Re: My Linux server got hacked last night -- please help!
From: Bill Unruh (unruh_at_string.physics.ubc.ca)
Date: 11/29/04
- Next message: Jeff Franks: "Re: Blocking incoming IP address immediately"
- Previous message: Sundial Services: "Re: My Linux server got hacked last night -- please help!"
- In reply to: Sundial Services: "Re: My Linux server got hacked last night -- please help!"
- Next in thread: Colin McKinnon: "Re: My Linux server got hacked last night -- please help!"
- Reply: Colin McKinnon: "Re: My Linux server got hacked last night -- please help!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 29 Nov 2004 20:43:26 GMT
Sundial Services <info@sundialservices.com> writes:
]sarah chang wrote:
]> It looks as though my Linux server (running RedHat Fedora Core 3) was
]> hacked last night.
]> [...]
]> I can't chmod or chown these files, even as root.
]The first thing I would do, after taking the system off any network, is to
]thoroughly check for filesystem damage, e.g. with "shutdown -rF", the "F"
]option forcing an fsck upon reboot.
]If you are unable to use chmod or chown against the files, when you have
]restarted with the rescue-CD (and you know that you are in fact executing
]the commands from that immutable CD), then this strongly implies to me a
]filesystem failure, rather than a "hack."
Could be but first do lsattr filename and see if the i bit is set
man lsattr
man chattr
Then do
rpm -Vf /complete/name/of/file/with/path
- Next message: Jeff Franks: "Re: Blocking incoming IP address immediately"
- Previous message: Sundial Services: "Re: My Linux server got hacked last night -- please help!"
- In reply to: Sundial Services: "Re: My Linux server got hacked last night -- please help!"
- Next in thread: Colin McKinnon: "Re: My Linux server got hacked last night -- please help!"
- Reply: Colin McKinnon: "Re: My Linux server got hacked last night -- please help!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
