Portal Home > Knowledgebase > Articles Database > Is my server compromised?
Is my server compromised?
Posted by viettechorg, 10-06-2007, 07:48 PM |
Hello,
I am trying to determine if i am hacked, here is details:
I just got a message from softlayer support: ABUSE - 66.228.xxx,xxx - HACKING/MALICIOUS ACTIVITY - IMMEDIATE ACTION REQUIRED. with some log like this:Also, I did a rkhunter scan and found:
So does that mean my server was compromised?
Any help would be extremely appreciated.
Thanks
|
Posted by david510, 10-06-2007, 11:59 PM |
You may ignore those rkhunter warnings. Check for the IP that is listed in the abuse message in log files to see any specific bad attempt.
|
Posted by viettechorg, 10-07-2007, 02:47 AM |
Thank you for your reply:
But this is the log SL support gave me. I dont understand what does it mean to the attack. When i asked them what does it have to do with attack. They ask for money( $3) to asnwer!?
|
Posted by david510, 10-07-2007, 03:25 AM |
What does these return?
grep 66.228.114.xxx /var/log/messages
grep 66.228.114.xxx /path/to/apache/error_log
|
Posted by viettechorg, 10-08-2007, 12:24 PM |
and grep 66.228.114.xxx /path/to/apache/error_log return nothing.
Does this mean something?
Thanks
|
Posted by viettechorg, 10-09-2007, 06:00 PM |
Any help would be extremely appreciated.
Thanks
|
Posted by Echelon, 10-09-2007, 08:13 PM |
Probably something normal like a portscan or something. Have you gotten anything new from your provider, or was that the only notice you've received?
|
Add to Favourites Print this Article
Also Read