Hello,
Yesterday morning, my server was hacked by the well known turkish hacker. As far as I can see using google, he only defaces websites by replacing the index with a page with turkish flag and a picture of Ataturk. This is what he has done to me anyway. Several websites have this page and he also replaced the DA interface after you log in.
The problem is, I can't restart any of the services now, most exit with vague errors. But, probably this is due to the fact that the complete /var/log directory is deleted. I haven't got a backup of these files and/or directory structure.
I have 2 questions.
1) Can anyone help me with the complete directory structure of the /var/log directory along with all permissions as they are default for a DA machine.
2) Where are the DA interface pages located ?
The most important question is off course, how did he get in .. nobody knows this according to google.
Yesterday morning, my server was hacked by the well known turkish hacker. As far as I can see using google, he only defaces websites by replacing the index with a page with turkish flag and a picture of Ataturk. This is what he has done to me anyway. Several websites have this page and he also replaced the DA interface after you log in.
The problem is, I can't restart any of the services now, most exit with vague errors. But, probably this is due to the fact that the complete /var/log directory is deleted. I haven't got a backup of these files and/or directory structure.
I have 2 questions.
1) Can anyone help me with the complete directory structure of the /var/log directory along with all permissions as they are default for a DA machine.
2) Where are the DA interface pages located ?
The most important question is off course, how did he get in .. nobody knows this according to google.