Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Server has been compromised
Special Forums Cybersecurity Server has been compromised Post 302755883 by franx47 on Monday 14th of January 2013 04:05:17 PM
Old 01-14-2013
Bug Server has been compromised
Hi,

I want to ask something about server that has been compromised. Recently, one of my VPS server has been hacked and the attacker install somekind like "IRC" script.

Everytime I killed the process or close the port, it can open again .. and again ..I'm sure the attacker has installed something like a hidden script. I hv using tool like Rootkit Hunter and find each of the suspicious result.

It really makes me crazy and pain. How can he/she go into my server (as a root) even I have changed the root password.

OS: Centos 5.

Please help. Smilie
 

9 More Discussions You Might Find Interesting

1. IP Networking

in.telnetd[5115] -- compromised?

/* Linux Slackware */ looking in my logs I see tons of entries similar to below. Does anyone know what these mean, and should I be concerned. I looked up a few of the IP's at Arin.net and saw that many of them belong to isp's (not good).. Any information is helpful.. Body of Messages log... (1 Reply)
Discussion started by: LowOrderBit
1 Replies

2. Solaris

NFS write failed for server.....error 11 (RPC: Server can't decode arguments)

Hello! I have a Linux nfs server (called server100 below) with a export nfs. My problem is that the Solaris client (called client100 below) doesn't seems to like it. In the Solaris syslog I got following messages (and after a while the solaris client behave liked its hanged/to buzy). Also see... (3 Replies)
Discussion started by: sap4ever
3 Replies

3. Windows & DOS: Issues & Discussions

Office server => laptop =>client server ...a lengthy and laborious ftp procedure

Hi All, I need your expertise in finding a way to solve my problem.Please excuse if this is not the right forum to ask this question and guide me to the correct forum,if possible. I am a DBA and on a daily basis i have to ftp huge dump files from my company server to my laptop and then... (3 Replies)
Discussion started by: kunwar
3 Replies

4. Shell Programming and Scripting

KSH fetching files from server A onto server B and putting on server C

Dear Friends, Sorry for this basic request. But I just started learning Ksh recently and still I am a newbie in this field. Q: I have files on one server and the date format is 20121001000009_224625.in which has year (yyyy) month (mm) and date (dd). I have these files on server A. The task... (8 Replies)
Discussion started by: BrownBob
8 Replies

5. Shell Programming and Scripting

Connect to server-1 from server-2 and get a file from server-1

I need to connect to a ftp server-1 from linux server-2 and copy/get a file from server-1 which follows a name pattern of FILENAME* (located on the root directory) and copy on a directory on server-2. Later, I have to use this file for ETL loading... For this I tried using as below /usr/bin/ftp... (8 Replies)
Discussion started by: dhruuv369
8 Replies

6. Shell Programming and Scripting

Shell script to copy a file from one server to anther server and execute the binary

Hi , Is there any script to copy a files (weblogic bianary + silent.xml ) from one server (linux) to another servers and then execute the copy file. We want to copy a file on multiple servers and run the installation. Thanks (1 Reply)
Discussion started by: Nawrajesh
1 Replies

7. UNIX for Dummies Questions & Answers

Transfer file from server B to server C and running the script on server A

I have 3 servers A, B, C and server B is having some files in /u01/soa/ directory, these files i want to copy to server C, and i want to run the script from server A. Script(Server A) --> Files at Server B (Source server) --> Copy the files to Server C(Target Server). We dont have RSA key... (4 Replies)
Discussion started by: kiran_j
4 Replies

8. Solaris

Script to get files from remote server to local server through sftp without prompting for password

Hi, I am trying to automate the process of fetching files from remote server to local server through sftp. I have the username and password for the remote solaris server. But I need to give password manually everytime i run the script. Can anyone help me in automating the script such that it... (3 Replies)
Discussion started by: ssk250
3 Replies

9. UNIX for Dummies Questions & Answers

Please help my computer has been compromised

Hi everyone, I hope I am posting in the right spot and I really need some help. I am going through a horrible divorce and I am afraid that my husband has compromised . He set up my mac computer and router and for my job set up remote access for me. I caught him cheating on me and I think he... (6 Replies)
Discussion started by: kk243665
6 Replies

LEARN ABOUT DEBIAN

dtc_reinstall_os

dtc_reinstall_os(8)					      System Manager's Manual					       dtc_reinstall_os(8)

NAME

       dtc_reinstall_os - reinstall an operating system in a VM

SYNOPSIS

       dtc_reinstall_os  [  -v ] [ OPTIONS ] -vpsid <ID> -ram <RAM size MB> -nic <ip>[,<netmask>[,<broadcast>]] -pass <root-password> -os <operat-
       ing-system> [ -gw <default-gateway> ] [ -dns <dns1-ip>[,<dns2-ip>] ]

DESCRIPTION

       dtc-reinstall_os This shell script is a part of the dtc-xen package that is to be used by the dtc panel to manage a Xen VPS server.

       dtc_reinstall_os will bootstrap an operating system for you, so you can later use it in a virtual machine (a VM), otherwise called  a  vir-
       tual  private  server (a VPS). This script will be called by dtc-xen when you order it to install a VPS through the SOAP server of dtc-xen.
       You can as well use it directly on the shell if you don't have a DTC control panel server already setup.

       Additional configuration files

	      When doing it's setup, dtc_reinstall_os will copy the file /etc/dtc-xen/authorized_keys2 into the VPS's  /root/.ssh/authorized_keys2
	      and  /root/.ssh/authorized_key, so the administrator has access to the VPS without the need of shutting it down. So it's a good idea
	      to copy your shh public key in /etc/dtc-xen/authorized_keys2. dtc_reinstall_os will also copy /etc/dtc-xen/motd into  the  /etc/motd
	      of the VPS (and /etc/motd.tail if a Debian operating system is installed), and /etc/dtc-xen/bashrc into the /root/.bashrc.

	      Another  very  important configuration file is /etc/dtc-xen/dtc-xen.conf, that will hold the configuration for both this script, and
	      the SOAP server of dtc-xen itself.

PARAMETERS

       Parameters and options conventions

	      All parameters described here are mandatory. dtc_reinstall_os will exit if one of the parameters is missing from both the configura-
	      tion  file  /etc/dtc-xen/dtc-xen.conf  and  the command line. If a parameter is on both the configuration file and the command line,
	      then the command line has priority.  The parameters not marked like [ this ] are not mandatory in the command line, if and only  if,
	      they  are  defined  in  the configuration file. If a parameter is defined in the configuration file, then it can be omitted from the
	      command line.  The parameters defined above -like <this> are mandatory. Options are always defined with a double minus  sign,  while
	      mandatory parameters have only a single minus sign.

	      All the parameters defined in this section (eg: PARAMETERS) are the mandatory on the command line.

       -vpsid <ID>

	      ID  has  to be a number between 01 and 99. Each time a new VPS is created, an associated user xen<ID> will be created on the system,
	      using /usr/bin/dtc-xen_userconsole so your users can login into the system. When they login, "xm console xen<ID>" will  in  fact	be
	      their shell, so they can access the physical console of the VPS using ssh.

       -ram <RAM size MB>

	      This is the amount of memory in mega bytes that you want to have setup in the Xen startup file for this virtual machine.

       -nic <ip>[,<netmask>[,<broadcast>]]

	      This  parameter  defines the network configuration of the virtual machine, together with the -gw option (see below). There can be as
	      many -nic parameter as you need. If there is more than one, then dtc_reinstall_os will setup a physical NIC  configuration,  and	as
	      many eth0:X virtual alias as needed to match the number of -nic parameters on the command line.

	      If  the <netmask> or <broadcast> parameter is missing, then the values will be taken from /etc/dtc-xen/dtc-xen.conf. It is mandatory
	      to have at least the netmask and broadcast defined in either the command line or in the  configuration  file.  These  variables  are
	      called  NETMASK and BROADCAST in /etc/dtc-xen/dtc-xen.conf. Note that each IP address will be added to the Xen startup configuration
	      file of the virtual machine, so that you can use the anti-spoof facility of  the	Xen  firewall  (highly	recommended,  if  you  are
	      reselling VPS). See Xen documentation on how to activate the anti-spoof feature of xend, but in short, you should use something like
	      this: (network-script 'network-bridge antispoof=yes') while network-bridge can be replaced by the network scheme that you need. DTC-
	      Xen will NOT touch the /etc/xen/xend-config.sxp file, it's up to you to customize it to your needs before using dtc-xen.

       -gw <gateway>

	      You  can	then  specify  lvm  or loopback. Currently the only value the script compares to is lvm (or anything else), but this might
	      change in the future. If omitted, then lvm loopback is used.

       [ -dns <dns1-ip>[,<dns2-ip>] ]

	      This defines the default DNS to be setup in /etc/resolv.conf in the VPS that will be setup. If not present, then	dtc-xen  will  use
	      the file in /etc/resolv.conf of your dom0 to find the DNS to use.

       -pass <PASSWORD>

	      This  is	the  root password you wish to have setup inside the VPS. Not all operating system setup will support it, but it's still a
	      mandatory parameter.  If this parameter is not used, then the VPS will be setup without a root password, which  is,  as  opposed	to
	      many people think, very fine. The user will just need to log into his VPS and setup the root password using the passwd utility.

       -os <unix-distribution>

	      This  parameter  that can be debian, centos, or netbsd for a default setup of dtc-xen. It can also be set to any of the folder names
	      present in /usr/share/dtc-xen-os, so that dtc-xen will use the setup script of the dtc-xen-os module to initialize a partition.

	      This parameter can also be the name of any folder present in /usr/share/dtc-xen-app. These are appliances  that  will  be  installed
	      automatically at the first boot of the VPS. They depend on the support of the unix distribution that is supported by dtc-xen, or any
	      of the dtc-xen-os module installed in the system.

OPTION

       If you don't set these options, then they may have to be set in /etc/dtc-xen/dtc-xen.conf. Some options can be omitted completely.

       -v

	      Without -v, dtc_reinstall_os normally outputs everything in /var/lib/dtc-xen/mnt/XX.stderr  and  /var/lib/dtc-xen/mnt/XX.stdout  (or
	      wherever	you have set the vps mountpoint to be), to keep a log of the installation. With -v, the redirection of standard output and
	      error is not done.

       --vnc-pass <VNCPASS>

	      VNC password for the physical console of your HVM VPS. See the Xen documentation if you don't know what is HVM or  full  virtualiza-
	      tion.  If this parameter is omitted, then the VPS will be setup to NOT use the VNC server (recommended when in production).

       --boot-iso <file.iso>

	      Name  of the ISO file stored in /var/lib/dtc-xen/ttyssh_home/xenXX/ folder so the VPS can be set to boot on it. If this parameter is
	      omitted, then the VPS will boot on the hard drive. Note that your users would, in a normal scheme, upload the ISO file using FTP and
	      the  ssh physical console password they have set using DTC. The list of uploaded ISO files will then be presented in the user inter-
	      face. Because these ISO files can be sometimes big, it is advised to protect your /var filesystem by using a dedicated partition for
	      /var/lib/dtc-xen/ttyssh_home, in order to avoid that your users fill up the /var space with ISO files.

       --initrd

	      Full  path  to  the  init  ram  disk image to setup in the startup configuration file for this VPS. This parameter is normally to be
	      defined in /etc/dtc-xen/dtc-xen.conf as it should normally not be changed often.

       --kernel

	      Full path to the kernel boot image to setup in the startup configuration file for this VPS. This parameter is normally to be defined
	      in /etc/dtc-xen/dtc-xen.conf as it should normally not be changed often.

       --kernel-release

	      Kernel  release  number  that  will  be  used  when  setting-up this VPS. To be used only if you are using the --initrd and --kernel
	      options, and if the release number is different from the one of your dom0. This will be used to run a depmod -a <kernel-release-num-
	      ber> in the VPS partition.

       --kmod-path

	      Full path to the kernel modules to be used when copying the kernel modules in the VPS.

EXAMPLES

       .I Example1:

	      dtc_reinstall_os	-v  -vpsid  01 -ram 512 -nic 192.168.2.176,255.255.255.0,192.168.2.255 -pass MyRootPass -os debian -gw 192.168.2.1
	      -dns 192.168.2.1

       This will setup the VM called xen01, build it's startup file in /etc/xen/xen01 with a vif containing ip=192.168.2.176 and 512  MB  of  RAM,
       setting-up a debian operating system with the /etc/network/interfaces using 192.168.2.176 as IP, 255.255.255.0 as netmask, 192.168.2.255 as
       broadcast, 192.168.2.1 as gateway, and 192.168.2.1 as DNS.

       .I Example2:

	      dtc_reinstall_os -vpsid 02 -ram 1024 -nic 192.168.9.2 -nic 192.168.9.3 -gw 192.168.9.1 -pass MyRootPass -os kde-nx-server-3.3.0

       This will setup the VM called xen02, build it's startup file in /etc/xen/xen02 with a vif containing ip=192.168.9.2 and 192.168.9.3  and  1
       GB  of  RAM,  setting-up  a  debian  operating  system with the /etc/network/interfaces using 192.168.2.176 as IP for eth0, and eth0:1 with
       192.168.9.3. The gateway 192.168.9.1 will be used for eth0, the broadcast, network, and netmask addresses will be used from the default	in
       /etc/dtc-xen/dtc-xen.conf  (as  they  are  omitted  here, it's mandatory that this config file has been edited to match your network and in
       order to use dtc_reinstall_os this way). The dom0 /etc/resolv.conf will be used to set the VPS's /etc/resolv.conf.

SEE ALSO

       dtc_setup_vps_disk(8), dtc_kill_vps_disk(8)

VERSION

       This documentation describes dtc_reinstall_os version 0.3.15.

       See http://www.gplhost.com/software-dtc-xen.html for updates.

															       dtc_reinstall_os(8)
All times are GMT -4. The time now is 06:29 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy