[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Server hacked were to find the Server logs
- Subject: Re: [cobalt-security] Server hacked were to find the Server logs
- From: John Sim <johns@xxxxxxxxx>
- Date: Tue, 27 Feb 2001 13:03:01 +0000
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Mon, Feb 26, 2001 at 09:23:57PM +0100, Robbert Hamburg wrote:
> Hello,
>
> Tonight we had a server attack. We want to analyze the server logs to see if
> we can find out who logged in at what time. However the logs seems to be
> gone or perhaps we are looking in the wrong dir of the server. Can someone
> please tell me were to look ???
> Is there anyway to report the hack or something ?? Nothing was really
> damaged only one site was brought down.
You would be well advised to have a security specialist look over the
machine for you, to be sure that you are not trojaned in any way. It is
most common that, unless this cracker was after one website, the intruder
will have made a way to get back into the box easily. If the cracker is
remotely skilled at all then lots of trojaned binaries could have replaced
yours, and it will be hard to tell that there is anything up with the
machine.
Allways prudent to be paranoid in cases like this.
--
John Sim
Systems Administrator [Speaking for himself, not for demon]
Interactive Services o
Demon Internet @ Thus o o