Files are definitely being deleted. Which log would I look in ?
It's a common Linux cpanel hosting plan. On Tue, Jun 2, 2015 at 3:01 PM, gr0ve <gr...@exemail.com.au> wrote: > Hi David, > Are you sure the .php files are being removed by a malicious actor? Are > there log entries or other traces that indicate an exposure to an exploit? > To remove files from a system would leave traces of > activity, even remotely and subsequent tampering to cover it up is usually > clumsily executed and easily identified. > It would depend also on your specific php version but you could install > suhosin to log any out of band activity. If you think a malicious actor is > deleting files, check also your database links for insertion attacks or > other indications of attempted tampering. I suspect an in house error such > as a bad day for someone, or a rogue cron job, perhaps, or if you are > exposed to the ext4 corruption bug on Linux, look there. > Without more information, I always assume a more local problem first, as > opposed to intrusion etc. > > -- > rachel polanskis > IT Consulting, UNIX & Macintosh > Greater Western Sydney > <gr...@exemail.com.au> > > > On 2 Jun 2015, at 13:57, David Lyon <david.lyon.preissh...@gmail.com> > wrote: > > > > Hello all, > > > > One place I do work for is having trouble with Hacker activity. > > > > Let's face it, there are hacker's out there trying to take down systems. > > > > The specific issue I'm seeing is .php files vanishing from the web > server. > > > > This is annoying and I'm wondering if any others are seeing anything like > > this. > > > > I'm also wondering what specific steps can be taken to minimise hacking > > problems. > > > > We don't have a big budget, a counter-hacking team or anything like that. > > > > To me it looks like the ISP may have been hacked in a similar way as > > GoDaddy was hacked in the US. > > > > Regards > > > > David > > -- > > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
