Finding how a hacked server was hacked
Posted
by
sixtyfootersdude
on Server Fault
See other posts from Server Fault
or by sixtyfootersdude
Published on 2011-01-03T12:04:53Z
Indexed on
2011/01/03
12:55 UTC
Read the original article
Hit count: 295
I was just browsing through the site and found this question: My server's been hacked EMERGENCY. Basically the question says: My server has been hacked. What should I do?
The best answer is excellent but it raised some questions in my mind. One of the steps suggested is to:
Examine the 'attacked' systems to understand how the attacks succeeded in compromising your security. Make every effort to find out where the attacks "came from", so that you understand what problems you have and need to address to make your system safe in the future.
I have done no system admin work so I have no idea how I would start doing this. What would be the first step? I know that you could look in the server log files but as an attacker the first thing that I would do would be errasing the log files. How would you "understand" how the attacks succeeded?
© Server Fault or respective owner