Slashdot Mirror

← Back to Stories (view on slashdot.org)

Forensics On a Cracked Linux Server

Posted by kdawson on from the hmmm-ls-looks-funny dept.

This blog entry is the step-by-step process that one administrator followed to figure out what was going on with a cracked Linux server. It's quite interesting to me, since I have had the exact same problem (a misbehaving ls -h command) on a development server quite a while back. As it turns out, my server was cracked, maybe with the same tool, and this analysis is much more thorough than the one I was able to do at the time. If you've ever wondered how to diagnose a Linux server that has been hijacked, this short article is a good starting point.

1 of 219 comments (clear)

  1. Sorry, nice try, no by SIIHP · · Score: 0, Flamebait

    "The definition of the word forensics is..."

    No, that's A definition. Here's another

    1 : an argumentative exercise

    OP was wrong, and so are you.

    --
    I only go to buffets for the unlimited soft serve.