On Tue, 2009-11-24 at 14:08 +0300, AhmedPanel wrote: > Hello folks, > > An intruder accessed my system possibly through "ssh" and deleted the > whole log directory. This morning, clients on a LAN could not access > internet because machines could not get IP addresses. When I accessed > the server, there's internet at the server but cant go beyond. > Restarting the system, could not even start "system logger" I tried to > check the log messages, the log directory could be traced up. cd > to /var, I only found two directories > > lock and run > > How based can I recover this server without doing a fresh installation > and configuration?. This is a server running as a mail server too. > > > Looking forward to hearing from you. > > > Best, > Ahmed
Hi Ahmed, >From the security perspective fresh install is the only way to go, you cannot be sure that your current system is not compromised, there could be some back-door left so even changing the passwords and removing ssh keys might not help. Regards Paul Ryszka _______________________________________________ ebox-user mailing list [email protected] http://lists.ebox-platform.com/cgi-bin/mailman/listinfo/ebox-user
