Hi all ...
Today i found my server being turned off.
Reason: a second abuse HR received involving one off my accounts.
I fully understand this, they have to watch theyre own back!
Now, i'm asking for a big help from all you Linux dedicated guru's!
How can i prevent this from happening again? What do i check? How can i see if there are any proccesses running in the background keeping a door open?
I'm a complete Linux newbie, place in front off a fire squad :(

This all started two weeks ago when my account whas on a shared hosting server (reseller account). The first time they placed a fake paypal page in a subdir of VBulletin, at that time running version 3.0.3.
After the first alert i immediatly upgraded to the latest stable, being 3.0.7.
I changed my account password. After another fake paypal page, they turned to a fake AOL page. This whas no longer in a VBulletin subdir, but in a /public_html/dir .
Changing passwords whas not enough.
They still get in!

What can i do, what can i check??
All help on this is more then welcome!
HELP !!!

i'm a vB guru myself, and the right thing to do was upgrade to 3.0.7.

Other than that, unless anything odd was moved from your old shared account to your new hosting account, you should be fine if you have iptables configured properly and running.

If you'd like, I can have a look for you..

C

Hi Chris,
Troubles started at the shared hosting account, but seems to move along to my dedicated server.
Could you give my some more information on these iptables?
I'm a complete Linux newbie when it comes to system management.
If you like, you can mail me: johan _ at _ hejo _ dot _ org

Thanks for the help!
Greetings,
Johan.

iptables is a simple, but effective firewall that's already built into your OS.

go to www.webmin.com, and install the latest version on your server... there's a complete GUI for it there. That's really all there is to it. It would take you a while to learn how to edit the config files by hand.

What it does, is blocks communications on certain ports on your server. You can get specific and narrow it down to certain ports on certain IP's, but i'm assuming you only have one IP address.

Let me know if you have any problems installing Webmin, and I can help you install it.

Chris