Last night some one exploit some vulnerability in my site and then upload php script in my images folder.
I have the Amazon EC2 server with centos.
Now the Hacker downloaded 600GB and increased my bill.
Can this be DOS attack. How can I check it.
When hacker was downloading then I see
- CPU usage being 100%
- I saw many apache kworker process running
- I stopped the apache service but data was still being transmitted
I then stopped my instance
How can I see what happened