Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello i think someone hacking my linux debian server. i have a minecraft server on it. yesterday the my internet died 3 times and it was only the internet. the LAN works. i needed to reboot the rauter to get back my internet. and when i turn off the server computer the internet works fine. hacker??
can i get some tips how to protect my server and internet
i have linux debian 6.0.3
minecraft server port is 25565 and 25566
Could've just been your ISP having a hiccup. A simple internet disconnection isn't necessarily the sign of a hacker and the best place to check is your /var/log anyways.
He brings up a good point, have you talked wiht your ISP about your upstream limit? Running a server, esp a hosted app like MineCraft or a Game server will consume quite a bit of upstream data and they may be killing your connection to prevent you from using it if you are not paying for it.
Checking with your ISP a good initial step. You should also focus on gathering data and evidence to determine if there is a problem and if so, to define the nature of the problem so that proper measures may be taken. Given the nature of your system, a game server, it is entirely possible, if not reasonable to expect, that you are being subject to malicious traffic. Consequently, a traffic analysis would be in order. To perform this analysis try using a combination of netstat to see the number of concurrent connections, ntop to see if you have a bandwidth hog, and tcpdump with a bpf filter and see if you can get a pcap dump for traffic analysis. See this thread (page 3) for some insights: http://www.linuxquestions.org/questi...100/page3.html
Could've just been your ISP having a hiccup. A simple internet disconnection isn't necessarily the sign of a hacker and the best place to check is your /var/log anyways.
You are going to need DATA to solve this problem. You need to obtain either router logs, or some other form of traffic analysis to determine the problem. Until you have obtained data, the rest is just useless speculation.
You are going to need DATA to solve this problem. You need to obtain either router logs, or some other form of traffic analysis to determine the problem. Until you have obtained data, the rest is just useless speculation.
ok but i can log data on the router but i can see the logs xD
Just an idea. I had a same issue and finally I found out that my router after cca. 3-4 years had such a serious holes that the ISP released a firmware upgrade. I upgraded the firmware and now it works fine.
Did you check whether the manufacturer of your router doesn't release a new firmware upgrade?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.