Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Help diagnosing probable hack?

  1. #1
    Join Date
    Dec 2007
    Beans
    383

    Help diagnosing probable hack?

    After discussing an issue I was having with files disappear from my web server I have decided that the system was, as it's called, owned?

    I ran iftop on my server and noticed a LOT of traffic to what should be a very low volume web site. In the range of 30 mb in less than 10 minutes. While that may not seem like much, it is for my little sever. I reinstalled the server from 12.04 LTS server cd and re-ran iftop. Traffic was about 30 mb over an 8 hour period. On the recommendation of the others here, I ran iftop on both my local systems as well and I see a lot of traffic on those when there should be NONE.

    I configured ufw on both the block everything but ssh and to only allow that from the other computer, but is there any way to find out if/what has been done and to undo it?

    I am not proficient with with Linux hacking to even know where to begin looking so any help or finger pointing in the right direction would be great. Thanks in advance.

  2. #2
    Join Date
    Feb 2007
    Location
    West Hills CA
    Beans
    9,363
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Help diagnosing probable hack?

    It could have been a spider crawling through your web pages collecting and indexing information. What files were missing? Check your log files in /var/log/apache and see what is going on.
    -------------------------------------
    Oooh Shiny: PopularPages

    Unumquodque potest reparantur. Patientia sit virtus.

  3. #3
    Join Date
    Dec 2007
    Beans
    383

    Re: Help diagnosing probable hack?

    Those are some of the files missing. Before I am criticized for what I am about to say, I already know how wrong I was, but I haven't really looked at the logs in a while. Almost a year to be exact. Logs and webalizer stats have not been created since last May. ISPConfig no longer worked. Webcrawlers I could understand, but not on the continuous basis I was seeing, nor should there have been any traffic to or from my desktop computer on the same network as the server.

  4. #4
    Join Date
    Feb 2007
    Location
    West Hills CA
    Beans
    9,363
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Help diagnosing probable hack?

    So is it possible that your desktop computer has been compromized and it is using your server as well?
    -------------------------------------
    Oooh Shiny: PopularPages

    Unumquodque potest reparantur. Patientia sit virtus.

  5. #5
    Join Date
    Dec 2007
    Beans
    383

    Re: Help diagnosing probable hack?

    I'm thinking yes.

  6. #6
    Join Date
    Feb 2007
    Location
    West Hills CA
    Beans
    9,363
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Help diagnosing probable hack?

    I would shut both machines down. Boot a Live Ubuntu DVD, download bitdefender and scan both machines. Let us know what you find.
    -------------------------------------
    Oooh Shiny: PopularPages

    Unumquodque potest reparantur. Patientia sit virtus.

  7. #7
    Join Date
    Dec 2007
    Beans
    383

    Re: Help diagnosing probable hack?

    Bitdefender? Is that not a windows only product?

  8. #8
    Join Date
    Jul 2008
    Location
    Canada
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: Help diagnosing probable hack?

    Quote Originally Posted by rebeltaz View Post
    Bitdefender? Is that not a windows only product?
    I use Bitdefender all the time with Linux. Works great.
    PopularPages A very handy Documentation Search Tool used by many.

    Smile today, cry tomorrow!
    ( Read this everyday )

  9. #9
    Join Date
    Dec 2007
    Beans
    383

    Re: Help diagnosing probable hack?

    Hmmm. Where do I get BitDefender for Linux?

  10. #10
    Join Date
    Jul 2008
    Location
    Canada
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: Help diagnosing probable hack?

    Quote Originally Posted by rebeltaz View Post
    Hmmm. Where do I get BitDefender for Linux?
    Here.
    PopularPages A very handy Documentation Search Tool used by many.

    Smile today, cry tomorrow!
    ( Read this everyday )

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •