New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
SSH in and type "history" and see if there are any unusual commands. If so type "tail /var/log/auth.log -n 100" to see your SSH login along with other things. But I doubt a hacker would uninstall something like php-fpm. They don't want to be noticed and that is obvious. php-fpm prob just crashed.
I don't think it crashed, since the package doesn't exist anymore.
You didn't state which distro, but either yum or apt should keep a long you can see. Perhaps it was removed during some other package operation?
Just guessing.
Nevermind, I think it just crashed. I think the processes were php-cgi and the service was php5-cgi, instead I was searching for php5-fpm...
Thanks for hints.
@PytoHost Thanks for suggesting using history, I discovered that the service was actually php5-cgi.
You do realize a hacker that managed to get root access (you're mentioning history) will, by reflex, delete all the logs that concern him, right?
Not true vld. Well, hackers, I'd agree. Script kiddies, not always.
I agree that it's not always true about script kiddies, but disagree about hackers, they would.
Oh hai!
Remember kiddies, you are not hackers until you are over 25. That is all.
You do realize that I could have just wrote this part prior to posting, but editing it seemed to be better, right?