Abuse Complaint - where to look and for what to check?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Ok, tnx, there was some intruder, but it will be ok.
No it will not be OK. Your machine running an "online shop application written in php" clearly was not investigated well enough to help prevent the second wave of attacks. Blithely continuing on your current course, ignoring facts and opening new threads as if nothing happened, is not the way to ensure data safety and costumer trust.
- If you fixed things then please tell us what the infection vector was and what you did to ensure this does not happen again.
- If you think you could use our freely available help then all you have to do is cooperate and post the information requested.
- If you want to look for help elsewhere I suggest hiring a capable admin.
by 'the provider' you mean the organisation that provides hosting to you...
If this is the case, be aware that things have now become worse:
Previously, there was evidence and a likelihood that your system was causing the problem, now there is something that could be described as proof.
There was a problem; you have tried to deal with it, without causing disruption. That didn't work.
Having had the problem twice, there can be a limited amount of tolerance for ineffectual 'cures' from here on in.
If nothing else, I would like to know from my own point of view, what was the true cause, so that I know as much as possible which attack vectors are currently 'live'.
Quote:
what will be your advice, what to do?
for pity's sake:
take it very seriously
try to find the problem and cure that problem
continue to take security seriously, please: if this continues, if your provider doesn't cut you off, the credit card orgs probably will, unless you can demonstrate compliance and if you tried to do that in your current situation, they'd have your head on a spike so fast it wouldn't even hurt
Apologies to everyone else who is subscribed to this thread, but could I make an additional plea to the Original Poster to start answering the questions asked, in particular the questions asked in the original post by unSpawn, who asked some very specific questions, the answers to which would help in pinpointing the specific problem.
I must repeat unSpawn's case (and Hangdog42 and GrapefruiTgirl) that there is no point just now in generic, good practice, advice, nice as that may be in the slightly longer term, when there is a specific problem that needs to be attacked urgently.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.