Hacked!!!

My server was hacked. Ownership of the files and directories was taken over by “nobody”. Tech support was unable to change ownership back. The issue has been escalated to the security group. Tech support tells me that the password could have been intercepted from an unencrypted e-mail. They use a ticket system and the password always comes back in unencrypted form.

Comments on security policies? Any similar experiences?

I’m a total newbie. I’m learning little by little. Wow, I’m even learning some basic perl scripting, cron jobs, etc., but I knew nothing about the “nobody” user until today. I didn’t remember seeing it before when I saw it while I was adding a new user earlier today. And then the fact that “nobody” was using 40 MB of disk space looked strange to me. Tech support tells me that all .php generated pages belong to “nobody”. I haven’t been running .php scripts...

Similar experiences? Advice? Info for neophytes?

 

 

 

 

Top