How do I know if i’m being hacked?
This topic is massive and the truth is that in some circumstances you may never know.
In respect to linux you can use netstat to scan for open ports, but even better you can use ‘fuser -v .’ to find open ports along with an associated pid running on that port. You can also use fuser -k ‘port number here’ to kill any open port immediately in the case that you find one that is suspicious or unauthorised.
More than likely though, unless being hacked by a green hat n00b, you’re up against FUD’s with anti forensics including obfuscation and encrypted tunnelling on common ports.
VPS Transfer – unencrypted
tar cf – . | nc iphere 7000
netcat -l -p 7000 | tar x