Need help with Linode Server
- or -
Post a project like this£20(approx. $25)
- Posted:
- Proposals: 7
- Remote
- #1924646
- Expired
Description
Experience Level: Intermediate
You must be able to SSH to the Linode. Previous experience necessary.
Got a message from Linode that there is malicious activity going out from the server.
I want someone to investigate the cause of this.
This is what they have advised to do:
If you believe that your Linode has been compromised, you can start troubleshooting by auditing the following log files and writable directories:
- /var/log/auth.log : Check this log file for signs of unauthorized access and brute-force attempts. Use the ‘last’ command to cross reference recent account logins with this file.
- /tmp : This directory is often used by malicious parties to store files
- Web server logs: There may be a vulnerable script or web application. The location of these log files depends on your web server (apache, nginx, etc.) configuration.
- ps aux : Use this command to audit running processes for foreign processes
This is the information they have provided that made them think there is suspicious activity. Needs to be done immediately today.
tcp 0 0 178.79.189.218:443 45.79.71.50:45043 ESTABLISHED
tcp 0 0 178.79.189.218:443 45.79.71.50:45063 ESTABLISHED
tcp 0 0 178.79.189.218:443 45.79.71.50:45154 ESTABLISHED
tcp 0 0 178.79.189.218:443 45.79.71.50:45113 ESTABLISHED
tcp 0 0 178.79.189.218:443 45.79.71.50:45114 ESTABLISHED
tcp 0 0 178.79.189.218:443 45.79.71.50:45059 ESTABLISHED
tcp 0 0 178.79.189.218:443 45.79.71.50:45032 ESTABLISHED
tcp 0 0 178.79.189.218:443 45.79.71.50:45013 ESTABLISHED
tcp 0 0 178.79.189.218:443 45.79.71.50:45051 ESTABLISHED
tcp 0 0 178.79.189.218:443 45.79.71.50:45027 ESTABLISHED
tcp 0 0 178.79.189.218:443 45.79.71.50:44990 ESTABLISHED
tcp 0 1099 178.79.189.218:443 45.79.71.50:45072 ESTABLISHED
tcp 0 0 178.79.189.218:443 45.79.71.50:45094 ESTABLISHED
tcp 0 0 178.79.189.218:443 45.79.71.50:44992 ESTABLISHED
tcp 0 0 178.79.189.218:443 45.79.71.50:45008 ESTABLISHED
tcp 0 0 178.79.189.218:443 45.79.71.50:45033 ESTABLISHED
tcp 0 0 178.79.189.218:443 45.79.71.50:45029 ESTABLISHED
We received a message about this Linode attempting to connect to other servers. Above is what we were given. If you have anymore questions or updates, please let us know.
------
My linode is an email verification system so need to know what's at the root of this issue and how we can fix it. I specifically need to answer these 3 questions honestly back to Linode.
1) What was the source of the issue?
2) What steps did you take to resolve this issue?
3) What steps did you take to prevent this from occurring again?
Thanks.
Got a message from Linode that there is malicious activity going out from the server.
I want someone to investigate the cause of this.
This is what they have advised to do:
If you believe that your Linode has been compromised, you can start troubleshooting by auditing the following log files and writable directories:
- /var/log/auth.log : Check this log file for signs of unauthorized access and brute-force attempts. Use the ‘last’ command to cross reference recent account logins with this file.
- /tmp : This directory is often used by malicious parties to store files
- Web server logs: There may be a vulnerable script or web application. The location of these log files depends on your web server (apache, nginx, etc.) configuration.
- ps aux : Use this command to audit running processes for foreign processes
This is the information they have provided that made them think there is suspicious activity. Needs to be done immediately today.
tcp 0 0 178.79.189.218:443 45.79.71.50:45043 ESTABLISHED
tcp 0 0 178.79.189.218:443 45.79.71.50:45063 ESTABLISHED
tcp 0 0 178.79.189.218:443 45.79.71.50:45154 ESTABLISHED
tcp 0 0 178.79.189.218:443 45.79.71.50:45113 ESTABLISHED
tcp 0 0 178.79.189.218:443 45.79.71.50:45114 ESTABLISHED
tcp 0 0 178.79.189.218:443 45.79.71.50:45059 ESTABLISHED
tcp 0 0 178.79.189.218:443 45.79.71.50:45032 ESTABLISHED
tcp 0 0 178.79.189.218:443 45.79.71.50:45013 ESTABLISHED
tcp 0 0 178.79.189.218:443 45.79.71.50:45051 ESTABLISHED
tcp 0 0 178.79.189.218:443 45.79.71.50:45027 ESTABLISHED
tcp 0 0 178.79.189.218:443 45.79.71.50:44990 ESTABLISHED
tcp 0 1099 178.79.189.218:443 45.79.71.50:45072 ESTABLISHED
tcp 0 0 178.79.189.218:443 45.79.71.50:45094 ESTABLISHED
tcp 0 0 178.79.189.218:443 45.79.71.50:44992 ESTABLISHED
tcp 0 0 178.79.189.218:443 45.79.71.50:45008 ESTABLISHED
tcp 0 0 178.79.189.218:443 45.79.71.50:45033 ESTABLISHED
tcp 0 0 178.79.189.218:443 45.79.71.50:45029 ESTABLISHED
We received a message about this Linode attempting to connect to other servers. Above is what we were given. If you have anymore questions or updates, please let us know.
------
My linode is an email verification system so need to know what's at the root of this issue and how we can fix it. I specifically need to answer these 3 questions honestly back to Linode.
1) What was the source of the issue?
2) What steps did you take to resolve this issue?
3) What steps did you take to prevent this from occurring again?
Thanks.
Unicorn Byte
99% (72)Projects Completed
53
Freelancers worked with
43
Projects awarded
36%
Last project
9 Jan 2024
United Kingdom
New Proposal
Login to your account and send a proposal now to get this project.
Log inClarification Board Ask a Question
-
Hello there,
Is the job still active?
611952
We collect cookies to enable the proper functioning and security of our website, and to enhance your experience. By clicking on 'Accept All Cookies', you consent to the use of these cookies. You can change your 'Cookies Settings' at any time. For more information, please read ourCookie Policy
Cookie Settings
Accept All Cookies