| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAJ6wjQH2Mh1L=nCUX9fysRA4Yf1AEg4VE3KMS-oAN7EhK1xvCA@mail.gmail.com>
Date: Tue, 6 Dec 2011 17:29:12 +0200
From: Kerem Erciyes <kerem.erciyes@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: one of my servers has been compromized
I regularly use iftop, netstat and htop to see what is going on on my
servers.
I have found that raw information always helps the best in determining
acitve compromised systems.
Kerem
On Tue, Dec 6, 2011 at 11:55 AM, Lucio Crusca <lucio@...web.org> wrote:
> BH wrote:
>
> > I'm not sure if this has been said in this thread yet, but is it
> > possible the host O/S was compromised?
>
> Nothing is impossible, security wise. However I'd talk about likelihood
> instead. I own two other OpenVZ containers hosted in the same host OS. They
> haven't been compromised, though they're very similar systems (Debian based
> instead of Ubuntu).
> The one that has been compromised is the only one having a online shop and
> greater network traffic.
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
Kerem Erciyes - Sistem Danismani
http://keremerciyes.com
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists