

What I learned from a hacker attack - grobmeier
http://www.grobmeier.de/5-things-learned-hacker-attack-18082012.html

======
ElliotH
I'd argue this response was insufficient. I've always been taught that a clean
wipe is the response to your box being rooted.

At step 3 one should be thinking "I now know nothing about this box, what's
installed? What's modified?" You can't know if its been modified or rooted.

While I'm certain its possible to replace software in the system piece by
piece until you trust it again, but that's much harder than what I would say
is your only option:

Wipe the disk, put a a new install on it and restore your sites from backups.

~~~
ollybee
This article is about some webspace on presumably some kind of shared hosting
account being compromised. Not a box being rooted. No doubt scripts in his
account run with very limited privileges.

If hosting companies wiped a server every time one of their customers sites
got owned the servers would hardly be online at all.

~~~
grobmeier
You are right, this was just a shared hosting package from 1&1\. Nothing I
have root access to. Nothing I can do. I thought it was clear when I wrote the
provider shut me out from my webspace.

------
anonnnnnnnnn
Calling the guys who hacked you "script kids" and "idiots" is just childish.
You failed to take basic security measures and got fucked over by people who
know better than you. The bigger idiot here is the one who was hacked.

~~~
grobmeier
No it's not. I call everybody an idiot who breaks into another server to post
spam. No matter what his reasons are it is just an idiots behavior. Script
kids - why not calling em like that? Taking scripts from a random website and
using them is what I call a script kid.

Anyway, I have already mentioned in my post that I was an idiot to forget
about the installation. Sure, and that is what I have learned about: not to
forget again.

That said, hacking is non acceptable no matter what mistakes the owner of a
website has done. I really have no respect for such people.

------
nakkiel
TL;DR do your sysadmin job.

