|
Well, I just got a phone call stating that my server has
gone over its monthly bandwidth limit by 2TB. Taking into affect the amount of
bandwidth I used, there are 2.3TB of unaccounted activity. I did a few checks
to see what is going on (mainly to see if there are root kits or sniffers). I
checked the log and saw a lot of ssh activity (all denials though). I am
currently maxing out my pipe and need to stop this. So my question is what
should one actually do to see how his/her box is compromised? What should I
check, in which order should I check? Any help is very much appreciated. -Russ Kay |
- [UM-LINUX] What to do when your server is compromised Russ Kay
