This article only serves to give you a brief overview of the security flaws on the servers and to show you the possibilities which are open to you to analyze the errors.
Furthermore, compromised server structures are too complex to describe clear ways to solve your problems.
If you have little experience in server administration, we recommend that you use analysis tools.
Rootkit Hunter: http://www.rootkit.nl/projects/rootkit_hunter.html
Tip : we also recommend that you install the SSH service on your Linux server even more securely and offer you, as a user manual, the following article from the FAQ of STRATO FAQ: How can I install, even more securely, the SSH service on a Linux server?
The software / services installed on the server (qmail, Apache, FTP, MySQL, etc.) can present security vulnerabilities. It is very easily possible for third parties to know which software is installed on your server (example: nmap -A HOST [indicates open ports and which software / software version is running on this port]). In the event of known security breaches, burglary is then relatively easy.
Preventive measures you should pay attention to : regular updates of the software you use.
In general, we can say that security holes are very often present on dynamic websites. Most content management systems, forums, blogs, boards, etc. offer file upload possibilities (Joomla, Mambo, PostNuke, phpBB, TYPO3, WordPress, etc.).
It is therefore possible that faulty files are encrypted on the server. Security flaws can however also come from poor programming of these dynamic systems. Regarding the usual content management systems, security vulnerabilities are detected and patches are offered quickly. This is why we recommend that you regularly update the systems you use.
Bad PHP settings can also cause security breaches. This is especially true for the options register_globals and safe_mode.
If the PHP option register_globals is activated (ON), it is relatively easy for third parties to encrypt the PHP code (manipulation of the variable, injection of the code). This is the reason why it is recommended here to set this value to OFF.
This also applies to the PHP option safe_mode. If the
safe_mode option is OFF, third parties can also compromise the
server. This is why we recommend that you also activate the safe_mode
option here. An even safer alternative would be to use PHP as a program
(suPHP) instead of the Apache module.
What to do when the server is compromised?
You should first try to identify the process. To do this, focus on the following points: