Our system was hacked Post: 303037142

Sponsored Content

Special Forums Cybersecurity Our system was hacked Post 303037142 by jgt on Wednesday 24th of July 2019 05:19:52 PM

07-24-2019

Registered User

Our system was hacked

Someone made a mistake, and left our router wide open, pointing all ports to a SCO 6.0.0 system.
Within 24 hours, the following happened.
The contents of all the files (except tar files) in three directories, one directory on each of three different file systems, were replaced with nulls. None of the inode data was changed, meaning that the output of 'ls -l' was the same before and after. In two of the directories the file permissions were 0664, and in the last, the permissions were 0644 and files owned by root.
I have not been able to find anything in any of the log files to indicate who or when this happened.
Since we had adequate backups there was no long term damage.
Any thoughts would be appreciated.

This User Gave Thanks to jgt For This Post:

jgt

View Public Profile for jgt

Visit jgt's homepage!

Find all posts by jgt

3 More Discussions You Might Find Interesting

1. Linux

pc hacked

Hi, i think someone has hacked my server, the following rules used to come which i haven't put. Please help me i couldnt find out how this rules are apply, i think someone has put an script which generates enables the rules. But after restarting the iptables everything seems to be working...

2. Cybersecurity

How to know when you've been hacked

One of the most important ways to keep tou machine secure is to know when it has been broken into. The less time hackers have on your system, the less they can do to it, and the greater you chancens of kicking them off and repairing the damage. The more sophisticated the hacker, the less likely...

3. Cybersecurity

Server hacked on known port

Hi, There is a recent case whereby it was reported that one of the production servers was hacked on port 1521. However, I am not sure how this was possible, as I checked that the OS firewall (iptables) is on : # /etc/init.d/iptables status Table: nat Chain PREROUTING (policy ACCEPT) num ...

LEARN ABOUT MINIX

backup

BACKUP(8)						      System Manager's Manual							 BACKUP(8)

NAME

       backup - backup files

SYNOPSIS

       backup [-djmnorstvz] dir1 dir2

OPTIONS

       -d     At top level, only directories are backed up

       -j     Do not copy junk:  *.Z, *.bak, a.out, core, etc

       -m     If device full, prompt for new diskette

       -n     Do not backup top-level directories

       -o     Do not copy *.o files

       -r     Restore files

       -s     Do not copy *.s files

       -t     Preserve creation times

       -v     Verbose; list files being backed up

       -z     Compress the files on the backup medium

EXAMPLES

       backup -mz . /f0    # Backup current directory compressed

       backup /bin /usr/bin
			   # Backup bin from RAM disk to hard disk

DESCRIPTION

       Backup (recursively) backs up the contents of a given directory and its subdirectories to another part of the file system.  It has two typ-
       ical uses.  First, some portion of the file system can be backed up onto 1 or more diskettes.  When  a  diskette  fills	up,  the  user	is
       prompted for a new one.	The backups are in the form of mountable file systems.	Second, a directory on RAM disk can be backed up onto hard
       disk.  If the target directory is empty, the entire source directory is copied there, optionally compressed to save space.  If  the  target
       directory  is  an  old  backup,	only  those  files  in	the target directory that are older than similar names in the source directory are
       replaced.  Backup uses times for this purpose, like make.  Calling Backup as Restore is equivalent to using the -r  option;  this  replaces
       newer files in the target directory with older files from the source directory, uncompressing them if necessary.  The target directory con-
       tents are thus returned to some previous state.

SEE ALSO

       tar(1).

																	 BACKUP(8)