[BlueOnyx:25380] Re: been hacked
Michael Stauber
mstauber at blueonyx.it
Thu Apr 14 00:55:13 -05 2022
Hi Tim,
> One of my machines was hacked tonight
>
> I have all the databases from a backup today at 4:30 pm cst so I think I
> am good there. They didn't get all my web files just databases
>
> They replaced my database was THEIR database with a ransomware note inside.
Outch. I'm sorry to hear that. Any idea how they got in?
> I think I can put humpty dumpty back together. Gulp
That's good.
> How do I shut down all http and http on my server till I figure out
> what happened?
On 5209R/5210R:
systemctl stop httpd
systemctl stop crond
On anything older than that:
/sbin/service httpd stop
/sbin/service crond stop
> When I do this "systemctl stop httpd.service" the web server seems comes
> back to life after a while. I want to keep it off till I am ready
Active Monitor (runs every 15 minutes) will restart any stopped or
failed services that should be running. By stopping "crond" entirely you
can prevent that from happening.
Let me know if you need any further help or assistance.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list