tags:

views:

54

answers:

0
Q: 

Has my linux server been attacked?

I feel as if my server (ubuntu 10.4) has been attacked. I'm a bit of a linux noob.

I run a website and a few rows of mysql data have been deleted. This has happened three times now.

  • The auth log is empty prior to 2:00pm ET today. All that shows prior to my logins were a few cronjobs running. The data disappeared between 7pm and 10pm ET.
  • I've never scheduled any cronjobs. There must be automated ones?
  • The mysql error log is wiped clean.
  • I use a password to log in- an obvious mistake I suppose.

Any recommendations? I clean user submitted data for sql injections already. MySQL is not available remotely. I suppose it's time to switch to a key for ssh access.

related questions

grep a file, but show several surrounding lines?
VMWare Server Under Linux Secondary NIC connection
Should I move from C++ to Python? ... Or another language?
Globus Toolkit virtual machine
How to avoid redefining VERSION, PACKAGE, etc.
How do I setup Public-Key Authentication?
showing a message box from a bash script in linux
Best Linux Distro for Computer Repair
Mapping my custom keys in Debian
Any IcedTea war stories?
How do you find the age of a long-running Linux process?
Personal Linux web server
Programmatically talking to a Serial Port in OS X or Linux
what's in your .bashrc ?
Linux - files and scripts that execute on boot
Text Editor For Linux (Besides Vi)?
Lightweight IDE for Linux
Shell scripting input redirection oddities
XML Editing/Viewing Software
What should a longtime Windows user know when starting to use Linux?
Gtk SSH client for Linux?
Getting root permissions on a file inside of vi?
Is it possible to drag windows between workspaces when using Compiz?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?