[SWLUG] Server exploited

Matthew Moore matt at matthewmoore.org.uk
Mon Aug 3 08:42:22 UTC 2009


> Sorry for the long email - hoping someone has a few pointers/things to
> check for in this case?

Not really a pointer.  But if you think the server has been exploited then
I'd strongly recommend shutting it down till you can rebuild it.  Probably
not the answer you wanted to hear, but you can never really be sure that
there isn't something hiding away that you've not found.  If it's just for
personal stuff, I'd just rebuild it and make sure you put stuff like
denyhosts/fail2ban on the box when you rebuild it.

Cheers,

Matt




More information about the Swlug mailing list