Page 3 of 3 FirstFirst 123
Results 21 to 23 of 23

Thread: Server Finally Hacked

  1. #21
    Join Date
    Mar 2011
    Beans
    668

    Re: Server Finally Hacked

    Assume you've been hacked, don't assume to know how. Wipe and reset everything and just lock down the entire system this time.

  2. #22
    Join Date
    Jan 2008
    Location
    Manchester UK
    Beans
    13,636
    Distro
    Ubuntu

    Re: Server Finally Hacked


  3. #23
    Join Date
    Nov 2007
    Location
    London, England
    Beans
    5,476
    Distro
    Xubuntu 14.04 Trusty Tahr

    Re: Server Finally Hacked

    I agree with Hungry Man. An unexpexted entry in a white list, and chunks missing from log files both point towards unauthorised meddling. Even if you did post the evidence (and you seem not to want to), probably the best we could do is to agree that it looks like you've been got at. I doubt we could work out how it was done if the logs have been edited. Your best bet is to wipe and reinstall, and re-double your efforts to secure the server next time.

    I have heard of a program called tripwire that might help detect unauthorised access, but haven't looked at it myself. It's also possible to set up logging to a separate server, and a server that only accepts syslog messages should be quite easy to secure even more, such that your log information can't be deleted next time.

Page 3 of 3 FirstFirst 123

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •