Server hacked

[kloentje2]

Hello,

Yesterday my DrectAdmin installation was hacked. I want to know how I could recover my admin account, because the idiot had the change to delete it.

Thanks in advance!
Koen

 

[scsi]

Your best bet is probably to format the server now. There is no way to know what was infected.

 

[nobaloney]

I've changed the thread title. If you have evidence that DirectAdmin itself was hacked, then I'll be happy to look into it.

But DirectAdmin is a compiled C++ program (if I recall properly), and is likely not hacked. Other reports have been false alarms.

Jeff

 

[AndyII]

server hacked?, they have root?
assuming you have DA admin access (not a reseller or user account), may be they got or guessed your DA admin password.
and or a weak password was used for DA and or root
since 2005 I have used DA and Never been hacked, cPanel..yes, DA no... oh they try but never succeed.
if this is DA then someone here may be able to help you like Jeff and tell you how to use root to get it back, if you were rooted then scsi's advice , wipe and reinstall is the only way to be sure they dont have a hidden back door built in.

If they have admin access, by now they 'may' have done a lot of damage, to any or all accounts on your server, perhaps setting them all up for a spam server, hope you have a good set of backups

 

[nobaloney]

There are now two reports of user admin disappearing. See this thread as well:
http://forum.directadmin.com/showthread.php?t=48988&p=251734#post251734

What do you mean when you say the admin user has disappeared? Is /home/admin still present?

Jeff