Check the owner/group/time-stamps of these malicious files and try and correlate those with entries in your ftp/apache/susefirewall/app logs. If you don't have logging enabled for said app then shame on you, if log entries for those times are "missing" you've been pwned. Don't forget logs from your router, if you're storing them, since they may also be able to help correlate the connections/activity. -- Later, Darin On Tue, Dec 13, 2016 at 12:14 PM, Darin Perusich <darin@darins.net> wrote:
Check the owner/group/time-stamps of these malicious files and try and correlate those with entries in your ftp/apache/susefirewall/app logs. If you don't have logging enabled for said app then shame on you, if log entries for those times are "missing" you've been pwned. Don't forget logs from your router, if you're storing them, since they may also be able to help correlate the connections/activity.
-- Later, Darin
On Tue, Dec 13, 2016 at 9:48 AM, jdd <jdd@dodin.org> wrote:
Hello,
Some malicious files where written to my openSUSE (13.1, I know... obsolete :-() on nov 30
How can I trace what access was used, I suspect ftp, but it may also be php
thanks jdd
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org