Client called me because can’t access to the application.
So login in system and surprise! I cant execute ps, ls and netstat commands and postgresql is down. These files has other owners.
The last lines in dmesg are like :
[21461.249801] ssh-scan: segfault at 0 ip 0000000008048e33 sp 00000000ffd12d10 error 4 in ssh-scan[8048000+c0000]
What could be the problem? And the solution?
The OS: Ubuntu Server 12.04LTS x64
You’ve been compromised an the attacker seems to have been running an ssh scanning bot against external hosts.
The solution is up to you, but I suspect that you will need to rebuild the server after recovering any important data.
Leave a comment
- SCP transfer only modified files
- How can I automate clearing and resetting a Linux user’s home directory to a default?
- Cron expression that runs every 5 minutes from 1:30 am – 6:00 am [duplicate]
- Understanding redundant power supplies
- Is there a way for administrators to disable users from installing Firefox extensions?