PDA

View Full Version : HELP URGENT, Maybe getting hacked on my Bluehost server



Hortinstein
July 2nd, 2007, 06:16 AM
Hey, i just got SSH access into my Bluehost server and upon arriving, I noticed that there was another user in there with a comcast IP, and his name is tripleti... I was just wondering if there was something that I did to let him get in and how i can Kick him off and ban him from accessing ever again

he let me know he was in there by 'wall' poop so it broadcast to me

anyway to kick him and secure the server...I just set it up last night and it shows hes been logged in before SSH access was even enabled

I will be around for more info if any is needed

ndefontenay
July 2nd, 2007, 08:47 AM
If you ask me, the bottom line is that your server is now compromised. You'll have to run some tools to find out what files have been compromised and if you are not being spied from within.

I would completely avoid the risk by re installing the whole thing completely.

It looks seriously dangerous to leave your computer the way it is now...

You'll then have enough time (while it's offline) to look for more information on how to harden it...

Good luck

Warpnow
July 2nd, 2007, 11:45 AM
Bluehost isn't a vps...he's probably just another user on the system.

diskotek
July 2nd, 2007, 12:31 PM
Bluehost isn't a vps...he's probably just another user on the system.

what does this means? i'm planning to have a bluehost account.

Warpnow
July 2nd, 2007, 02:07 PM
Its a normal web host...and one that oversells at that. They're not running a virtual machine for each user, so all the users are on the same machine(s). It makes sense that there would be another user on your SSH, its just someone else who has an account at bluehost.

I reccomend NOT going with bluehost...they oversell. All I've heard from their users are bad things.

diskotek
July 3rd, 2007, 11:20 PM
thank you for advice, yes they might do that, they are cheap and offers are great than others :)

troseph
September 4th, 2008, 05:39 AM
ROFL!! That was me. I used to work at BlueHost, and you were on my box. BlueHost is a shared host, and using wall is something any user can do. Nothing to worry about. There are about 390 other customers on that box.