[bkatz540]

Okay, well first off I run a webhosting company with a friend. Our uptimes have not been great until we moved to a dedicated server running CentOS recently. Unfortunately, shortly after the server got set up, all the accounts got transferred, and everything appeared to be working smoothly, our site was hacked by a random person. We cannot afford to have another week of downtime (the hacker deleted all accounts, we had to get our hosting company to reset the server), as we have already lost many customers from this. :\

I'm trying to take steps to completely secure the server, and this is what i've done so far:
-open_basedir restriction enabled
-updated all system software
-changed root password, thinking about disabling root completely?

I have access to root shell, so if you know anything I can do please tell.
I believe the site was hacked using an exploit, as I am not keylogged and I doubt anyone bruteforced us as I would have noticed the traffic. Is there anything else I can do to secure the server?

Again, it's running CentOS 4.

Thanks,
Ben

[lotuseclat79]

Hi bkatz540,

Checkout: 10 things you should do to a new Linux PC before exposing it to the Internet here.

Pay specific attention to shutting down unnecessary services, and try not to use a root account unless you have the server shutdown for maintenance, and the Internet service offline (if possible - makes it easier for crackers to get root access).

You should think of a layered security strategy, such as having a hardware firewall router in front of your server facing the Internet - and don't forget to change the default mfgrs password as that is a known attack vector for crackers - and install and configure the router by reading the Installation manual from the mfgr.

For CentOS 4 security updates (I don't know how up-to-date this is): here.

CenOS security Guide (from Red Hat) here (free download).

-- Tom