Ubuntu Hacked

I've got a 11.04 install of Ubuntu, which my linux guru has informed me has been hacked. I'm assuming he's right.
This server really only has a root login, and he rekons they've got the root password, I only use ssh to login to the server.
There is a apache and asterisk install....? can't imagine these are that vulnerable...is there any other way the 11.04 could be vulnerable?
I'm thinking from the point of view of a new server...and that becoming vulnerable.
Silas2Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rindiCommented:
If you only logon as root, well that makes it very vulnerable. Ubuntu usually installs as a non root user, and you shouldn't change that. When you need to run admin tasks use sudo to run the task as root. Also the default setting of SSH doesn't allow root access, and that shouldn't be changed either.

Hackers will probably always first try to brute force the root password, and if you don't use root, but rather another account they won't know the other account name to try.

The other important thing of course is to keep the system up-to-date so security holes are patched. As 11.04 wasn't an LTS release, it has reached it's end of life in 2012. So for that you won't get updates and you'll always be at risk. If you use a production server you should always use the current LTS version, for which you get 5 years support. When that runs out, you should upgrade to the next LTS release. Upgrades on Ubuntu from previous releases usually go easily.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Zephyr ICTCloud ArchitectCommented:
Also, it's more secure to switch to using ssh keys to login (preferably with passphrase) instead of root/user and password and disable login using a password.

If you really have to login with a user/password install something like fail2ban to keep an eye on things and automatically block brute-force (and other) attacks as much as possible, but definitely disable the possibility to login as root all together and use a regular user as rindi suggested.

Besides that, make sure a firewall closes off all other ways of getting in, as open ports that aren't used for example.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.