[CentOS] server is always getting hacked
John R Pierce
pierce at hogranch.com
Sun Jun 28 21:05:29 UTC 2009
> 1) Make a good backup of the hacked system for data archival and forensic
> analysis.
> 2) Take the affected system off-line.
> 3) Check all other systems in your company as they are definitely at high
> risk.
> 4) Completely re-format and re-install any and all hacked boxes.
> 5) Change all passwords everywhere and make sure they are not recycled.
>
I think you have steps 1 and 2 reversed. take it offline THEN make the
backups etc etc. the infected systems disks should be mounted r/o on
another secure system for doing said backups.
More information about the CentOS
mailing list