BestHub
Sign in
Tagged articles
3 articles
Page 1 of 1
Efficient Ops
Efficient Ops
Apr 10, 2024 · Information Security

How to Detect and Recover from a Linux Server Intrusion: A Step‑by‑Step Guide

This article walks through the symptoms, root causes, forensic commands, and remediation actions taken to investigate and clean a Linux server that was compromised, highlighting key security lessons such as tightening SSH access, monitoring critical files, and restoring locked system utilities.

Cron JobsForensicsLD_PRELOAD
0 likes · 15 min read
How to Detect and Recover from a Linux Server Intrusion: A Step‑by‑Step Guide
MaGe Linux Operations
MaGe Linux Operations
Mar 21, 2024 · Information Security

How to Detect and Recover from a Linux Server Intrusion: Step‑by‑Step Guide

This article walks through a real‑world Linux server breach, detailing the observed symptoms, investigative commands, hidden malicious scripts, file‑locking tricks, and a comprehensive remediation process that includes tightening security groups, strengthening passwords, monitoring critical files, and restoring compromised system utilities.

ForensicsLD_PRELOADSecurity
0 likes · 14 min read
How to Detect and Recover from a Linux Server Intrusion: Step‑by‑Step Guide
MaGe Linux Operations
MaGe Linux Operations
Feb 26, 2017 · Information Security

How We Traced and Stopped a UDP Flood Attack on an Oracle‑Tomcat Server

During the Chinese New Year a client’s Oracle‑Tomcat server was overwhelmed by massive UDP traffic, prompting a forensic investigation that uncovered a hidden Trojan, detailed command‑line analysis, iptables hardening, and the root cause of a weak SSH password left after a hardware upgrade.

Linux forensicsSSH Securityincident response
0 likes · 5 min read
How We Traced and Stopped a UDP Flood Attack on an Oracle‑Tomcat Server