Find the answer to your Linux question:
Results 1 to 3 of 3
Good afternoon all, For the past 2 days my server host has had to shut me down. I call in and find someone has gotten in to one of my ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Mar 2006
    Location
    Allentown PA
    Posts
    5

    May Have Been Hacked, In Dire need of Assistance


    Good afternoon all,
    For the past 2 days my server host has had to shut me down. I call in and find someone has gotten in to one of my sites and has loaded a phishing program into a directory. I go in clean it all out, and check my logs. I don't see anything funny. Tighten up the security and go out. Somehow they have gotten back in and reloaded it. It shows it is being run by apache. I cannot find where this hole is! I need another set of eyes to run through things with me as my linux skills aren't strong enough (yet) to find the problem. If anyone can give help please email me direct as well as here at cpeters@alehouse-designs.com

  2. #2
    Linux Engineer adrenaline's Avatar
    Join Date
    Aug 2004
    Location
    Seattle, Washington
    Posts
    1,058
    This sounds like a lot of fun but you will have to give me a ton more information. Why don't you PM me the infected log file.
    Let me know distro services etc...
    Mike
    Some people have told me they don't think a fat penguin really embodies the grace of Linux, which just tells me they have never seen a angry penguin charging at them in excess of 100mph. They'd be a lot more careful about what they say if they had.
    -- Linus Torvalds

  3. #3
    Linux User
    Join Date
    Jan 2004
    Posts
    357
    I can't tell you how they got in in the first place, but it sounds to me that something you might want to do is to educate yourself on rootkits.

    Here's some info

    http://www.cs.wright.edu/~pmateti/Co...on/obrien.html



    Here's some progams that might help.

    http://sourceforge.net/projects/checkps/
    http://www.chkrootkit.org/
    http://vancouver-webpages.com/rkdet/
    http://www.rootkit.nl/projects/rootkit_hunter.html

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •