On Fri, Sep 23, 2011 at 1:32 PM, Keith Roberts <keith at karsites.net> wrote: > On Fri, 23 Sep 2011, Paras pradhan wrote: > *snip* > >> No. This is a production server and nobody logs in. Very >> very restricted. > > Have you checked all your logs? What ports are open? > What CLI tools to format a HDD do you have on the server? > >> >>> >>> Also, is it possible for a trojan program to do this to your >>> HDD? >> >> Are there any know trojan that can change the disk layout? > > I don't know of any. What applications do you have running > on that server? > > You say a production server. What type of server - a web > hosting provider? > > What scripting languages do you have running on the server, > if any? > > If you give me an email directly, I might be able to do a > remote login for you, and some forensics, as that is one of > my many interests. Thank you for this. Right now we are running a tool on it to recover the data. And yes logs have nothing. Paras. > > Kind Regards, > > Keith Roberts > > ----------------------------------------------------------------- > Websites: > http://www.karsites.net > http://www.php-debuggers.net > http://www.raised-from-the-dead.org.uk > > All email addresses are challenge-response protected with > TMDA [http://tmda.net] > ----------------------------------------------------------------- > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >