and if you don't figure out what caused the issue... there's not a dammed reason to think you wouldn't do the same thing and get in the same dam situation when you reinstall...
i'm not quibbling with removing the box from the net... i've simply stated that just going straight to reinstall doesn't resolve the potential reoccurance of the issue.. in his case though, it now appears that he's got a great deal more information regarding the hack, and that he can proceed to figure out what happened.. or he might just reinstall! peace -----Original Message----- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org]on Behalf Of Scott Silva Sent: Wednesday, June 03, 2009 10:57 AM To: centos@centos.org Subject: Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell.... on 6-2-2009 10:18 PM bruce spake the following: > you and i agreee on him figuring out what web apps are causing the issues.. > or in fact, exactly what the 'atack' process is? i didn't see the initial > threads.. was this simething that he discussed? did he say what the atack > process was doing? Who cares what it was doing? He stated he didn't know what it was. It could be sending spam or making tea, it doesn't matter. It is running without his knowledge. > > my only point, was that reinstalling without understanding what was/is going > on is a draconian step.. does it resolve the issue.. sire.. does it get to > what might have been the cause.. not in my opinion... Attack forensics is an art. There are people that make large sums of money doing this because it is difficult. Does he have the time/resources to see what happened, or does he just need to get his site up and working in the least amount of time? > > but hey.. there are different ways of approaching a problem... > Either way you want to look at it, the box needs to at a minimum get off the net. If the system only has remote access, it needs to be booted from some sort of rescue system to isolate the base from the running system. If he has local access, then all the work can be done from a local console. Back up anything you want, but don't just restore everything to the rebuilt system, but check everything. Then you can analyze, backup, wipe, pray, piss and moan, drink, or whatever strikes your fancy. Just get the system off the internet until it is not a (possible) threat anymore. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos