0

Hi thanks for passing over this topic. Over the week one server got unresponsive. After a lot of reading logs i got that someone got in to the server at the exact time it started getting unresponsive. The server hangs after one exact hour. It seems like the network interface get stucks as i loose control over HTTP servers. SSH connection. What would be the correct way to troubleshoot what that user did. Checked CRON jobs but there is nothing there. How can i see what the server is doing at the exact hour of uptime that is getting it out of service. Thanks a lot! Server os CentOS 7.8 running CWP panel.

On logs i can see a los of NFS shares complaining it cant connect. It seems something is bloking my network interface or something related to network.

EDIT: server is Amazon EC2 Instance, no console acccess.

Tomas Bond
  • 1
  • 1
  • not exactly, i know how they accessed, (they had admin login). i have already locked down the server and i have already re installed everything on a new instance fully controlled by me. now im dealing with the old server wanting to know why is it hangin exact at one hour. i would like to know what was modified. i would say a script but checked for cron and nothing there – Tomas Bond Oct 31 '20 at 13:38
  • yes im on that way. got a reinstalled server and the compromised one. im comparing configs but will take me a lot of time. – Tomas Bond Oct 31 '20 at 13:53

0 Answers0