Details
0
0
0
s2sdefault

Early this year, I discovered my server was acting... kinda wonky (details here). In short, I feared that my server had been hijacked for some other, nefarious purposes. After that, I decided to start a forensics analysis, detailed here. 8 months later, after much additional research, I am looking back at my notes and writing up my "final word" on the matter.

Read more: Hijacked Server? - 8 months later... Add new comment
0
0
0
s2sdefault

Details
0
0
0
s2sdefault

In my ongoing desire to determine who/what/when/where/why my server had previously been compromised, I continue my analysis with the messages files and some other /var/log files.

Read more: Forensics File Analysis 4: messages Add new comment
0
0
0
s2sdefault

Details
0
0
0
s2sdefault

Here I go over the following files /etc/hosts*

This works out to 3 files total.

Read more: Forensics File Analysis 2: hosts* Add new comment
0
0
0
s2sdefault

Details
0
0
0
s2sdefault

In a bit of a panic, I moved all kinds of grub files, without fully realizing the consequences later on... In any case, I am going over the files that I do have, and noting what differences may exist. If there's anything that would cause my booting problems, it is likely the bootloader, grub.

Read more: Forensics File Analysis 3: grubs Add new comment
0
0
0
s2sdefault

Details
0
0
0
s2sdefault

In this article I am examining the /var/log/auth.log file for any indication of what/what/when my server may have been compromised.

Read more: Forensics File Analysis 1: auth.log 4 comments
0
0
0
s2sdefault
  1. Data Restore
  2. Data Recovery, Part 2
  3. Step 1: Data Recovery
  4. Hijacked Server?