[ Date Index ]
[ Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
Re: [LUG] Website hacked
- To: list@xxxxxxxxxxxxx
- Subject: Re: [LUG] Website hacked
- From: Martijn Grooten <martijn@xxxxxxxxxxxxxxxxxx>
- Date: Thu, 2 Oct 2014 21:51:28 +0000
- Content-disposition: inline
- Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dcglug.org.uk; s=1396810045; h=Sender:Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:List-Unsubscribe:List-Id:Reply-To:Subject:In-Reply-To:MIME-Version:References:Message-ID:To:From:Date; bh=CkuTOKa5iiN5vK9H/qq9671Y9/tlpLS8lcFuLWZ4UDg=; b=AuZJGeIPRUV2HuUaXKQ8wIeWQDEU372X6qIB6nFFn3II5cKizYilrh8jvY0qyfgq1FfViv1Pl+SXGH1n4wQkiy+5FUBPU/F4gLsLg7Qb9NB3QJRnnceyebD2QIKcVPjsxo8lBwz00tDiw9C5qQYyetawcbjacFD5Onm6yJcQMco=;
- Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=lapsedordinary.net; s=mail; t=1412286688; bh=zPyNPqNRhqN6GcWd14zfWb+Lf/OLIbsrM2Xrc1amY1s=; h=Date:From:To:Subject:Message-ID:References:MIME-Version: Content-Type:In-Reply-To; b=tRDoREva630N/EqLy/e4hv/JLcHjVMS2bBof+eHAiK/+KX5p3fWjKLNiYfK3PCLOC f72B2ywJsJoIPejeLFMljlcRb+dNiuq9DuUm04WzlsHoOmURXnnuNQuifzz3yQ2gGw xsxc1mM04CJe5x6VcxGUeG+tKAZL8Xbsaq5j9hM8=
On Thu, Oct 02, 2014 at 09:42:05PM +0000, Martijn Grooten wrote:
> Is there anything else that's going on that seems suspicious? Login
> attempts in the log file, more website visits, increased bandwidth usage,
> etc.
I should have added here that especially when it comes to log activity,
modern Linux server malware tend to be pretty stealthy, so its activity
might not show up in the logs.
Oh, and I assume you have changed all passwords on the server (SSH, CMS
etc.) just in case.
Alternatively, just say sorry to bad apple for whatever it was that you
did. ;-)
Martijn.
--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq