WoooHaaaa

Asked: 2013-10-19 01:59:43 +0800 CST2013-10-19 01:59:43 +0800 CST 2013-10-19 01:59:43 +0800 CST

How to detect malicious script in my CentOS server? [duplicate]

772

I am warned from my VPS provider that my server sends a lot of SSH SYN Attack to other servers, but I have no idea how to deal with it.

Here's the detail my provider sent me:

enter image description here

Where can I find the logs that record all of these attack in my server?
How do I deal with this (find the script that send these request) step by step ?

1 Answers

Voted

WoooHaaaa
2013-10-19T02:33:01+08:002013-10-19T02:33:01+08:00
Finally I find the script.

ps -ef I found 10 processes named ./u2000 &, I thought it was wired.

ls -l /prod/PID/exe I find it links to Tomcat/bin/u2000.

I never know such a thing in Tomcat, so I just remove it and stop all its processes.

Disable tomcat's web console and users.

Change tomcat dir to a standalone user which has limited permission.
0

Web Analytics Made Easy - Statcounter