Suggestion for a server problem

Yesterday morning my server load started to increase and i notify my dedicated server support about the server load increase. They returned me with the following message :

Hi Mert:

May you explain why the a brute force binary is ruinning from the /usr/bin/.pl/slack/brute ?

Since the /usr/bin/ is a system directory , nobody except the root user can ploace files there and execute the brute forcer.

This was taking the load to high.

We have found that the last login to the server was from 89.32.218.32 and 218.89.164.18.

We are investigating the issue further for you and working on the apache .

I have no idea what they were talking about and when i asked details about this i received the following message :

Hi Mart:

As we investigated the issue, we have found that the server was accessed by chinese ip 218.89.164.18 and we have found that he has places these brute force binary in the server and have lauched a brute forcing attempt from the server.

The server is probably hacked as other reports too are sugesting that. Some of the important binaries are possibly compromised. Apache is failing to restart even after the server reboot.


You are advised to go for a fresh OS reload to fix the issue. However, the OS reload will wipe out the existing data.

Regards,

My question is how can this happen ? I searched around and figured out that the loaded apache module was not the latest stable version and there was a a new version out with bug and security fix. The server is down for the last 27 hours right now. Do you think i shall ask for a compansation about this problem or do you think i shall change my dedicated server company ? The server is fully managed.

I am new to dedicated servers so i dont have that much exprience with them.

The policy you signed off on when you started with them probably limits them from liability.

I would switch providers after you are back online. However, I would not authorized wiping out the drive until they take steps to get a backup of your data for you.