Hello! this is the first time i posted something here, i'm sorry if i'm not doing it right. I need help please, I have a client with ClearOS 7.1 Final, he was having some issues with the server so we wanted to check but login credentials didn't work at all, we tried getting in with one of the user profiles and we were able to see A LOT! of warning messages, SSH authentication failed and things like that. we managed to change the password again but now the server can't be access through web, even the graphic console isn't working. Any ideas what can i do, how do i restores a configuration backup through the SSH? Thanks in advance.
Share this post:
Accepted AnswerNick HowittOfflineThere is a configuration backup kept in /var/clearos/configuration_backup but I don't know if you can untar it while ClearOS is running. I guess if the webconfig can, you can but I don't know.
I will, however, ask if this is safe. Do you know what the hacker has left behind? Is there anything left that will allow him to regain control or see what is going on?
I will also suggest that, unless you really know what you are doing, never leave the ssh port open. If you do, at least install fail2ban which can block some password hacking as long as it comes from the same IP address (some bots use whole subnets to try to hack). There are a load of bots out in the web trying to hack port 22 including some well known Chinese and Russian address blocks. One recently had a go at me on port 587. If you do need ssh access, use something like OpenVPN to get access to the server then you can ssh to the server as if you are on the LAN. You don't need to open port 22 to the wild.