07-24-2019
Our system was hacked
Someone made a mistake, and left our router wide open, pointing all ports to a SCO 6.0.0 system.
Within 24 hours, the following happened.
The contents of all the files (except tar files) in three directories, one directory on each of three different file systems, were replaced with nulls. None of the inode data was changed, meaning that the output of 'ls -l' was the same before and after. In two of the directories the file permissions were 0664, and in the last, the permissions were 0644 and files owned by root.
I have not been able to find anything in any of the log files to indicate who or when this happened.
Since we had adequate backups there was no long term damage.
Any thoughts would be appreciated.
This User Gave Thanks to jgt For This Post:
3 More Discussions You Might Find Interesting
1. Linux
Hi,
i think someone has hacked my server, the following rules used to come which i haven't put. Please help me i couldnt find out how this rules are apply,
i think someone has put an script which generates enables the rules.
But after restarting the iptables everything seems to be working... (0 Replies)
Discussion started by: naik_mit
0 Replies
2. Cybersecurity
One of the most important ways to keep tou machine secure is to know when it has been broken into. The less time hackers have on your system, the less they can do to it, and the greater you chancens of kicking them off and repairing the damage.
The more sophisticated the hacker, the less likely... (8 Replies)
Discussion started by: binhnx2000
8 Replies
3. Cybersecurity
Hi,
There is a recent case whereby it was reported that one of the production servers was hacked on port 1521. However, I am not sure how this was possible, as I checked that the OS firewall (iptables) is on :
# /etc/init.d/iptables status
Table: nat
Chain PREROUTING (policy ACCEPT)
num ... (7 Replies)
Discussion started by: anaigini45
7 Replies
LEARN ABOUT DEBIAN
tardiff
TARDIFF(1) User Commands TARDIFF(1)
NAME
TarDiff - Compare two tarballs and report differences
DESCRIPTION
TarDiff compares the contents of two tarballs and reports on any differences found between them. Its use is mainly for release managers who
can use it as a QA tool to make sure no files have accidently been left over or were added by mistake. TarDiff supports compressed tar-
balls, diff statistics and suppression of GNU autotool changes.
SYNOPSIS
tardiff [options] file1.tar file2.tar[.gz/.bz2]
OPTIONS
-m, --modified Report on all changed files, including those present in both tarballs
-l, --list List all files, even those not changed at all
-a, --autoskip Skip files which belong to the GNU autotools (for --modified)
-s, --stats Run statistics (diffstat) on all modified files (for --modified)
-v, --version Display tardiff version
-h, --help Display this help screen
SEE ALSO
tar(1), tardy(1)
AUTHOR
TarDiff was written by Josef Spillner <josef@coolprojects.org>. This man page was written by Axel Beckert <abe@debian.org> based on
help2man(1) output for the Debian Project, but may be used by others.
COPYRIGHT
Copyright (C) 2005 Josef Spillner <josef@coolprojects.org>
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by
the Free Software Foundation.
TarDiff 0.1 December 2011 TARDIFF(1)