We are experiencing difficult times here. Yesterday we found our server hacked with links inserted all over the website ( check yourself here: www.x6.ro
( please note www.x6.ro
dont use joomla, the index is done manuallyand they even modified this index as well ), www.k6.ro
- you will see a software that want to download on your screen that ask for permission ) and the hackers also inserted alot of invisible links into the websites.
I spent then 10 hours reinstalling FEDORA ( + plesk ) on the server doing the following:
- delete permission 777
- blocked smtp connections ( cose we got even listed in XBL spam database with ip because of exploits )
- blocked ftp access for anyone
- changed root password ( very complex ) , changed each hosting account password with a complex password.
Now you can only connect through the server via SSH but the password was impossibility to crack so this is not an option to explain why we got hacked again.
Now I checked my server and it is hacked again.
I checked logs, nothing unusual but the site was hacked now.
If you can help mewith solving this mystery ( how I got hacked ) Iwill be very gratefull.
I can provide all info you need, LOGS, anything, just let me know what files you need or what type of linux commands you want me to run on the server ( note I am linux starter ).
1000 thanks if you can help me solve this. After the whole reinstall we still got hacked this is outrageous.'
You can check all LOGS I collected now from the server here www.x6.ro/loguri.zip