I have a linux packaged server (is that right?) that I run for a coworker. It has recently been hacked and I've been trying for the last few days to get rid of the malware. It now redirects most of my sites to http://gator65.hostgator.com/~db905/tds/out.php?s_id=1. What can I do?
Asked
Active
Viewed 163 times
1 Answers
6
Wipe the drive. Reinstall from known-good backup.
There are plenty of ways you can miss something that's installed and hidden on a server that's been rooted.
Unless you had hashes of all your files/binaries, you can't even tell if you're running the correct applications on your server. For all you know you're running altered system binaries that are specifically tailored to hide the malware. Your logs could be hiding information, and your system could be hiding network connections to spam/malware sites, and your system is distributing more warez/malware. Take it offline, restore it, fix the security holes and do all updates, and make sure your backup is from pre-rooting.
Bart Silverstrim
- 31,296