The owners of e-currency exchange service have appealed to ProtectMaster team due to API exchanger hacking and theft of its funds. The investigation revealed that a hacker gained root-access to the server using the HeartBleed vulnerability and weak passwords. It helped him to withdraw funds on a fake wallet and subsequently exchange ones for Bitcoins by using the API Perfect Money payment system.
The full audit server security was held resulting in the next actions: third-party code and shells removal, software updating, SDN Cloudflare connection. In addition a firewall was configuring and special nginx server security headers were customized too.