Answer the question
In order to leave comments, you need to log in
N
N
neskin2013-03-28 20:40:09
neskin, 2013-03-28 20:40:09
Is VDS sending spam?
Today VDS on hetzner began to behave strangely, abuse letters began to arrive with complaints about spam from technical support, and the top command gives the following picture:
5 answer(s)
@opium
@BuriK666
find where this ssh is (most likely somewhere in / tmp)
then analyze the logs, etc. how did he get there,
but it’s better to rearrange the system, because the villain gained root access and it is not known what and where he could replace
@neskin
P
Puma Thailand, 2013-03-29 @opium
You were scammed, take a new vps and configure everything from scratch, I would not risk leaving the vps where the attacker got the root. It is too easy to leave a little hello in the system with such rights, and without comparing all files with the originals, such a hello cannot be found.
A
Andrey Burov, 2013-03-28 @BuriK666
ls -l /proc/<PID>/exe
find where this ssh is (most likely somewhere in / tmp)
then analyze the logs, etc. how did he get there,
but it’s better to rearrange the system, because the villain gained root access and it is not known what and where he could replace
N
neskin, 2013-03-28 @neskin
Logs are empty in /var/logs/mail.log and other files are empty. Open via vi or mcedit, debian system
Similar questions
S
C
E
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question