System crash and a lot of lines in dmesg with ssh-scan segfault
Client called me because can’t access to the application.
So login in system and surprise! I cant execute ps, ls and netstat commands and postgresql is down. These files has other owners.
The last lines in dmesg are like :
[21461.249801] ssh-scan[11199]: segfault at 0 ip 0000000008048e33 sp 00000000ffd12d10 error 4 in ssh-scan[8048000+c0000]
What could be the problem? And the solution?
The OS: Ubuntu Server 12.04LTS x64
You’ve been compromised an the attacker seems to have been running an ssh scanning bot against external hosts.
The solution is up to you, but I suspect that you will need to rebuild the server after recovering any important data.
Check more discussion of this question.
Related posts:
Leave a comment
Recent Posts
- SCP transfer only modified files
- How can I automate clearing and resetting a Linux user’s home directory to a default?
- Cron expression that runs every 5 minutes from 1:30 am – 6:00 am [duplicate]
- Understanding redundant power supplies
- Is there a way for administrators to disable users from installing Firefox extensions?
Tags
active-directory
amazon-ec2
apache
apache2
backup
bash
centos
cisco
command-line
debian
dns
email
exchange
firewall
iis
iis7
iptables
linux
macosx
monitoring
mysql
networking
nginx
performance
permissions
php
postfix
raid
security
sql-server
sql-server-2005
sql-server-2008
ssh
ssl
ubuntu
unix
virtualization
vpn
webserver
windows
windows-7
windows-server-2003
windows-server-2008
windows-server-2008-r2
windows-xp