SECTalk.com Posted May 25, 2012 Share Posted May 25, 2012 Hey guys, So we got hacked the other day. Actually, it was just a member who somehow got an admins password, and went in ACP and started deleting members. So I restored the members table from the backup from the previous night. Everything is fine now except the server is being weird. Right after I restored the backup table, the server load was going over 50 and causing the site to be inaccessible for 10-15 minutes out of every hour. Since then, our tech support company has made tweaks to MySQL, and the server load averages from 2-5 (it used to be 0.2 to 0.7 before the incident), occasionally going over 5 and making the community inaccessible due to the ACP setting where the site displays the not available message over 5 server load. Also, the error log has a lot of "Error: 2006 - MySQL server has gone away" messages. Any ideas? Link to comment Share on other sites More sharing options...
Rhett Posted May 25, 2012 Share Posted May 25, 2012 Is this a dedicated server, VPS pr shared hosting? Link to comment Share on other sites More sharing options...
Royzee Posted May 25, 2012 Share Posted May 25, 2012 Sounds like someone might be trying to find your login credentials. If you have WHM, use Security Center >> cPHulk Brute Force Protection, and enable cPHulk protection if not on. Tighten it up a bit. Mine is set to ban for a month after 3 failed SSH attempts. If you don't have WHM, but have server root access add Fail2Ban which is essentially the same as cPHulk without the graphical interface. Link to comment Share on other sites More sharing options...
SECTalk.com Posted May 25, 2012 Author Share Posted May 25, 2012 Hey guys, yeah we have a dedicated server with WHM. I also opened a ticket, and Ryan made these changes which have helped quite a bit. We are still looking into it to figure out what is going on, but this may help some folks in the future:[color=#282828][font=helvetica, arial, sans-serif][size=3]I did, however, take the amount of results returned on searches down from 1,000 to 200... that might help a bit. I also set "My Content" searches back to 365 days, rather than your current 10000.[/size][/font][/color] [color=#282828][font=helvetica, arial, sans-serif][size=3]Okay, I also disabled the "Most Active In" feature for profiles. That is very resource intensive, and is actually removed in IPB 3.3.[/size][/font][/color] Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.