Server hacked?
NoOp
glgxg at sbcglobal.net
Wed Jan 2 02:41:00 UTC 2008
On 01/01/2008 04:35 PM, Joris Dobbelsteen wrote:
> Johan, NoOp,
>
> Thanks for your comments.
> It seems I can be quite lucky, as the damage seems to be rather
> contained to a very limited set of my system. The processes are of the
> user www-data. So it seems a web site has been hacked instead. (Count
> myself lucky this time)
>
I wouldn't be so sure that you are all that lucky... you never know what
else may have been installed in the process.
In the Windows world I was actually _very_ good at tracking and
eradicating every type of worm, trojan, virus etc., on a system. I took
pride in being able to clean all but one customer system (and on that
one he'd screwed up the drive so bad that it was just cheaper to throw
it out). However, being relatively new to linux (about 1.5 year) I
wouldn't even begin to try and guess what else may have been compromised
on your system. Others (such as Res?) are much more qualified.
However, here are some links that may be of help:
http://ubuntuforums.org/showthread.php?t=510812
https://help.ubuntu.com/community/Security
http://secunia.com/product/12470/?task=statistics
My first thought would be to immediately disconnect the server from
_any_ network until you are confident that you have actually cleaned the
system.
More information about the ubuntu-users
mailing list