07-24-2019
2,202,
340
Join Date: Apr 2007
Last Activity: 10 May 2020, 8:59 AM EDT
Location: 44.21.48N 80.50.15W
Posts: 2,202
Thanks Given: 3
Thanked 340 Times in 306 Posts
Our system was hacked
Someone made a mistake, and left our router wide open, pointing all ports to a SCO 6.0.0 system.
Within 24 hours, the following happened.
The contents of all the files (except tar files) in three directories, one directory on each of three different file systems, were replaced with nulls. None of the inode data was changed, meaning that the output of 'ls -l' was the same before and after. In two of the directories the file permissions were 0664, and in the last, the permissions were 0644 and files owned by root.
I have not been able to find anything in any of the log files to indicate who or when this happened.
Since we had adequate backups there was no long term damage.
Any thoughts would be appreciated.