How To Tell If Your Linux Server Has Been Compromised

644

A server being compromised or hacked for the purpose of this guide is an unauthorized person or bot logging into the server in order to use it for their own, usually negative ends.

Disclaimer: If your server has been compromised by a state organization like the NSA or a serious criminal group then you will not notice any problems and the following techniques will not register their presence.

However, the majority of compromised servers are carried out by bots i.e. automated attack programs, in-experienced attackers e.g. “script kiddies”, or dumb criminals.

These sorts of attackers will abuse the server for all it’s worth whilst they have access to it and take few precautions to hide what they are doing.

Read more at bash-prompt