Hi, I have a server at Amazon EC2 cloud which runs one website (Drupal based). Some time ago I was informed that my server is involved in DDoS attack.
I managed to login, but server was very slow, apache2 and mysql were eating all CPU.
I also managed to bring apache2 and mysql down and kill all network connections.
Now I need a computer security expert to help me with the following:
- Try to identify method how my website was hacked (login brute force, software exploit, etc?). In bash history I've noticed that bad guy eventually got root access.
- If possible, show me what activity was performed on server. What dirs were accessed, was anything removed or deleted?
- Verify that no backdoors are left on the server.
- Update all relevant software including Drupal. BTW, I have recently noticed strange activity on Drupal forum. I need to clean up it as well.
- Set up stronger security to avoid this in the future.
13 freelancers are bidding on average $175 for this job
I posses CCIE certification in security and R&S. I have been designing and delivering in networking and security domains for over 10 years. Delivered hundreds of such projects for IBM India.