Re: Ubuntu Server help
Yes. Take the box off line and then..
Can someone help me troubleshoot this issue?
Read up on how to lock your box down.
Read up on where the log files are.
Read up on what is normal activity for your box so you know what is abnormal activity.
Read up on app armor, tripwire, iptables, failtoban, mod-security, lowest permissions, minimal open ports, sysctl settings etc.
A good place to start is with the security stickies in the security sub forum.
It seems to me that you have a box connected to the net and you are not sure how to lock it down and not sure how to find out if you are compromised. You have no idea what is normal activity and abnormal activity for the box.
Once you know how to lock down your machine, and what to look for in the event of a compromise, then connect it back to the Internet.
I may sound a bit harsh, however i really don't want to see you get compromised.
If you believe everything you read, you better not read. ~ Japanese Proverb
If you don't read the newspaper, you're uninformed. If you read the newspaper, you're mis-informed. - Mark Twain