to the most current version.
high
168.9% of 50.0 kpps 41.12 Mbps
119.48 kpps 0:20
(Ongoing) Tue, Nov 24 2009, 08:37:15
Total 08:37:15
Total Traffic
(Misuse) RIPE
89.13. 230.151/32
------
Dear customer,
At current it does not look like your server has been root comprised by a base scan from rkhunter. All results have been written to the logfile (/var/log/rkhunter.log)
It does look like there are several files in the /tmp file that look to have possibly been unload through a vulnerability in one of your programs. You will need to audit your sites and program setup to further diagnose these issues and prevent this type of issue.
---------
What I need is to know what script to use or what to do so this can be stopped and doesnt happen again. Please provide all steps on how to stop this.
The host company can shut down the server if we dont get it resolved soon.
Thanks,
Wally
Why Experts Exchange?
Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.
Jim Murphy
Programmer at Smart IT Solutions
When asked, what has been your best career decision?
Deciding to stick with EE.
Mohamed Asif
Technical Department Head
Being involved with EE helped me to grow personally and professionally.
Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question
Connect with Certified Experts to gain insight and support on specific technology challenges including:
- Troubleshooting
- Research
- Professional Opinions
Did You Know?
We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE