Wondering if we may have been compromised or hacked? (Ubuntu)
Linode
Linode Staff
Hello support,
We are hoping you can help! We are seeing some unusual changes to our files and wondering if we may have been compromised or hacked. Can you run a scan and check server logs for anything unusual? Thanks in advance!
1 Reply
asilverman
Linode Staff
Hey there,
We are unable to scan your Linode for you. Since, we do not have access to the internal workings of your Linode. But you have a few options to help point your in the correct direction. We reccomend scanning your Linode with ClamAV and also check your log files.
First I would run a scan on your Linode using ClamAV. This will ensure that your Linode has not been compromised. To install and run the antivirus follow the following guide:
How to Scan for Vulnerabilties with ClamAV
The next step is to check your log files. This command will take you to the authorization log. This will let you know the IP addresses of who's logging in and if there have been any failed attempts:
sudo tail /var/log/auth.log
This will take you to the most current entry and you can scroll back through the system log.
This log has the most information that cannot be found in other logs. You can view this log by running the following command:
tail /var/log/syslog
You can view all the logs available to you by running the following command:
ls -la /var/log
You would just need to add the file name of this command to view the contents of the log:
tail /var/log/$file-name
I hope this helps guide you in the right direction. If you need help understanding what the log file is outputting feel free to reach out to us. Please copy and paste the section you have a question about in a Support Ticket. We will take a look and help as best we can.