Page 1 of 1

Got Hacked

Posted: 2020/06/17 05:00:33
by bocah
My server centos 7 server got hacked, can I know where the attacker came from? can anyone help me :roll: ?


Re: Got Hacked

Posted: 2020/06/17 07:52:19
by jlehtone
The system logs may or may not have got some entries, but the attacker might have erased or modified them.

1. Disconnect system from all networks immediately
2. Power off
3. Boot from USB/PXE into rescue mode to read files in /var/log
4. Completely erase and reinstall fresh

Re: Got Hacked

Posted: 2020/06/17 08:23:41
by MartinR
If you are in a big organisation your security department may prefer you not to power off, only isolate. Having an untouched system can assist in forensics. They will also prefer you not to boot so that the disks can be examined. If you are on your own though jlehtone's advice is, as usual, spot on.