Sponsored Content
Full Discussion: Our system was hacked
Special Forums Cybersecurity Our system was hacked Post 303037142 by jgt on Wednesday 24th of July 2019 05:19:52 PM
Old 07-24-2019
Our system was hacked

Someone made a mistake, and left our router wide open, pointing all ports to a SCO 6.0.0 system.
Within 24 hours, the following happened.
The contents of all the files (except tar files) in three directories, one directory on each of three different file systems, were replaced with nulls. None of the inode data was changed, meaning that the output of 'ls -l' was the same before and after. In two of the directories the file permissions were 0664, and in the last, the permissions were 0644 and files owned by root.
I have not been able to find anything in any of the log files to indicate who or when this happened.
Since we had adequate backups there was no long term damage.
Any thoughts would be appreciated.
This User Gave Thanks to jgt For This Post:
 

3 More Discussions You Might Find Interesting

1. Linux

pc hacked

Hi, i think someone has hacked my server, the following rules used to come which i haven't put. Please help me i couldnt find out how this rules are apply, i think someone has put an script which generates enables the rules. But after restarting the iptables everything seems to be working... (0 Replies)
Discussion started by: naik_mit
0 Replies

2. Cybersecurity

How to know when you've been hacked

One of the most important ways to keep tou machine secure is to know when it has been broken into. The less time hackers have on your system, the less they can do to it, and the greater you chancens of kicking them off and repairing the damage. The more sophisticated the hacker, the less likely... (8 Replies)
Discussion started by: binhnx2000
8 Replies

3. Cybersecurity

Server hacked on known port

Hi, There is a recent case whereby it was reported that one of the production servers was hacked on port 1521. However, I am not sure how this was possible, as I checked that the OS firewall (iptables) is on : # /etc/init.d/iptables status Table: nat Chain PREROUTING (policy ACCEPT) num ... (7 Replies)
Discussion started by: anaigini45
7 Replies
DH_FIXPERMS(1)							     Debhelper							    DH_FIXPERMS(1)

NAME
       dh_fixperms - fix permissions of files in package build directories

SYNOPSIS
       dh_fixperms [debhelperoptions] [-Xitem]

DESCRIPTION
       dh_fixperms is a debhelper program that is responsible for setting the permissions of files and directories in package build directories to
       a sane state -- a state that complies with Debian policy.

       dh_fixperms makes all files in usr/share/doc in the package build directory (excluding files in the examples/ directory) be mode 644. It
       also changes the permissions of all man pages to mode 644. It removes group and other write permission from all files. It removes execute
       permissions from any libraries, headers, Perl modules, or desktop files that have it set. It makes all files in the standard bin and sbin
       directories, usr/games/ and etc/init.d executable (since v4). Finally, it removes the setuid and setgid bits from all files in the package.

       When the Rules-Requires-Root field has the (effective) value of binary-targets, dh_fixperms will also reset the ownership of all paths to
       "root:root".

OPTIONS
       -Xitem, --exclude item
	   Exclude files that contain item anywhere in their filename from having their permissions changed. You may use this option multiple
	   times to build up a list of things to exclude.

SEE ALSO
       debhelper(7)

       This program is a part of debhelper.

AUTHOR
       Joey Hess <joeyh@debian.org>

11.1.6ubuntu2							    2018-05-10							    DH_FIXPERMS(1)
All times are GMT -4. The time now is 07:21 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy