Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: one of my servers has been compromized

From: Kerem Erciyes <kerem.erciyes () gmail com>
Date: Tue, 6 Dec 2011 17:29:12 +0200
I regularly use iftop, netstat and htop to see what is going on on my
servers.
I have found that raw information always helps the best in determining
acitve compromised systems.

Kerem

On Tue, Dec 6, 2011 at 11:55 AM, Lucio Crusca <lucio () sulweb org> wrote:


BH wrote:


I'm not sure if this has been said in this thread yet, but is it
possible the host O/S was compromised?


Nothing is impossible, security wise. However I'd talk about likelihood
instead. I own two other OpenVZ containers hosted in the same host OS. They
haven't been compromised, though they're very similar systems (Debian based
instead of Ubuntu).
The one that has been compromised is the only one having a online shop and
greater network traffic.



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





-- 
Kerem Erciyes - Sistem Danismani
http://keremerciyes.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: