Slashdot Mirror

← Back to Stories (view on slashdot.org)

Forensics On a Cracked Linux Server

Posted by kdawson on from the hmmm-ls-looks-funny dept.

This blog entry is the step-by-step process that one administrator followed to figure out what was going on with a cracked Linux server. It's quite interesting to me, since I have had the exact same problem (a misbehaving ls -h command) on a development server quite a while back. As it turns out, my server was cracked, maybe with the same tool, and this analysis is much more thorough than the one I was able to do at the time. If you've ever wondered how to diagnose a Linux server that has been hijacked, this short article is a good starting point.

4 of 219 comments (clear)

  1. Not enough information by downix · · Score: 0, Redundant

    What was his setup? How did they access? And who had access?

    --
    Karma Whoring for Fun and Profit.
  2. Re:Yeah obvious FUD article by Inakizombie · · Score: 0, Redundant

    Break out the BBQ! Its flame bait!

  3. Re:Forensics by SIIHP · · Score: 0, Redundant

    "Can slashdot please use not use sensational titles!"

    ??? ...

    BWAAAAHAHAHAHHAHAHAHAHAHAAHAHAHAHHAHAHAHAHAHAHAHAH AHAHHAHHAHAHAHA (cough cough).

    Thank You. Really, that was awesome.

    --
    I only go to buffets for the unlimited soft serve.
  4. Re:Yeah obvious FUD article by suggsjc · · Score: 0, Redundant

    ASCII art is lame If you really want to blast them Then try a haiku

    --
    When I have a kid, I want to put him in one of those strollers for twins and then run around the mall looking frantic.