TulipTools Internet Business Owners and Online Sellers Community

TulipTools Internet Business Owners and Online Sellers Community > Security > Internet Security > Web Server Security > Diagnosing a Hacked Linux Server
Full Version: Diagnosing a Hacked Linux Server
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Kristijntje

08-25-2007, 02:09 PM
Quote:So the box has been compromised, backdoor installed and it's been converted to a zombie. The attacker made several mistakes allowing him to be detected:

    * Forgot to wipe out root's .bash_history.
    * Wiped out everything under "/var/log/*", including directories which several programs relied on and thereby refusing to start. Now, why did he do that? This certainly was stupid.
    * Changed the root-password. Another bummer. Never ever change the root-password. This surely will catch the attention of a sysadmin...

full article: http://blog.gnist.org/article.php?story=...ayCracking
TulipTools Internet Business Owners and Online Sellers Community > Security > Internet Security > Web Server Security > Diagnosing a Hacked Linux Server