Compromised server, forensic suggestions requested.
I have a Ubuntu 12.04 server, installed iRedMail a month ago. Last Friday, installed OpenSSH and opened port 22 on my firewall.

Just happened to catch an established connection from a foreign address shortly after OpenSSH install. More details are logged here:

Ultimately, any suggestions for doing some forensic testing on this server to identify how this happened would be most appreciated.

Does anyone know of software than can reliably decode this?


Sign Up for Free or Log In to start participating in the conversation!