Find the answer to your Linux question:
Page 2 of 2 FirstFirst 1 2
Results 11 to 13 of 13
Like Tree2Likes
Actually, you already know the source system, based on your first post. Internet Searches against the host name and ip will probably reveal someone who has had similar problems/hacks. Because, ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #11
    Linux Newbie BoDiddley's Avatar
    Join Date
    Oct 2010
    Location
    Plainfield, New Jersey
    Posts
    137

    Actually, you already know the source system, based on your first post. Internet Searches against the host name and ip will probably reveal someone who has had similar problems/hacks.

    Because, technically - you do not know if it is a hack. Block the source ip and see what stops working???

  2. #12
    Linux Engineer Kloschüssel's Avatar
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    773
    *hmm* Finding Trudy (the intruder, a.k.a. the source of your evil) will be hard. As you explained earlier, worker processes are started and terminate once their work is done. You can only identify the workers, but not the manager unless they are related (i.e. the worker is a child process).

    Therefore I still suggest you would better rebuild the system from scratch and tighten security as far as possible to prevent future problems.

    At the current state your server is in the best case just a victim of a worm that looses customer data to a Mallory (some malicious identity). In the worst case you're an active node in a botnet that causes trouble to other people, making you the Mallory.

    Cheers

  3. #13
    Linux Newbie BoDiddley's Avatar
    Join Date
    Oct 2010
    Location
    Plainfield, New Jersey
    Posts
    137
    I am not one for "brow beating" anything, However - as a former LAN administrator - recognizing he has a WAN problem, four factors would encourage me to continue my investigation. 1) he has a work-around. 2) He does not know if he is infected. 3) He does not know if his system is causing the problem internally (OS errors). 4) He does not know if someone else attached to the system is causing the problem...

    Which all four factors being valid - I would not eat the down-time right away unless my boss has made a visit to my office, which rarely happened. If you eat the down-time now, and again later - the situation looks worse to those affected.

    Right now you are gaining experience vital to your future success. Someone will be pleased to place you upon their merry-go-round. Best wishes.
    "Wisdom is justified of all her children"

Page 2 of 2 FirstFirst 1 2

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •