0

I am running Apache2 webserver and someone has attempted to hack me. using this script.

How can can find if the attack worked and what its done if it has worked. I'm running Kali Linux 2.0.

Further information:

So far,

  1. I have checked my apache2 logs and have found this:
    'part of my apache2 access.log.1'

  2. I have done whois lookups and found the IP to be a french ISP and the IRC server of the bot in the script is based in china (probably due to relaxed laws).

  3. I have set my firewall to only allow in on 80 for now but am worried what is going out. (If I set my firewall to only allow out on port 80 but then I can't connect to the web for some reason.)

  4. I have checked my syslog (took hours to do)

  5. I have monitored my traffic with wireshark - which shows no connections that shouldn't be there.

  6. I have checked system monitor for a while but wouldn't know what processes shouldn't be there anyway.

  7. Apache2 service is currently 'not active' :( (I felt it best to turn apache off while I learn about this)

The whole point in my setting up the server was to learn about hosting websites and servers from Linux machines using apache2. This is exactly what I wanted in a way so I can learn from this hack/mistake. So now I'm lost and don't know what to do next.

What was cox.pl even trying to do?

How do I know if what it wanted to do worked?

jamiejackherer
  • 1
  • 2
  • 2
    Hire a security analyst to review your systems. I know this isn't what you're looking for, but your ask is not a simple task. – Colyn1337 Nov 06 '15 at 21:24
  • Kali is made to test your security, maybe you can do a more complet question ? your apache2 is on which system, what test you did, etc ...? – Froggiz Nov 06 '15 at 21:39
  • @Colyn1337 I don't have a financial income at all I'm afraid, that is out of the question completely. Froggiz apache2 is on the kali system - felt it would be secure to run apache2 on and that i could test the server for vulnerabilities, The script has been wriiten by someone in perl ( I dont really understand perl) the lnik is not there for the script check the link. – jamiejackherer Nov 06 '15 at 21:54
  • 1
    Nuke from orbit and reinstall from known good backups. – user9517 Nov 06 '15 at 22:54

0 Answers0