[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] one of my servers has been compromized
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] one of my servers has been compromized
- From: Kerem Erciyes <kerem.erciyes@xxxxxxxxx>
- Date: Tue, 6 Dec 2011 17:29:12 +0200
I regularly use iftop, netstat and htop to see what is going on on my
servers.
I have found that raw information always helps the best in determining
acitve compromised systems.
Kerem
On Tue, Dec 6, 2011 at 11:55 AM, Lucio Crusca <lucio@xxxxxxxxxx> wrote:
> BH wrote:
>
> > I'm not sure if this has been said in this thread yet, but is it
> > possible the host O/S was compromised?
>
> Nothing is impossible, security wise. However I'd talk about likelihood
> instead. I own two other OpenVZ containers hosted in the same host OS. They
> haven't been compromised, though they're very similar systems (Debian based
> instead of Ubuntu).
> The one that has been compromised is the only one having a online shop and
> greater network traffic.
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
Kerem Erciyes - Sistem Danismani
http://keremerciyes.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/