Results 11 to 13 of 13
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 11-18-2011 #11
Actually, you already know the source system, based on your first post. Internet Searches against the host name and ip will probably reveal someone who has had similar problems/hacks.
Because, technically - you do not know if it is a hack. Block the source ip and see what stops working???
- 11-21-2011 #12
*hmm* Finding Trudy (the intruder, a.k.a. the source of your evil) will be hard. As you explained earlier, worker processes are started and terminate once their work is done. You can only identify the workers, but not the manager unless they are related (i.e. the worker is a child process).
Therefore I still suggest you would better rebuild the system from scratch and tighten security as far as possible to prevent future problems.
At the current state your server is in the best case just a victim of a worm that looses customer data to a Mallory (some malicious identity). In the worst case you're an active node in a botnet that causes trouble to other people, making you the Mallory.
- 11-21-2011 #13
I am not one for "brow beating" anything, However - as a former LAN administrator - recognizing he has a WAN problem, four factors would encourage me to continue my investigation. 1) he has a work-around. 2) He does not know if he is infected. 3) He does not know if his system is causing the problem internally (OS errors). 4) He does not know if someone else attached to the system is causing the problem...
Which all four factors being valid - I would not eat the down-time right away unless my boss has made a visit to my office, which rarely happened. If you eat the down-time now, and again later - the situation looks worse to those affected.
Right now you are gaining experience vital to your future success. Someone will be pleased to place you upon their merry-go-round. Best wishes."Wisdom is justified of all her children"