I have a server running CentOS 3.7 and DA running fine since 3 years.
Yesterday it was running very slow, and after a reboot it didn't came up anymore. Checked and figured out that when booting was giving errors processing the rc.sysinit, like "segmentation fault line xx" when using mount or grep processing the rc.sysinit, and was also giving "Setting Hostname mercury.eclipsis.ca [FAILLED]". I booted with a Centos CD in rescue mode, and i could see by the dates that the /bin/mount, /bin/umount, /bin/grep, /bin/fgrep and /bin/egrep, where changed yesterday, and there where also some strange files with strange owners in the /tmp. I believe the server was hacked.
I replaced the mount, umount, grep, and the other changed files with fresh files from other CentOS 3.7 server. The "segmentation fault" errors stoped showing up on boot, but it still stops on "Setting Hostname host.domain.com [FAILLED]". Booted the rescue, tried reseting the hostname, but no results, same error "Setting Hostname localhost.localdomain [FAILLED]".
I have a couple hosting accounts in this server. and i would like to know if there's any way this can be fixed so i can access to Directadmin to preform a backup of the accounts to move them to a fresh installation, or if there's anyway to backup the accounts when accessing the server with rescue CD. Or, would Directadmin run if i boot with the rescue CD and chroot to the damaged system and execute it?
Thanks for your help guys, i need to get this fixed asap.
Cheers.
P.S. ...I know... we only remember to do backups when this kind of things happen!
Yesterday it was running very slow, and after a reboot it didn't came up anymore. Checked and figured out that when booting was giving errors processing the rc.sysinit, like "segmentation fault line xx" when using mount or grep processing the rc.sysinit, and was also giving "Setting Hostname mercury.eclipsis.ca [FAILLED]". I booted with a Centos CD in rescue mode, and i could see by the dates that the /bin/mount, /bin/umount, /bin/grep, /bin/fgrep and /bin/egrep, where changed yesterday, and there where also some strange files with strange owners in the /tmp. I believe the server was hacked.
I replaced the mount, umount, grep, and the other changed files with fresh files from other CentOS 3.7 server. The "segmentation fault" errors stoped showing up on boot, but it still stops on "Setting Hostname host.domain.com [FAILLED]". Booted the rescue, tried reseting the hostname, but no results, same error "Setting Hostname localhost.localdomain [FAILLED]".
I have a couple hosting accounts in this server. and i would like to know if there's any way this can be fixed so i can access to Directadmin to preform a backup of the accounts to move them to a fresh installation, or if there's anyway to backup the accounts when accessing the server with rescue CD. Or, would Directadmin run if i boot with the rescue CD and chroot to the damaged system and execute it?
Thanks for your help guys, i need to get this fixed asap.
Cheers.
P.S. ...I know... we only remember to do backups when this kind of things happen!
