[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-developers] My RaQ's been Hacked

Subject: [cobalt-developers] My RaQ's been Hacked
From: "Edmund J. Mildenberger" <ed@xxxxxxxxxxxxxxxx>
Date: Sun Mar 25 03:24:25 2001
List-id: Discussion Forum for developers on Cobalt Networks products <cobalt-developers.list.cobalt.com>

I have a RaQ3 used only for development but connected to the Internet
via a static IP and running some legitimate Virtual sites for testing
purposes.

This morning at 10:52 UK time, my RaQ3 was hacked and EVERY file
named INDEX.HTML  was replaced with a bogus page from the
	" 1i0n Crew  and powered by H.U.C".
Many other key files were 'touched' (including passwd, shadow, etc).
I'll have to reload from recovery to guarantee a clean machine.  The
machine was essentially trashed.

My questions:
	Where  in the debris am I likely to find a clue to the IP of the purpetrator?
	What specific RaQ3 compatible software would have likely prevented
	this?

Ed

Follow-Ups:
- Re: [cobalt-developers] My RaQ's been Hacked
  - From: shimi
- Re: [cobalt-developers] My RaQ's been Hacked
  - From: Paul Gillingwater
- Re: [cobalt-developers] My RaQ's been Hacked
  - From: jale

Prev by Date: Re: [cobalt-developers] Crontab
Next by Date: Re: [cobalt-developers] My RaQ's been Hacked
Previous by thread: Re: [cobalt-developers] Crontab
Next by thread: Re: [cobalt-developers] My RaQ's been Hacked

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index