My server centos 7 server got hacked, can I know where the attacker came from? can anyone help me ?
Tanks
Got Hacked
Re: Got Hacked
The system logs may or may not have got some entries, but the attacker might have erased or modified them.
1. Disconnect system from all networks immediately
2. Power off
3. Boot from USB/PXE into rescue mode to read files in /var/log
4. Completely erase and reinstall fresh
1. Disconnect system from all networks immediately
2. Power off
3. Boot from USB/PXE into rescue mode to read files in /var/log
4. Completely erase and reinstall fresh
Re: Got Hacked
If you are in a big organisation your security department may prefer you not to power off, only isolate. Having an untouched system can assist in forensics. They will also prefer you not to boot so that the disks can be examined. If you are on your own though jlehtone's advice is, as usual, spot on.