Tweet
How can I tell if my server was hacked?
It suddenly stopped letting me login through FTP or SSH. I was able to get in through webmin and I noticed my sshd_config and ssh_config files were empty
On top of that I couldn't log into it physically either. Not as root or any user. When I typed in my password it told me that bash was missing and kicked me back to login.
I briefly looked through /var/log/auth.log and saw a bunch of failed ssh login attempts from various foreign IPs but they were all on odd random ports like port 24852 instead of 22. Is there a log that shows succesful ssh logins?
I've since reformatted and disabled root login through SSH. I'm wondering if I was hacked or if it's a sign of impending hardware doom. Being hacked gives me a much better story to tell
It suddenly stopped letting me login through FTP or SSH. I was able to get in through webmin and I noticed my sshd_config and ssh_config files were empty
On top of that I couldn't log into it physically either. Not as root or any user. When I typed in my password it told me that bash was missing and kicked me back to login.
I briefly looked through /var/log/auth.log and saw a bunch of failed ssh login attempts from various foreign IPs but they were all on odd random ports like port 24852 instead of 22. Is there a log that shows succesful ssh logins?
I've since reformatted and disabled root login through SSH. I'm wondering if I was hacked or if it's a sign of impending hardware doom. Being hacked gives me a much better story to tell
Comment