Search Our Database

Identify Potential Attack in Linux Server

Last updated on |
under
Networking & Security, Security, Linux
|
by

Introduction

If you feel server going slow response or suddenly a command taking a lot of resources, this can be an attack toward your server.

This guidance below will show the step for you identify if there are attacks happening in server.

 

Prerequisite

  • Root SSH access to server
  • Knowledge on Linux command line

 

  1. SSH to the server. You may refer to this link for the steps of SSH.
  2. Check the server condition.
    – Command: top (**Extra notes: This same concept can be used to check if the server load is high and what is causing the load to be high**)
    – See the suspicious command, we can see if there is something suspicious, it will appear when we run the command “top”

    For example, we can see that the command “Q47Bs0” have high CPU usage and appear at the first line when we run “top” command.
  3. Copy the PID and check.
    – Command: lsof -p <PID>
    – Example: lsof -p 30971

    We can see the suspicious domain and the specific path that is attacking.

 

Conclusion

By going through this guidance, you will be able to identify any potential attack is happening in your server.

 

For additional assistance or if you encounter any issues, please contact our support team at support@ipserverone.com.

Related Article

Related Posts