Knowledgebase: Dedicated Servers
Compromised / Hacked Server
Posted by Help Desk (6) on 14 September 2005 01:47 AM
In the event your server has been compromised the following procedures apply:

Sending Outgoing D/DoS Attack:
If your server is sending an outbound Distributed / Denial of Service Attack that is large enough for us to see on our internal network charts, your server will be removed from the network. We will attempt to contact you to advise you of the action taken. Once contact is made you have the following options:

- Use KVM over IP to access your server to stop and remove the script/s. Please see our dedicated server page for pricing on KVM over IP rental. When you are 100% certain the script has been stopped, removed and the hole the hacker got in through has been patched, we will enable your server back on the network at a rate limited speed for up to 1 week to ensure it is not compromised again. In the event that a 2nd attack is generated an operating system restore will be required.

- Operating System Restore. The best way to ensure that the hack has been removed. However if you copy your hack back from any backup files and another attack is performed we will isolate your server again and another OS Restore will be required, and you will be fined $440 on top of all occured charges and remain on a rate limited connection for up to 1 month to avoid any further possible disruption to other customers.

For further information on a OS Restore, please see the topic under this same knowledge base heading.
(159 vote(s))
Not helpful