Linux Server hacked knowledge points

Source: Internet
Author: User

At ordinary times, some friends may encounter the problem of server hacking. After collecting and sorting out relevant materials, I have found a solution for Linux Server hacking, I hope you will have a lot to learn. If you have installed all the correct patches, have tested firewalls, and have activated Advanced Intrusion Detection Systems at multiple levels, then you will be hacked only in one situation, that is, you are too lazy to do what to do, such as installing the latest BIND patch.

It is really embarrassing to be hacked without being careful. More seriously, some script moles will download some well-known "root kits" or popular spying tools, these occupy your CPU, memory, data, and bandwidth. Where did these bad guys start? This starts with the root kit.

A root kit is actually a software package that hackers use to provide themselves with root-level access permissions to your machine. Once the hacker can access your machine as root, everything is done. The only thing you can do is to back up your data with the fastest efficiency, clear the hard disk, and reinstall the operating system. In any case, it is not easy to restore your machine once it is taken over by someone.

Can you trust your ps command?

The first trick to find out the root kit is to run the ps command. Everything may seem normal to you. The figure below shows an example of ps command output. The real problem is, "Is everything really normal ?" A common trick for hackers is to replace the ps command, and the ps on the replace will not show illegal programs running on your machine. To test files, check the size of your ps file, which is usually located in/bin/ps. In our Linux machine, it is about 60 kb. I recently met a ps Program replaced by the root kit, which is about 12 kb in size.

Another obvious scam is to link the root command history file to/dev/null. This command history file is used to track and record commands used by a user after logging on to a Linux machine. Hackers redirect your history files to/dev/null so that you cannot see the commands they have input.

You can access your history file by typing history at the shell prompt. If you find that you are using the history command and it does not appear in the list of commands you have used before, you should take a look at your ~ /. Bash_history file. If the file is empty, execute an ls-l ~ /. Bash_history command. After you execute the preceding command, you will see the following output:
-Rw ------- 1 jd 13829 Oct 10/home/jd/. bash_history

Alternatively, you may see output similar to the following: lrwxrwxrwx 1 jd 9 Oct 10/home/jd/. bash_history->/dev/null
If you see the second one, it indicates that the. bash_history file has been redirected to/dev/null. This is a fatal message. Now, you can immediately disconnect your machine from the Internet, back up your data as much as possible, and reinstall the system.

To solve the problem of Linux Server hacking, you need to find an unknown user account:
When you plan to perform a test on your Linux machine, it is wise to first check whether an unknown user account exists. When you log on to your Linux server the next time, run the following command:
Grep: x: 0:/etc/passwd
There is only one line. I will emphasize that in a standard Linux installation, the grep command should return only one line, similar to the following:
Root: x: 0: 0: root:/bin/bash
If your system returns more than one row after the previous grep command is typed, the problem may occur. The UID of only one user should be 0. If the returned result of the grep command exceeds one row, more than one user will be returned. Seriously, the above are some good basic methods for discovering hacker behavior. However, these techniques cannot constitute sufficient security, and their depth and breadth are far from the intrusion detection system mentioned in the article.

The above is a small point of knowledge about the solution to linux Server hacking.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.