Answer the question
In order to leave comments, you need to log in
A
A
Alexey Tutubalin2014-08-25 19:08:50
Alexey Tutubalin, 2014-08-25 19:08:50
How to find out what this script is doing?
I was on a business trip for 2 months without the Internet, today I decided to get in, but in the logs of the server this is what a sheet, it was not me who entered it all, and only I know the password, it is extremely difficult to pick up (regenerated by a 15 character generator), tell me plzz what they did with the server .
referring to the logs
removed his piece
PS Sorry for the sheet, as the spoiler is put, I did not find it.
2 answer(s)
@Kennius
you are being used to crack passwords at least
@s1dney
V
Vladimir, 2014-08-25 @Kennius
Judging by
269 [2014-08-10 14:27:32] git clone https://github.com/vanhauser-thc/thc-hydra.git
270 [2014-08-10 14:27:43] ./configure
271 [2014-08-10 14:27:51] make
272 [2014-08-10 14:28:14] make install
273 [2014-08-10 14:28:17] hydrayou are being used to crack passwords at least
S
s1dney, 2014-08-25 @s1dney
Your password is not really as difficult as you think. You lit it up somewhere else or it hangs in your mail in a letter from the hoster.
Some amateur brute force ssh passwords. It's also lucky that you didn't get the most serious cool hacker, then you wouldn't know for a couple of years that someone else is using the server.
Change the password, disable root login (it is a good idea to do this as soon as any server is installed), reboot the server and see what `ps aux` and web server configs write. It is unlikely that there will be something working.
But if you take the problem seriously, then with any suspicion of hacking, they do a system reinstall, this is the fastest and most effective way to treat any wickedness.
Similar questions
A
Alexander Laikov2015-10-18 01:23:57
Black screen after installing Ubuntu Server. What's wrong?
1Reply
P
A
E
K
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question