Linked Questions

Possible Duplicate: My server's been hacked EMERGENCY Geeze, I'm desperate! A few hours ago our production DB was sql-injected. I know we have some big holes in the system... because we ...

Possible Duplicate: My server's been hacked EMERGENCY Last weekend my company's site was hacked. They did the nicest thing of doing that on a Friday evening so we only noticed the attack on ...

My server is sending the spam email and I am not able to find out which script is sending them. The emails were all from nobody@myhost so disabled from the cpanel that nobody should not be allowed ...

UPDATE: They're still here. Help me stop or trap them! Hi SF'ers, I've just had someone hack one of my clients sites. They managed to get to change a file so that the checkout page on the site writes ...

On Fedora, root is coming up invalid. WHat is solution?

On a user's laptop (Windows 7 x64), terrible performance led me to suspect a rootkit after ruling almost everything else out. I checked boot entries with Autoruns and ran a full scan with Malwarebytes,...

About 4 or 5 days ago, a client came back to me saying that their site was being redirected to some other suspicious looking website from Google, Yahoo, etc., but it was working fine when the user ...

I'm using Windows XP Professional Version 2002 Service Pack 3. I have issues with DNS (after affected by some malware). I cannot ping the sites, but I can browse using a web browser. I have tried the ...

We logged remotely into our CentOS server today using Putty, and while wandering through previous commands using the up arrow, stumbled across the following: unset HISTFILE mkdir /usr/lib/tmp cd /...

Possible Duplicate: My server’s been hacked EMERGENCY I got a 32-bit Debian VPS from http://linode.com and I really haven't done any sort of advanced configuration for securing it ( port 22; ...

Running (X)Ubuntu 10.04.2 LTS behind a router. I just received an email from my root account on that machine, with the following subject: *** SECURITY information for <hostname>: The message ...

I am running Plesk 9.5 on Ubuntu 8.04 LTS and have about 15 websites infected with some malicious code appended to the end of java files. I have installed Clamav and it has managed to pickup the ...

Possible Duplicate: My server's been hacked EMERGENCY I'm not a server admin and I have very little experience in "debuging" a server. But from looking at my log files, it looks as if I'm ...

I recently noticed that I have entries from an unknown IP address in my SSH logs. I performed a grep to extract all entires that didn't contain my own IP address. I was presented with this: Jul 24 22:...

Possible Duplicate: How do I deal with a compromised server? I noticed some unusual network behaviour on my Windows web server 2008 R2 x64 server, when I investigated on Resource Monitor I noticed ...