On Fri, Sep 23, 2011 at 1:32 PM, Keith Roberts keith@karsites.net wrote:
On Fri, 23 Sep 2011, Paras pradhan wrote: *snip*
No. This is a production server and nobody logs in. Very very restricted.
Have you checked all your logs? What ports are open? What CLI tools to format a HDD do you have on the server?
Also, is it possible for a trojan program to do this to your HDD?
Are there any know trojan that can change the disk layout?
I don't know of any. What applications do you have running on that server?
You say a production server. What type of server - a web hosting provider?
What scripting languages do you have running on the server, if any?
If you give me an email directly, I might be able to do a remote login for you, and some forensics, as that is one of my many interests.
Thank you for this. Right now we are running a tool on it to recover the data.
And yes logs have nothing.
Paras.
Kind Regards,
Keith Roberts
Websites: http://www.karsites.net http://www.php-debuggers.net http://www.raised-from-the-dead.org.uk
All email addresses are challenge-response protected with TMDA [http://tmda.net]
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos