The guys who are commonly called "script devils" belong to that kind of bad hack, because basically many of them and most people are so unskilled. It can be said that if you install all the correct patches, have a tested firewall, and activate advanced intrusion detection systems at multiple levels, then in only one case you will be hacked, that is, you Too lazy to do what to do, for example, to install the latest patch for BIND.
It’s really embarrassing to be unknowingly black. What’s more, some scripts will download some well-known “root kits” or popular spying tools, which take up you. CPU, memory, data and bandwidth. These bad guys started from there? This starts with the root kit.
A root kit is actually a package that hackers use to provide themselves with root-level access to your machine. Once the hacker can access your machine as root, everything is done. The only thing you can do is back up your data with the fastest efficiency, clean the hard drive, and reinstall the operating system. In any case, once your machine is taken over by someone, recovery is not an easy task.
Can you trust your ps command?
The first trick to find out the root kit is to run the ps command. It may be normal for you to see everything. The illustration is an example of a ps command output. The real question is, "Is everything really normal?" One trick that hackers often use is to replace the ps command, and the ps on this replacement will not show the illegal programs that are running on your machine. To test this, you should check the size of your ps file, which is usually located at /bin/ps. It has about 60kB on our Linux machine. I recently encountered a ps program that was replaced by a root kit. This thing is only about 12kB in size.
Another obvious scam is to link the root command history file to /dev/null. This command history file is used to track and record the commands used by a user after logging in to a Linux machine. The purpose of hackers redirecting your history files to /dev/null is that you can't see the commands they have entered.
You can access your history file by typing history at the shell prompt. If you find yourself using the history command and it does not appear in the list of commands you have used before, you should take a look at your ~/.bash_history file. If the file is empty, execute an ls -l ~/.bash_history command. After you execute the above command you will see output similar to the following:
-rw------- 1 jd jd 13829 Oct 10 17:06 /home/jd/. Bash_history
Alternatively, you may see output similar to the following:
lrwxrwxrwx 1 jd jd 9 Oct 10 19:40 /home/jd/.bash_history - > /dev/null
If you see the second, it means that the .bash_history file has been redirected to /dev/null. This is a fatal message, immediately disconnect your machine from the Internet, back up your data as much as possible, and start reinstalling the system.
Finding Unknown User Accounts
When you plan to do a test on your Linux machine, it is wise to first check if there is an unknown user account. The next time you log in to your Linux machine, type the following command:
grep :x:0: /etc/passwd
Only one line, I am Emphasize that in a standard Linux installation, the grep command should only return one line, similar to the following:
root:x:0:0:root:/root:/bin/bash
If your system returns more than one line after typing the previous grep command, there may be a problem. There should be only one user whose UID is 0, and if the grep command returns more than one line, it means more than one user.
Seriously, although these are good basic methods for discovering hacking behavior. But these techniques alone do not constitute sufficient security, and their depth and breadth are far worse than the intrusion detection systems mentioned in the article.
First of all, you must establish a peer-to-peer LAN, and set the IP a
Q) What is the compatibility of x3610? Which ones are supported? Q) What is the d
First, download the file dv_iis_url_rewrite.zip, (http://down.51one.net/newcode/b
analyzes the technical characteristics of the dual-core processors produced by the six server proces
Briefly use linux to build www server (3)
The five questions that the rookie on the road server must understand
Windows Server 2008 IIS 7 running php configuration method
Common Causes of Disk Array "Down"
Fatal error: Maximum execution time of 30 seconds exceeded in F:\\webs1\\
Automation server can not create multiple solutions for objects
Discuz (1040) notconnect error solution
Http header header information parameters explain
Comprehensive interpretation: What is a Web service?
Personality settings CMD command line is not allowed to let go
Solve the U disk in Win8 can not stop the method
Win7 DVD drive can not find a solution
How to clear all previous running records in win7 computer?
Win8 above can find the recovery machine to restore
Win7 error 0x00000040 solution
What if the Win7 network connection is not available?
What should I do if there is no attribute item in the right-click menu of Win10 10130 system?