Server stopped working all of the sudden, possible attack?
Posted on 2004-08-18
We have a server running with RHE 3, Apache, Php, Mysql and Bind. It's our main production server.
Now the problem we faced day before was something very weird. All of the sudden all the services on the server stopped responding, we couldn't ssh into the server, we couldn't see the sites, couldn't fetch mails and so on.
We could ping the server though, ping was going fine, but we just couldn't access the server in any way.
Now the question I would like to ask you guys is, if such problem occurs again, how to trace it. I tried to check /var/log/messages but all I found were portsentry's messages.
If we were under attack, or if the server was hacked, how do we trace it? Are there any guidelines or links through which we can possibly know what cause our server to respond all of the sudden?
Thanks in Advance.