[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
|
Iâve only just seen thisâ Firstly â is this a hosted machine? If so, you need to consider making the provider aware â for all you know, they may have a bigger problem (inside job?) Next â how do you know that itâs an âattackâ, rather than âend-user educationâ? I donât mean to belittle your original statement â itâs just that I had a similar experience years ago, creating a website for a photographerâ and they persisted
in uploading a LOT of photos in to the âwrongâ placesâ which filled up the server andâ wellâ (insert text about long evenings working out why the âsiteâs gone downâ, unhappy photographer, etc) Anyway â it was just food for thought. I agree with Simon though â change the passwords and shutdown web / ftp / etc access from the intertubes. Remove other userâs access, so that you can analyse whatâs
going on in âpeaceâ. Donât try to prove a hunchâ find the evidence â actually go through the logs and write down on a piece of clean paper what the logs are telling you and build the
picture up that way. Then, no matter what the logs tell you, thatâs what you work from. And if it needs to go higher, then your evidence will be that much more credible. You can later work on whether the logs have been tampered withâ So, the server was last booted on â You accessed it last onâ Then network traffic went weird onâ Etc.. Let us know what the outcome wasâ Iâm sure thereâs a few people on this list whoâd like to know what happened and how you resolved itâ Cheers, Steve
|
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq