[prev in list] [next in list] [prev in thread] [next in thread]
List: jaxlug-list
Subject: Re: [JAXLUG] Website attacked,
From: Riskable <Riskable () youknowwhat ! com>
Date: 2006-05-21 13:31:31
Message-ID: 200605210931.37679.Riskable () youknowwhat ! com
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
On Saturday 20 May 2006 8:36 pm, Bantu K. Bryant wrote:
> My family website was attacked I guess just because some felt they could.
> In trying to connect I get the message no file ay var/www/http. I have
> found in deleted bin what appears to be parts of the website and a
> mysterious file which I do not have permission to do anything with. Should
> I wipe the hard drive and start over. I,m using fedora core 2. I have fc4
> on cd and fc5 on dvd. I would like to save some of the old website if at
> all possible. Is there a way to put what in in the recycling bin back in
> the directory where they belong. Any advise would greatly be appreciated. I
> would like to also upgrade Apache to at least 2,2.
If you're really curious to know what happened, you should make a dd image of
the disk first and then wipe/rebuild it. You can use forensics tools to poke
around on the disk image to see the last things that happened to the drive.
You can even later mount the dd image and grab and data that was left.
--
-Riskable
http://www.riskable.com
"I have a license to kill -9"
GPG Key: http://riskable.com/r.asc
[Attachment #5 (application/pgp-signature)]
_______________________________________________
Jaxlug-list mailing list
Jaxlug-list@jaxlug.org
http://mailman.jaxlug.org/mailman/listinfo/jaxlug-list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic