I regularly use iftop, netstat and htop to see what is going on on my servers. I have found that raw information always helps the best in determining acitve compromised systems.
Kerem On Tue, Dec 6, 2011 at 11:55 AM, Lucio Crusca <[email protected]> wrote: > BH wrote: > > > I'm not sure if this has been said in this thread yet, but is it > > possible the host O/S was compromised? > > Nothing is impossible, security wise. However I'd talk about likelihood > instead. I own two other OpenVZ containers hosted in the same host OS. They > haven't been compromised, though they're very similar systems (Debian based > instead of Ubuntu). > The one that has been compromised is the only one having a online shop and > greater network traffic. > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- Kerem Erciyes - Sistem Danismani http://keremerciyes.com
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
