Announcement

Collapse
No announcement yet.

Any Linux People?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Any Linux People?

    How can I tell if my server was hacked?

    It suddenly stopped letting me login through FTP or SSH. I was able to get in through webmin and I noticed my sshd_config and ssh_config files were empty

    On top of that I couldn't log into it physically either. Not as root or any user. When I typed in my password it told me that bash was missing and kicked me back to login.

    I briefly looked through /var/log/auth.log and saw a bunch of failed ssh login attempts from various foreign IPs but they were all on odd random ports like port 24852 instead of 22. Is there a log that shows succesful ssh logins?

    I've since reformatted and disabled root login through SSH. I'm wondering if I was hacked or if it's a sign of impending hardware doom. Being hacked gives me a much better story to tell

  • #2
    disabling root login for ssh is the first thing you should always do.

    Comment

    Working...
    X