Help! Our server was shut down after being compromised
A customer called and complained about your server possibly attacking their server. I investigated it at their request and your server was running illegitimate scripts that were attacking other servers. At my discretion, I removed your server from our network because it is harming other customers(and networks). The server may be comprimised so please update this ticket with your plan of action.
Now we have no access to the latest logs so we can't even figure out what happened. SM want $125 just to launch a proper investigation (may end up costing more). Right now, to get us back online they want us to do a complete OS re-install. But that would mean losing those logs, and who's to say the attacker won't be back through the same loophole?
I"m not sure what to do next
