"Urgent: Linux Server Malware/Rootkit Incident Response — Active Compromise"
Worldwide
I run a medical clinic patient portal on a Linode VPS (Ubuntu 24.04). The server has had repeated malware compromises over the past month — a backdoor SSH key, a crypto-mining/SSH-brute-forcing process disguised as a system process (running as /usr/sbin/httpd .rsync/c/kthreadadd64), and persistence via cron jobs in a hidden directory (~/.configrc7). It has survived at least two prior cleanup attempts and reappeared after being killed again today. I've now isolated the server from the network (interface down) but have not rebuilt or wiped anything. I need: (1) a forensic assessment of how the attacker got in and how deep the compromise goes, (2) confirmation of whether two other servers I operate, connected via SSH trust relationships, are also affected, and (3) a clean remediation plan. The server holds patient medical data, so I also need guidance on any breach-notification obligations
- Less than 30 hrs/weekHourly
- < 1 monthDuration
- IntermediateExperience Level
$20.00
-
$100.00
Hourly- Remote Job
- One-time projectProject Type
Skills and Expertise
Activity on this job
- Proposals:20 to 50
- Last viewed by client:yesterday
- Hires:1
- Interviewing:3
- Invites sent:2
- Unanswered invites:1
About the client
- PANPanama9:07 PM
- 2 hires, 1 active
Explore similar jobs on Upwork
How it works
Create your free profileHighlight your skills and experience, show your portfolio, and set your ideal pay rate.
Work the way you wantApply for jobs, create easy-to-by projects, or access exclusive opportunities that come to you.
Get paid securelyFrom contract to payment, we help you work safely and get paid securely.
About Upwork
- 4.9/5(Average rating of clients by professionals)
- G2 2021#1 freelance platform
- 49,000+Signed contract every week
- $2.3BFreelancers earned on Upwork in 2020
Find the best freelance jobs
Growing your career is as easy as creating a free profile and finding work like this that fits your skills.
Trusted by