rackAID Logo
Client Login:
Password:

Support Services Support Services » Security Solutions » Incident Investigation
  Troubleshooting
  Server Management
  Server Deployment
 Security Solutions
  Antivirus Solutions
  Ecommerce Security
  Incident Investigation
  Server Hardening
  SSL Certificates
  Migration Services
  Custom support
Search:

Support Services

Security Solutions

Incident Investigation

Server pulled for an AUP violation? Some hacker launch a UDP flood? Found that your IP is now blacklisted? These could all be signs of an intrusion that should be properly investigated. While restoring operations as quickly as possible is a primary goal, services should not be restored until the security incident is understood. Many server providers will simply replug your server after a quick rootkit check turns up clean. While this gets your server back online, the practice does little to prevent your server being pulled again due to a similar attack. Investigating how the attack happened, the point of entry and the extent of the damage is critical to longer term operational stability. rackAID's incident investigation service is the first step to recovering from a security breach.

Web Exploits

Web application exploits now account for more 75% of all server-level attacks. As Web 2.0, mash-ups and other complex applications and technologies become common place, attacks on these services are expected to rise. rackAID can assist you in tracking down the point of entry, determining what the attackers have done, and recommend solutions to prevent further attacks.

Our emergency suppport services and monthly management plans provide you with ready access to seasoned Linux system administrators that can put in place stop-gap measures, custom build temporary firewalls or deploy other methods to mitigate the immediate security issue. This gives time for more thorough investigation.

Phishing

Phishing attacks are on the rise. Poorly secured web applications are often the cause. Our team can work with you to track down the point of entry and indentify the insecure script. We most often see cross site scripting or arbritrary command execution exploits in PHP as the primary source of problems. Whatever the reason, rackAID's staff can work with you to identify the current issue and provide recommendations to mitigate future attacks.

Spamming

Often we see servers pulled for spamming. Insecure web-applications, poor passwords and improperly configured email servers can create doors for spammers to flood email through your system. rackAID can help you track down the entry point for the spam. We can then work with you to get your IPs removed from various blacklists. Our experience is key. We've helped many clients get removed from Yahoo, AOL, Hotmail and other blacklists. We cannot guarantee a removal, but we can assure your application is submitted properly and followup with the ISPs to try to get your IPs cleared again.

Root Compromises

Properly managed servers are very difficult to compromise. In every case where we've seen a full-root compromise the source was either an improperly patched server, poor password security or a disgruntled consultant/employee. Our monthly management services provide an excellent way to keep your server patched so a root compromise does not happen, but should you find your self "rooted", our staff can assist with a recovery.

In most cases, we recommend a full server restore when root level access has been acheived. Unless you have file integrity systems in place, finding and eliminating all backdoors can be a tedious, time-consuming process. Generally, we suggest you backup critical data and restore the OS.

Many server providers will allow you to mount your compromised drive as a slave to recover data. Our staff can assist you with this process, taking all available measures to assure viruses, trojans or other hacker related materials are not inadvertenly copied to your new system. Our priority and emergency support services provide rapid response times for you to get your operations back online. Once we get the server restored, we can work with you to improve your server and network security so that it does not happen again.

General Security

Suspect someone is hacking into your server? Forum posts being deleted? Odd entries in the logs? If you are seeing abnormal behavior, you may want to consider a basic security audit or incident investigation. These can be done quickly to check for red flags and provide you with a peace of mind that your server is not being used for malicious purposes. From simple security audits to detailed log analysis, rackAID can help you ward off the attackers and guide you to a secure networking and computing infrastructure.

Key Issues

  • Spam Originating from your Server
  • Server Launching DOS Attacks
  • Server Launching Brute Force Attacks
  • Phishing
  • Malicious Code
  • Website Redirects
  • Website Defacements
  • DOS Attacks
  • Mail Floods
  • Unauthorized Access
  • Brute Force Attacks
  • Files in /tmp
  • Viruses
  • Deleted Content
  • Rooted Server
  • Chkrootkit Fails
  • Rkhunter Fails
  • Infected Filesystems
©2000-2007 rackAID LLC