Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
First off, if this message should be in a different forum I'm sorry, Was a tossup between where I found other Reiser stuff, and the Security forum.
This morning, my linux box was down when I came to work. I got into it and looked at my log files and found nothing. But there was a new /home/chris directory, with no files in it. No command log or anything. I could not get to the webpages that I had setup, and while working with the box I got errors about bad sectors. I shut down the system and a reboot did not repair the reiserfs. I restarted again with a bootable CD and I cannot get reiserfsck to rebuild-tree, or fix-fixable. It reports there is a bad block. this may be a hardware issue. I'm not sure which version of reiserfsck I have, but I do have Slackware 9.0. I do not know how the hack came in, because the only ports that are open to the outside are 21(SSH), and 8080(HTTP). My password, though not foolproof is very well constructed against hacking and the root password is even stronger.
My first question is, is there a way that this person could have created bad blocks on my hard drive in and effort to keep me from finding him/her?
My second question is, How do I get reiserfs to recognize these bad blocks and allow me to mount the hard drive, or is there a way to have mount not check the disk when I'm mounting it?
I know some of my software is out of date, and maybe that is how they found a way in the system. I'm only a techie part of the time so I don't get all the updates done when they should be. I do have a backup of the mysql database, and of the home directory that was done 2 days ago. Yesterday's backup, and the one from the day before were both corrupt.
I am going to install Slackware 10.0 on a new hard drive in this computer, and hook up the old one as a slave so that i can try and run reiserfsprogs, and see if there is anything I can do to get at the information to track this hacker down. I will be using Ext3 now also, because there are soooo many more tools out here to help with it.
I will have to lock out port 21 now, because I'm paranoid now, and I'll have to setup the webpages on a random port instead of using a common port like 8080.
This is all done on our router, that was given us by our ISP.
Any help in with getting back into this hard drive, or recommendations to help figure out what happened would be greatly appreciated.
Maybe it's a typo, but port 21 is ftp, not ssh - unless you've done something odd.
As far as reiser goes, did you get it to mount the filesystem at all? Did you mount as read only for the first check? Can you run a check at all (i.e., mount as ro and run reiserfsck --check /dev/hda)? is this your system drive or a separate, storage drive?
...Just trying to get a feel of where you're at in the process.
You probably know, but to run resierfsck --check, the drive must be mounted ro, but you run the check on the /dev entry for the drive. To run --rebuild-tree, it must be unmounted.
Sorry, typo on the port number. It is the standard SSH port.
I cannot get the drive to mount, and I don't know the syntax to force it to mount even when there are errors.
I have 4 partitions no a single HD. The first 3 have errors, and the 4th (/home) has no errors(bad blocks). I can run reiserfsck /dev/hda? on each of the partitions without mounting them. I believe this just does a check, and on hda1, 2, & 3 it gives me the errors mentioned above with 5-10 cannot read from sector, and (Error Uncorrectable), then it finally says bad block (###) could be hardware problem.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.