How Would You Know If Your Server Was Comprimised
Today I have noted slightly slower responses in finding and loading my main 2 sites.
How can I find out if anything has gone wrong with the server ? Or indeed if Ive been compromised.
use the last command to view if other ips logged in via SSH
check ps -aef for unknown processes
Look at website logfiles
Check with a tool like top/htop for processes that use a lot of memory/CPU
I don't even know if my server is clean. I assume it is until I see/hear otherwise.