Assume you've been hacked, don't assume to know how. Wipe and reset everything and just lock down the entire system this time.
Assume you've been hacked, don't assume to know how. Wipe and reset everything and just lock down the entire system this time.
sig
I agree with Hungry Man. An unexpexted entry in a white list, and chunks missing from log files both point towards unauthorised meddling. Even if you did post the evidence (and you seem not to want to), probably the best we could do is to agree that it looks like you've been got at. I doubt we could work out how it was done if the logs have been edited. Your best bet is to wipe and reinstall, and re-double your efforts to secure the server next time.
I have heard of a program called tripwire that might help detect unauthorised access, but haven't looked at it myself. It's also possible to set up logging to a separate server, and a server that only accepts syslog messages should be quite easy to secure even more, such that your log information can't be deleted next time.
Bookmarks