Yesterday night I received a message that my server was down for about one hour. Because we have had several attacks before we have secured our server. However the security seems to be not 100% secure. We have installed a firewall (APF) that has ddos protection and filters some ip addresses using dshield. I also secured the /tmp folder using scripts/securetmp. However I found a file in the /tmp folder called KDE.
(1) is there a way to check if this script was runned in /tmp?
(2) is there a way to see what happened before the server went down?
(3) are there any logs about who gained access to /tmp?
(4) is there a way to find out who uploaded that file?
(5) is there a way to search in the .php files in /home/ for uploaders who may have uploaded the file?
(6) is there a way to check if someone can execute files as nobody in the /tmp folder? (does anyone have a simple program to check this?)
Below I will post the file that was uploaded and the traffic stats of my server.
Many thanks in advance for helping me!!



LinkBack URL
About LinkBacks
Reply With Quote
.





