Hi PPL!
I have 2 problems!
1-st problem is with Security!
A week ago my servers were hacked! Somebody got access to /tmp and var/tmp directory and runs scripts from there under apache user.
I backed Up all my data and reinstalled server using following steps:
- Fresh installed FreeBSD 5.4;
- secured the /tmp and var/tmp directory with noexec ........
- Installed DA
- installed the mod_security;
- changed apache, mail, ftp, majordomo users to sbin/nologin in password and master.password.
also I've installed the avtoconfiguretor script from www.rootkit.nl
which installs: Chkrootkit, Rootkit Hunter, cvsup and changes crontab permissions.
After few days one of my servers was hacked again!
At this time, atacker uploaded some tool im my var/mail directory, untar and ran it from there under apache user.
uploaded tool looks like IRC bot/daemon (maybe)
I have no firewall installed, because i dont know how to.
I tried to install it according the HOW-TO from this forum but with no success. also I'm afraid to install it because i don't have direct access to my servers and afraid to block myself.
2-d problem is that I have 62 users on my other server but in backup section of reseller level i see only 42 users and there is no file - users.list in my /usr/local/directadmin/data/users/admin/
and all users owned by admin.
I use FreeBSD 5.4 / customapache with gettext and Freetype2
Thank you and Sorry for my English.
Hope you will be able to help me.
I have 2 problems!
1-st problem is with Security!
A week ago my servers were hacked! Somebody got access to /tmp and var/tmp directory and runs scripts from there under apache user.
I backed Up all my data and reinstalled server using following steps:
- Fresh installed FreeBSD 5.4;
- secured the /tmp and var/tmp directory with noexec ........
- Installed DA
- installed the mod_security;
- changed apache, mail, ftp, majordomo users to sbin/nologin in password and master.password.
also I've installed the avtoconfiguretor script from www.rootkit.nl
which installs: Chkrootkit, Rootkit Hunter, cvsup and changes crontab permissions.
After few days one of my servers was hacked again!
At this time, atacker uploaded some tool im my var/mail directory, untar and ran it from there under apache user.
uploaded tool looks like IRC bot/daemon (maybe)
I have no firewall installed, because i dont know how to.
I tried to install it according the HOW-TO from this forum but with no success. also I'm afraid to install it because i don't have direct access to my servers and afraid to block myself.
2-d problem is that I have 62 users on my other server but in backup section of reseller level i see only 42 users and there is no file - users.list in my /usr/local/directadmin/data/users/admin/
and all users owned by admin.
I use FreeBSD 5.4 / customapache with gettext and Freetype2
Thank you and Sorry for my English.
Hope you will be able to help me.
