Skip to content

Hacked VPS :: Best practice to easily harden your server

soIOsoIO United States
in Need Help
It looks like my VPS running GSA was hacked.
I logged in and my mouse was moving and someone was purchasing something from ebay.

Can I ask what you guys are doing to harden your VPS?
I've tried Security Compliance Manager but it looks like I dont have the ram to run it.

Comments

  • soIOsoIO United States
    I'm looking at Server 2008 R2 with Firewall and SP1. 
    I was thinking this was enough to keep people out but I guess not.
  • JudderManJudderMan UK
    I'd get in touch with your VPS provider. Isn't it their responsibility?
  • soIOsoIO United States
    I actually have a dedicated physical server running 3 VPS on hyper-V.
    Oddly enough one of the child VPS exposed to the internet was taken over.

    Was hoping that the image they installed was good enough. Guess not.
    I've contacted my provider already but I want to fix it myself so I can get back to building links.

    Any advice? Security Compliance Manger is a no go.
    Microsoft Security Essentials is not for Server 2008.
    Forefront looks a bit heavy handed and resource intensive.

    What do you guys recommend?
    Install SP3 and hope for the best?
  • soIOsoIO United States
    Went ahead and fixed it. The solution I decided on is:

    1) check for any weird user accounts with admin access
    2) changed to strong password
    3) Install and run Microsoft Essentail Security
    4) Install all Security Updates in windows updates.

    Turns out I was infected with TrojanDropper:Win32/Zegost.B

    Any additional steps would be appreciated
  • BrandonBrandon Reputation Management Pro
    Are you using proxies? Using the server for anything else like browsing? I would have a single VPS for testing new programs if you do a lot of that to keep the SER server separate.
Sign In or Register to comment.