is my server hacked ?

Hi there,

I set up a server and run for a quite long. Recently, I found some strange DNS record in some of my domains (I found 2 for now) that point to another IP. More dangerous, the destination IP is a faked website. This website fakes a login page of a bank's website.

Only DNS records are changed and for certain domains only. I dont know why ? Does anyone get this issue before ? Is my server being hacked ?

I already change the password login to DA and SSH but still got the problem.

Please help , it's really urgent

Thanks a lot

Were the domains in question created under your own login? If not you should change the passwords of the accounts they reside on as well. I've never had this issue before and don't know how it could have happened other than for someone to have got hold of account passwords

Is your DNS server set to be a caching nameserver as well as an authoritative nameserver? If so, then yes, your nameserver may have been compromised.

Since you didn't listy our nameserver name(s) then there's no way for anyone else to check for you.

Jeff