hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : how to track down an attack?
Reply

Hosting Security and Technology Configuring and optimizing web hosting servers and operating systems, developing administration scripts, building servers, protecting against hackers, and general security (SSL certificates, etc.)
Forum Jump

how to track down an attack?

Reply Post New Thread In Hosting Security and Technology Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 04-19-2003, 07:21 PM
bueno bueno is offline
Web Hosting Guru
  
Join Date: Dec 2002
Posts: 269

how to track down an attack?

as the title said

Reply With Quote


Sponsored Links
  #2  
Old 04-19-2003, 07:34 PM
daveman daveman is offline
Web Hosting Master
  
Join Date: Sep 2002
Posts: 873
Look in your logs. If you want more details you need to provide more details as to what you are looking for.

__________________
Advanced Forum Hosting
http://www.boardnation.com
Easily build a community today!

Reply With Quote
  #3  
Old 04-19-2003, 07:37 PM
bueno bueno is offline
Web Hosting Guru
  
Join Date: Dec 2002
Posts: 269
where are that logs being?
then how to look into it?

step by step manual is appreciated

Reply With Quote
Sponsored Links
  #4  
Old 04-19-2003, 07:40 PM
Spingen Spingen is offline
Aspiring Evangelist
  
Join Date: Nov 2002
Location: Toronto, ON
Posts: 441
Maybe its time to buy a couple of books on your servers operating system. If its a *nix based os, then your logs will be in /var/log/

__________________
http://www.spingen.com :: Internet Solutions
Multiple Domain Hosting Packages
msn: support@spingen.com

Reply With Quote
  #5  
Old 04-19-2003, 07:46 PM
Eric Lim Eric Lim is offline
Web Hosting Master
  
Join Date: Feb 2003
Location: Providence, RI
Posts: 1,512
First, I would recommend to install some third party softwares to analize the logs files for you every early morning and send an email.

For example:

http://www.logwatch.org/
http://sourceforge.net/projects/psad/

Read their documentation and install it at your own risk.

There are several good ones but do a search on google and you'll find out more.

Do a cat /etc/syslogd.conf, all your logs will be recorded according to the configuration inside the file syslogd.conf

Read them carefully and do a search on google when it's neccesery.

Configure iptables or ipchains to access only the ports that are considered being used. Or maybe install a firewall to do that for you.

No machines are completely secured and every of them brings the chance of being compromised. Make sure all your packages are up-to-date. If you think it's neccesery, either you have to do lots of reading or hire a sys admin dedicate to taking care your server.

Reply With Quote
  #6  
Old 04-19-2003, 07:47 PM
bueno bueno is offline
Web Hosting Guru
  
Join Date: Dec 2002
Posts: 269
I read many books about Linux Adminstration but I did't get a specific subject about tracking hackers or such topic

Reply With Quote
  #7  
Old 04-19-2003, 07:49 PM
bueno bueno is offline
Web Hosting Guru
  
Join Date: Dec 2002
Posts: 269
cyberservers, Perfect

Thanks

Reply With Quote
  #8  
Old 04-19-2003, 08:07 PM
iago iago is offline
Junior Guru
  
Join Date: Aug 2002
Posts: 192
you can try also logcheck, thats a really great program,.. also portsentry to chech for scans, etc

logcheck checks every few minutes all your log files and if it finds something strange it will email you inmediately with the details

Reply With Quote
  #9  
Old 04-20-2003, 05:34 AM
Slidey Slidey is offline
Web Hosting Master
  
Join Date: Apr 2003
Location: UK
Posts: 2,560
learn about your os, work out about getting audit trails

logs wont do you any good if your attacker has had half a day of script kiddieness practice.. learn to secure your machine, as you'll find that most hackers hide their trail, through multiple other servers, and through cleaning logs, trojaning binaries etc

if you can get a copy of any trojaned binaries i'd be interested in taking a look pls..

Reply With Quote
Reply

Related posts from TheWhir.com
Title Type Date Posted
Prolexic Quarterly DDoS Report Finds 11 Percent Increase in Average Attack Bandwidth Over Q2 Web Hosting News 2012-10-17 12:29:18
Web Hosting Talk Message Board Back Online Following DDoS Attack Web Hosting News 2012-09-12 11:59:42
Blogging Site LiveJournal Hit by Ongoing DDoS Attack Web Hosting News 2011-12-08 16:35:38
4Chan Website Back Online After Days of Sustained DDoS Attack Web Hosting News 2011-11-16 15:44:05
Web Host Netregistry Hit by DDoS Attack Web Hosting News 2011-09-26 14:11:33


« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:

cPanel Addresses User Concerns of Transfer and Backup Restore System Security

US Attorney says Government Should Have Warrants to Search Email

8kMiles Acquires Cloud Security Firm FuGen Solutions for $7.5 Million

Name.com Resets Customer Passwords After Security Breach

Outbound Spam Causing Sleepless Nights?

Malwarebytes Launches Data Scan-and-Backup Service

Commtouch Report: Spam, Malware Continues to Increase in Q1 2013

Researchers Urge System Admins to Check for New Apache Web Server Backdoor Malware

APWG Study Finds Phishers Increasingly Target Shared Virtual Servers

Man Arrested in Connection to Spamhaus DDoS Attacks



 

Learn more about advertising opportunities across the iNET Interactive Network.

LiquidWeb
X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?