Server hacked - seeking advice

A server of mine were just hacked. All index pages have been defaced and cpanel themes neither works. (we will replace the hacked index pages of all cpanel themes on the server with on from a server which uses similar themes).

I were told that it is possible that after the defaced pages have been fixed, there's a big chance that the hacker left a "virus" or worm or Trojan Horse inside my account so that this attacker can come back anytime he wants. We found that some malicious binary scripts under the /tmp directory had been use for that. We have removed these scriptsy and remounted the /tmp directory as non-execuetable. We have also changed the root password.

The data center (servermatrix) says that the only way to verify that the system is clean is to format and reinstall the system from scratch and to buy a firewall (it already uses APF). Isn't there any other way to find out if more were left by the hacker? There are 500 accounts on this server so I would like to avoid this if possible in any way Server hacked - seeking advice


Thanks
John

 

 

 

 

Top