[CentOS] data recovery

Fri Sep 23 19:26:22 UTC 2011
Paras pradhan <pradhanparas at gmail.com>

On Fri, Sep 23, 2011 at 1:32 PM, Keith Roberts <keith at karsites.net> wrote:
> On Fri, 23 Sep 2011, Paras pradhan wrote:
> *snip*
>
>> No. This is a production server and nobody logs in. Very
>> very restricted.
>
> Have you checked all your logs? What ports are open?
> What CLI tools to format a HDD do you have on the server?
>
>>
>>>
>>> Also, is it possible for a trojan program to do this to your
>>> HDD?
>>
>> Are there any know trojan that can change the disk layout?
>
> I don't know of any. What applications do you have running
> on that server?
>
> You say a production server. What type of server - a web
> hosting provider?
>
> What scripting languages do you have running on the server,
> if any?
>
> If you give me an email directly, I might be able to do a
> remote login for you, and some forensics, as that is one of
> my many interests.

Thank you for this. Right now we are running a tool on it to recover the data.

And yes logs have nothing.

Paras.

>
> Kind Regards,
>
> Keith Roberts
>
> -----------------------------------------------------------------
> Websites:
> http://www.karsites.net
> http://www.php-debuggers.net
> http://www.raised-from-the-dead.org.uk
>
> All email addresses are challenge-response protected with
> TMDA [http://tmda.net]
> -----------------------------------------------------------------
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>