[Sussex] Hacked server

Nico Kadel-Garcia nkadel at gmail.com
Fri Jan 26 12:25:53 UTC 2007


Brendan Whelan wrote:
> Hi,
>  
> Overnight someone has hacked into one of our servers which is hosted 
> by an ISP. They have modified httpd.conf, clear out the logs and 
> blocked the creation of files. The server needs to be rebuilt but I 
> would like to extract the latest data from the databases but I can't 
> create files.
>  
> I have tried to "chmod 770 db" but get the message "chmod: changing 
> permissions of `db': Operation not permitted" any suggestions on how I 
> can overcome this problem?
>  
> A bit move info:
> ls -ld db
> drwxrwxr-x  42 db       db           4096 Nov  8 10:28 db
>
>  
> Brendan
You need to walk in with a rescue CD or live bootable medium like an 
Ubunto CD. Image the old system elsewhere for forensics or analysis, and 
rebuild it from bare metal.

That's an opinion.




More information about the Sussex mailing list