Results 1 to 3 of 3
Good afternoon all, For the past 2 days my server host has had to shut me down. I call in and find someone has gotten in to one of my ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 04-04-2006 #1
- Join Date
- Mar 2006
- Allentown PA
May Have Been Hacked, In Dire need of Assistance
For the past 2 days my server host has had to shut me down. I call in and find someone has gotten in to one of my sites and has loaded a phishing program into a directory. I go in clean it all out, and check my logs. I don't see anything funny. Tighten up the security and go out. Somehow they have gotten back in and reloaded it. It shows it is being run by apache. I cannot find where this hole is! I need another set of eyes to run through things with me as my linux skills aren't strong enough (yet) to find the problem. If anyone can give help please email me direct as well as here at firstname.lastname@example.org
- 04-05-2006 #2
This sounds like a lot of fun but you will have to give me a ton more information. Why don't you PM me the infected log file.
Let me know distro services etc...
MikeSome people have told me they don't think a fat penguin really embodies the grace of Linux, which just tells me they have never seen a angry penguin charging at them in excess of 100mph. They'd be a lot more careful about what they say if they had.
-- Linus Torvalds
- 04-05-2006 #3
- Join Date
- Jan 2004
I can't tell you how they got in in the first place, but it sounds to me that something you might want to do is to educate yourself on rootkits.
Here's some info
Here's some progams that might help.