How to restore a hacked Linux Server

Marius Ducea has a great article on How to restore a hacked Linux Server. He provides a very practical baseline on how you should develop your own plan of action to restore a hacked Linux Server. These are the steps he recommends:

– Don’t panic. Keep your calm and develop a plan of actions
– Disconnect the system from the network
– Discover the method used to compromise the system
– Stop all the attacker scripts and remove his files
– Restore not affected services
– Fix the problem that caused the compromise
– Restore the affected services
– Monitor the system

I’ve a personal experience of restoring a hacked Linux Server. I agree with all of his recommended steps. Out of them, I think finding the method (security hole) used to compromise the system is most important, because if you don’t know this then the attacker can immediately use the same security hole to attack and compromise the system after you restore.

Be Sociable, Share!
Posted in Admin, HowTo, Links, Linux/Unix, Network, Random, Security, Technology

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Recent Comments

Buddha Boy attacked and injured a guy with his sword? – Media on 'Buddha Boy' on Buddha Boy attacked and injured a guy with his sword?: […] http://nirlog.com/2007/07/20/buddha-boy-attacked-and-injured-a-guy-with-his-sword/ […]…(June 11, 2017, 11:54 am)
Shishir bhattarai on Mahabir Pun — the man who brought WiFi to Himalayas: I fell pride to him and…(June 7, 2017, 2:17 pm)
Shishir bhattarai on Mahabir Pun — the man who brought WiFi to Himalayas: I fell pride to him and thanks…(June 7, 2017, 2:15 pm)
The light of Asia on Meeting Buddha Boy: DeAnna, what are you taking about? What…(March 30, 2017, 5:27 pm)
The light of Asia on Meeting Buddha Boy: Religious person don’t rape their disciple or…(March 30, 2017, 5:03 pm)