Re: [cobalt-developers] My RaQ's been Hacked

[shimi <shimi@xxxxxxxxxxxxxxxx>]

go into root (login as admin, type "su", <enter> and type your root pass)
- then, type:

cat /var/log/secure | more

that will show all logins (telnet, ftp etc)
also try cat /var/log/lastlog | more

regarding securing...
next time install all packages at
http://www.cobalt.com/support/download/raq3.eng.html (hopefully i remember
the url correctly by heart) ;P
if not - go to www.cobalt.com, click on support then on download and then
choose raq3-english from the menu :)

  Best regards,
     shimi [mailto:shimi@xxxxxxxxxxxxxxxx]


----

Some quotes:

   "Outlook is a massive flaming horrid blatant security violation, that
    also happens to be a mail reader."                                   

   "There are two major products that come out of Berkeley: LSD and BSD.     
    We don't believe this to be a coincidence."
          -- Jeremy S. Anderson

 Windows: "Where do you want to go today?"
   Linux: "Where do you want to go tomorrow?"
     BSD: "Are you guys coming or what?"

On Sun, 25 Mar 2001, Edmund J. Mildenberger wrote:

> I have a RaQ3 used only for development but connected to the Internet
> via a static IP and running some legitimate Virtual sites for testing
> purposes.
> 
> This morning at 10:52 UK time, my RaQ3 was hacked and EVERY file
> named INDEX.HTML  was replaced with a bogus page from the
> 	" 1i0n Crew  and powered by H.U.C".
> Many other key files were 'touched' (including passwd, shadow, etc).
> I'll have to reload from recovery to guarantee a clean machine.  The
> machine was essentially trashed.
> 
> My questions:
> 	Where  in the debris am I likely to find a clue to the IP of the purpetrator?
> 	What specific RaQ3 compatible software would have likely prevented
> 	this?
> 
> Ed
> 
> 
> _______________________________________________
> cobalt-developers mailing list
> cobalt-developers@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-developers
>