Le 13/12/2016 à 18:14, Darin Perusich a écrit :
Check the owner/group/time-stamps of these malicious files
I was sure I could make an error... I copied out the faulty folder, but didn't do this as root and so the owner is no more the initial one. At first glance I only noted the date (nov 30) and try and
correlate those with entries in your ftp/apache/susefirewall/app logs.
yes but where are these logs. No "ftp" in /var/logs. Probably some syntax with journalctl I certainly have them for the FW yes, I have them and for the dedicated day. but there are 15223 lines... how can I find the lines giving access to the computer? what have I to search for?
If you don't have logging enabled for said app then shame on you, if log entries for those times are "missing" you've been pwned. Don't forget logs from your router, if you're storing them, since they may also be able to help correlate the connections/activity.
it's a hosted computer, online, no router thanks jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org