On 7/6/25 19:47, Rick Macdonald wrote:
After running Debian for nearly 30 years (and other distros prior to
that), my Linux server has been hit by a ransomware attack about 11
days ago.
On 7/7/25 17:18, David Christensen wrote:
Please boot live media in the server, open a root terminal, mount
On 07.07.2025 07:47, Rick Macdonald wrote:
I apologize for the length of this question.
...
Some thoughts:
I read that files created by NFS or smb can be owned by
nobody/nogroup. The 2 running process owned by nobody are
/usr/bin/memcached and /usr/sbin/smbd. The remote kodi boxes access
the
On Mon, Jul 07, 2025 at 09:44:11PM +0200, Detlef Vollmann wrote:
[...]
> The main point is to find out which system was hit.
> According to the description it looks like the Linux server itself
> wasn't hit, but a different system that can access files on the server
> via network...
Yes. The gue
On 7/6/25 19:47, Rick Macdonald wrote:
I apologize for the length of this question.
After running Debian for nearly 30 years (and other distros prior to
that), my Linux server has been hit by a ransomware attack about 11 days
ago.
I would power off all computers on your network. Only boot
On 7/7/25 05:28, Karl Vogel wrote:
On Sun 06 Jul 2025 at 22:55:22 (-0400), Rick Macdonald wrote:
After running Debian for nearly 30 years (and other distros prior to that),
my Linux server has been hit by a ransomware attack about 11 days ago.
I have backups, so nothing important has been lost
On Mon, 2025-07-07 at 00:24 -0400, Felix Miata wrote:
> I stopped running samba a year or more ago. If I have something to
> get onto
> Windows, or something to get off of it, I boot Linux. That need is
> rare. It was
> probably last year when I last had any reason to boot Windows. When I
> do, I
>
> I think ~/.local/share/Trash/info/ contains a .trashinfo file for each
> trashed file (path and deletion Date).
Yes, it does. But it shows only original path and deletion date/time. However,
this might help, though.
Hans
On 2025-07-07, Karl Vogel wrote:
>>> On Sun 06 Jul 2025 at 22:55:22 (-0400), Rick Macdonald wrote:
>
>> After running Debian for nearly 30 years (and other distros prior to that),
>> my Linux server has been hit by a ransomware attack about 11 days ago.
>> I have backups, so nothing important has
On 2025-07-07, David Wright wrote:
> On Sun 06 Jul 2025 at 19:51:01 (+0200), Hans wrote:
>> > But the regular trash folder? My first guess is "the user did
>> > that" (of course without noticing: "modern DEs" are complex enough
>> > to make such a scenario plausible). My second guess would be some
On 2025-07-06, wrote:
>
> --jCWyQKq2ywsjtc7b
> Content-Type: text/plain; charset=utf-8
> Content-Disposition: inline
> Content-Transfer-Encoding: quoted-printable
>
> On Sun, Jul 06, 2025 at 11:06:42AM -0600, Charles Curley wrote:
>> On Sun, 06 Jul 2025 16:41:47 +0200
>> Hans wrote:
>>=20
>> > A
Rick Macdonald writes:
> I apologize for the length of this question.
>
> After running Debian for nearly 30 years (and other distros prior to
> that), my Linux server has been hit by a ransomware attack about 11
> days ago. I have backups, so nothing important has been lost at this
> point. Howe
11 matches
Mail list logo
