I just turned my server off yesterday, after it began to distribute comment spam across the internet, at an astounding rate over 70 "spams"/min, bottom of the line 1/2 gig ram VPS. I'm still trying to figure out how there are doing this, but one possibility is an injected file, injected by MySQL. The reason I'm suspicious about MySQL is that I may have leaked the credentials of a user with full power... Oooopss (Don't ever trust a .gitignore if you don;t know exactly what you're doing)!
The question for real:
How could I tell if somebody tried to add/modify a file on my server, given full admin mysql powers. Bonus if I can find the file... I have something really special planned for it.* The biggest problem is I don't have a mysql query log :/...
System stats:
- Ubuntu 14.0.4
- Apache 2. somthing
- MySQL ... ?
I can look if you need, but I don't want to turn it back on if it can be helped
* I'd never attack back... ever... I was just thinking something like deleting it character by character, slowly and deliberately. Maybe sending it to some laboratory to test vaccines on, pointy needles required!
Aucun commentaire:
Enregistrer un commentaire