Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Our system was hacked
Special Forums Cybersecurity Our system was hacked Post 303037142 by jgt on Wednesday 24th of July 2019 05:19:52 PM
Old 07-24-2019
Our system was hacked
Someone made a mistake, and left our router wide open, pointing all ports to a SCO 6.0.0 system.
Within 24 hours, the following happened.
The contents of all the files (except tar files) in three directories, one directory on each of three different file systems, were replaced with nulls. None of the inode data was changed, meaning that the output of 'ls -l' was the same before and after. In two of the directories the file permissions were 0664, and in the last, the permissions were 0644 and files owned by root.
I have not been able to find anything in any of the log files to indicate who or when this happened.
Since we had adequate backups there was no long term damage.
Any thoughts would be appreciated.
This User Gave Thanks to jgt For This Post:
RavinderSingh13
 

3 More Discussions You Might Find Interesting

1. Linux

pc hacked

Hi, i think someone has hacked my server, the following rules used to come which i haven't put. Please help me i couldnt find out how this rules are apply, i think someone has put an script which generates enables the rules. But after restarting the iptables everything seems to be working... (0 Replies)
Discussion started by: naik_mit
0 Replies

2. Cybersecurity

How to know when you've been hacked

One of the most important ways to keep tou machine secure is to know when it has been broken into. The less time hackers have on your system, the less they can do to it, and the greater you chancens of kicking them off and repairing the damage. The more sophisticated the hacker, the less likely... (8 Replies)
Discussion started by: binhnx2000
8 Replies

3. Cybersecurity

Server hacked on known port

Hi, There is a recent case whereby it was reported that one of the production servers was hacked on port 1521. However, I am not sure how this was possible, as I checked that the OS firewall (iptables) is on : # /etc/init.d/iptables status Table: nat Chain PREROUTING (policy ACCEPT) num ... (7 Replies)
Discussion started by: anaigini45
7 Replies

LEARN ABOUT DEBIAN

s3qllock

S3QLLOCK(1)							       S3QL							       S3QLLOCK(1)

NAME

       s3qllock - Make trees on an S3QL file system immutable

SYNOPSIS

       s3qllock [options] <directory>

DESCRIPTION

       S3QL  is  a  file  system for online data storage. Before using S3QL, make sure to consult the full documentation (rather than just the man
       pages which only briefly document the available userspace commands).

       The s3qllock command makes a directory tree in an S3QL file system immutable. Immutable trees can no longer be changed in any  way  whatso-
       ever.  You can not add new files or directories and you can not change or delete existing files and directories. The only way to get rid of
       an immutable tree is to use the s3qlrm command.

       s3qllock can only be called by the user that mounted  the  file	system	and  (if  the  file  system  was  mounted  with  --allow-other	or
       --allow-root) the root user. This limitation might be removed in the future (see issue 155).

RATIONALE

       Immutability  is a feature designed for backups. Traditionally, backups have been made on external tape drives. Once a backup was made, the
       tape drive was removed and locked somewhere in a shelf. This has the great advantage that the contents of the backup  are  now  permanently
       fixed. Nothing (short of physical destruction) can change or delete files in the backup.

       In  contrast,  when  backing  up  into an online storage system like S3QL, all backups are available every time the file system is mounted.
       Nothing prevents a file in an old backup from being changed again later on. In the worst case, this may	make  your  entire  backup  system
       worthless.  Imagine  that  your	system	gets infected by a nasty virus that simply deletes all files it can find -- if the virus is active
       while the backup file system is mounted, the virus will destroy all your old backups as well!

       Even if the possibility of a malicious virus or trojan horse is excluded, being able to change a backup after it has been made is generally
       not a good idea. A common S3QL use case is to keep the file system mounted at all times and periodically create backups with rsync -a. This
       allows every user to recover her files from a backup without having to call the system administrator. However, this also allows every  user
       to accidentally change or delete files in one of the old backups.

       Making  a backup immutable protects you against all these problems.  Unless you happen to run into a virus that was specifically programmed
       to attack S3QL file systems, backups can be neither deleted nor changed after they have been made immutable.

OPTIONS

       The s3qllock command accepts the following options:

	  --debug
		 activate debugging output

	  --quiet
		 be really quiet

	  --version
		 just print program version and exit

EXIT STATUS

       s3qllock returns exit code 0 if the operation succeeded and 1 if some error occurred.

SEE ALSO

       The S3QL homepage is at http://code.google.com/p/s3ql/.

       The  full  S3QL	documentation  should  also  be  installed  somewhere  on  your  system,  common  locations  are  /usr/share/doc/s3ql	or
       /usr/local/doc/s3ql.

COPYRIGHT

       2008-2011, Nikolaus Rath

1.11.1								  August 27, 2014						       S3QLLOCK(1)
All times are GMT -4. The time now is 07:35 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy