What to do if a server is hacked? Will Red Hat assist with development of security rules and policies and root cause?

Solution Verified - Updated 2025-03-14T10:11:35+00:00 -

Issue

There is reason to believe that my server was hacked
The host started presenting abnormal behaviors
Sudden jump in network bandwidth and/or traffic consumption
Unknown allocated space on disks
New users/groups created on the system with random names
An unknown root SSH login happened
An untrusted IP address was able to login into my system
Someone keeps changing user passwords

Environment

Red Hat Enterprise Linux

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content

Quick Links

Help

Site Info

Related Sites

Copyright © 2025 Red Hat

Here are the common uses of Markdown.

Code blocks

~~~
Code surrounded in tildes is easier to read
~~~

Links/URLs

[Red Hat Customer Portal](https://access.redhat.com)