Server breached UPDATE (tl;dr: false alarm)

[MrStonedOne]

So this weekend I found out that my VPS provider is stupid.

Tech speak incoming, scroll down for the non-tech inclined version

When I woke up last weekend to discover the server was down, First thing I did was log into ssh, only to get a can not authenticate error (I'll later find out that this isn't the same as a authentication denied error). Panicking I log into the VPS control panel, and had it reset the ssh password. Still nothing. I open the web based console, and it auths me into my server just fine.

First thing i did was check the auth logs, and discovered it only had a few lines, all from the same few minutes. It was at this point i assumed the server had been breached, and what i was seeing was what was logged after the intruder cleared the logs to hide their tracks.

What I knew at that time was the following: Site was down, remote shell wasn't letting me in, authentication logs were gone.

What I didn't know at that time: Server had no free memory, This was what was causing both the website, and the server remote shell from doing anything, and that the log files were never getting wrote.

Turns out the disk image my VPS provider (VPS == virtual private server, think VmWare based servers.) used, had a poorly configured syslogd, so it wasn't even running. None of the syslog controlled logfiles had anything other than from the boot from when they were setting up the image.


In short, Server wasn't hacked.

Non techy version

Server wasn't hacked, I thought it was because the site was down, remote login wasn't working and log files relating to people logging in to the server were too short to be complete looking as if they had been modified.

Turned out that the initial configuration from my hosting provider had an error, so the program that made the log files wasn't writing them, and the only logs i was seeing was from when the hosting provider logged in to set up the master image they clone all the servers from.

Also turned out that the site keeps going down because my server needs more mem/ram. So I'll be working on that.

You may now return to your panicing

[danno]

so what you're saying is all our steam games are stolen

[miggles]

no you idiot the NSA hacked all our passwords and they're gonna steal all the porn off of our hard drives

[MisterPerson]

Quick, install gentoo a couple dozen more times

[miggles]

/g/entoo

[Stickymayhem]

Phew. For a moment there I thought they were going to catch me.

[Jeb]

What are the spec's of the VPS? If I can run a xenforo forum, MySQL, apache/php on 1024mb of ram and a single 3.2ghz core, somethings wrong with your setup.

[MrStonedOne]

What are the spec's of the VPS? If I can run a xenforo forum, MySQL, apache/php on 1024mb of ram and a single 3.2ghz core, somethings wrong with your setup.

256mb of ram.

256mb of swap(ssh)

and for me its shared access to a 2.6ghz core.

Note: I only pay 30 a year for this setup.

I used to run a tf2 server on this setup actually.

[Jordie0608]

De-globalling topic.