Find the answer to your Linux question:
Results 1 to 4 of 4
Hello all, yesterday I found my dedicated server offline and after bringing it up in recovery mode (network boot at my provider) the partition tables of both harddrives are missing. ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. 11-08-2012 #1
    michaelz71
    michaelz71 is offline
    Just Joined!
    Join Date
    Nov 2012
    Posts
    3

    my server - a haunted place?

    Hello all,

    yesterday I found my dedicated server offline and after bringing it up in recovery mode (network boot at my provider) the partition tables of both harddrives are missing.

    Does anyone have any idea how such s*** can happen?

    It is for sure that I did not do anything to change partitions or filesystems, I am the only one to have regular access via ssh with 2048 bit keys and the smart logs of the drives do not show any errors at all.

    So why could partition tables of 2 independently mounted drives vanish suddenly?

    Any ideas?

    Kind regards
    Michael
    Reply With Quote Reply With Quote
  2. 11-10-2012 #2
    atreyu
    atreyu is offline
    Trusted Penguin
    Join Date
    May 2011
    Posts
    3,745
    Hello and welcome!

    So is this machine remote? Does anyone have local access to the system?

    The first thing I'd do is go through /var/log/messages (or /var/log/syslog, or wherever your distro puts your kernel messages log file). Look for login attempts from ip addresses you do not recognize.

    Also look through the output of "ps auxww" for processes that you do not recognize or understand.

    You can also run a root-kit detection program, like rkhunter. It is likely already packaged for your distro and would be an easy command to install ("yum install rkhunter", "sudo apt-get install rkhunter", etc.).
    Reply With Quote Reply With Quote
  3. 11-10-2012 #3
    michaelz71
    michaelz71 is offline
    Just Joined!
    Join Date
    Nov 2012
    Posts
    3
    Hello atreyu,

    yes it is a remote dedicated server and there is no one (I really trust) there to login locally.
    I am logged in via network boot and have access to the harddisks.
    The partition tables of both disks are empty, so there is no filesystem and no log anymore.
    Any idea if there is recovery software for linux, which can scan the drives for files?

    Regards
    Michael
    Reply With Quote Reply With Quote
  4. 11-10-2012 #4
    atreyu
    atreyu is offline
    Trusted Penguin
    Join Date
    May 2011
    Posts
    3,745
    Quote Originally Posted by michaelz71 View Post
    yes it is a remote dedicated server and there is no one (I really trust) there to login locally.
    That's not what I meant. What I meant was, "Could anybody have logged into the machine locally, whether you trust them or no?"

    I am logged in via network boot and have access to the harddisks.
    The partition tables of both disks are empty, so there is no filesystem and no log anymore.
    There is a log file on the Linux system that you are logged into, that is the log I mean. What is your distro?

    Any idea if there is recovery software for linux, which can scan the drives for files?
    There are many, to name a few:

    TestDisk

    PhotoRec

    ddrescue

    These are all available on the SystemRescueCD but you should be able to find packages for your distro.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules