{"id":2420,"date":"2011-09-21T04:59:02","date_gmt":"2011-09-21T08:59:02","guid":{"rendered":"https:\/\/webhostinggeeks.com\/blog\/?p=2420"},"modified":"2011-09-21T02:05:00","modified_gmt":"2011-09-21T06:05:00","slug":"deal-with-possible-intruder-on-your-server","status":"publish","type":"post","link":"https:\/\/webhostinggeeks.com\/blog\/deal-with-possible-intruder-on-your-server\/","title":{"rendered":"How To Deal With A Possible Intruder On Your Server"},"content":{"rendered":"<p>You\u2019re cruising through your server\u2019s inner network one fine day, when all of a sudden you notice an unfamiliar name accessing your files. This user may have come through SSH, or any other access method, but no matter the entry port, you certainly don\u2019t want them accessing your files. Before panic sets in and you find yourself pulling the plug on your hard-earned hardware, use the following steps to first ensure that you do have a hacker onboard. Only when you\u2019ve made certain should you blow the whistle\u2014remember that neither customers nor colleagues appreciate a Boy Who Cries Wolf.<\/p>\n<p><strong>Did You Forget A User?<\/strong><\/p>\n<p>Think about it: Did you create a user with this designation, and then forget about it as the seasons rolled by? Perhaps you left a user behind a long time ago with a weak password, or just haven\u2019t seen this user log-in for a while, and are now experiencing an uncomfortable case of deja vu.<\/p>\n<p><strong>Is This An Authorized Robot?<\/strong><\/p>\n<p>Remember that many of your other servers, such as your database server or your web server, operate within the system as \u201cfalse\u201d human users. There are also several different services running under the hood that do their jobs in this manner. Before freaking out about a human intruder, check the designation of the \u201chacker.\u201d If it\u2019s something similar to nobody, noname, sys, or apache, then you\u2019ve not got a problem, just a working robot. If you\u2019re unsure, but think the user might still be a script, do a quick Google search for the user\u2019s name.<\/p>\n<p><strong>\u00a0What Are They Doing In There?<\/strong><\/p>\n<p>The next step is to check what the user is actually doing: Are they running a script or program you\u2019re familiar with? This is where things start to heat up, in a software sense: If the user is running a standard application like Apache, then don\u2019t worry your pretty little head. However, if they\u2019re operating a script you\u2019ve never seen, it\u2019s time to do a bit more digging\u2014you may actually have a real intruder on your hands.<\/p>\n<p><strong>\u00a0What To Do If Nothing Else Has Worked<\/strong><\/p>\n<p>If you\u2019ve come this far, then you might genuinely have an intruder on your server. If so, the root user is the only one with the ability to create new accounts. With that in mind, check your root password and account for changes: Plug-ins and extras you have installed may also grant accidental access to the superuser. You may need to hire a security expert to check out your system, if there\u2019s no obvious infiltration.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>You\u2019re cruising through your server\u2019s inner network one fine day, when all of a sudden you notice an unfamiliar name accessing your files. This user may have come through SSH,&#8230;<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"wds_primary_category":0,"footnotes":""},"categories":[9],"tags":[321,1577,102,648,210],"class_list":["post-2420","post","type-post","status-publish","format-standard","hentry","category-security-issues","tag-hackers","tag-intruder","tag-security","tag-ssh","tag-web-server"],"views":152,"_links":{"self":[{"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/posts\/2420","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/comments?post=2420"}],"version-history":[{"count":0,"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/posts\/2420\/revisions"}],"wp:attachment":[{"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/media?parent=2420"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/categories?post=2420"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/tags?post=2420"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}