Slashdot Mirror

← Back to Stories (view on slashdot.org)

Forensics On a Cracked Linux Server

Posted by kdawson on from the hmmm-ls-looks-funny dept.

This blog entry is the step-by-step process that one administrator followed to figure out what was going on with a cracked Linux server. It's quite interesting to me, since I have had the exact same problem (a misbehaving ls -h command) on a development server quite a while back. As it turns out, my server was cracked, maybe with the same tool, and this analysis is much more thorough than the one I was able to do at the time. If you've ever wondered how to diagnose a Linux server that has been hijacked, this short article is a good starting point.

1 of 219 comments (clear)

  1. Re:Story is FUD from a M$ shill by FST777 · · Score: 0, Offtopic

    Larry, is that you?

    --
    Free beer is never free as in speech. Free speech is always free as in beer.