[CentOS] server is always getting hacked

John R Pierce pierce at hogranch.com
Sun Jun 28 21:05:29 UTC 2009


> 1) Make a good backup of the hacked system for data archival and forensic
> analysis.
> 2) Take the affected system off-line.
> 3) Check all other systems in your company as they are definitely at high
> risk.
> 4) Completely re-format and re-install any and all hacked boxes.
> 5) Change all passwords everywhere and make sure they are not recycled.
>   

I think you have steps 1 and 2 reversed.   take it offline THEN make the 
backups etc etc.    the infected systems disks should be mounted r/o on 
another secure system for doing said backups.





More information about the CentOS mailing list