Re: Help: Server security compromised?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



More information, after noting the cyclical shutdown of the firewall, I looked into crontab and found a line that stops apf every 5 minutes and directs the output to null.

I cannot copy the exact line now because of my stupidity (good reason why I call myself a noob).

After noting this, which obviously is not a line I entered, which I suspect (wrongly) was injected by some hacker, I removed it. Then proceeded to check apf which was installed by a third party script.

As I noted the comments in the apf.conf, I realized that the autoshutdown of the firewall was due to development settings in the apf.conf file to prevent lockout due to bad firewall configurations. And just as I had the "OH SHIT" thought, my SSH got disconnected and I promptly found myself locked out of the server.

Since I followed some of the rules about SSH and used a non-standard port for SSH and disable SSHD listening on the default port 22, I've no way back into the server and all services on that server are now apparently dead to the way. :(

So I'm now prepping for a long ride to the IDC if a reboot doesn't help my stupidity.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux