Hi there ! We got an e-mail today from our CoLo (UK2.net) that our RaQ3 had been hacked. The port 15000 would be open as a result of this hack. It further says that aprox. 20 files had been changed and we were urgently requested to apply an .pkg to repair those files. Since I dare to fix things before they break, I tried to figure out and find some traces of the exploit. I couldn't find a foreign thing in .bash_history. We don't have a '/lib/security/.config like someone wrote. I tried: 'telnet xxx.xxx.xxx.xxx 15000' and got 'Unable to connect' which tells me that port 15000 is not open. Furthermore, everything is running smoothly: apache, ssh, e-mail and '/usr/sbin/ndc status' prints out version bind-8.2.3 Can someone please give some hints and save me from a heart attack ? How could I detect this hack ? Thanx Thomas -- InternAd.de Internet Advertising Thomas Prosi tp@xxxxxxxxxxx
Sun Cobalt and Linux Support by Zeffie.com
Zeffie's Sun Cobalt User Forums
A Sun Cobalt and Linux Support Specialist Since 1999
Sun Cobalt Support, Repairs, Development, and Maintenance.
Home of the Worlds Largest Collection of Sun Cobalt Updates!
Sun Cobalt Spam Filter, Security, Firewall, Anti Virus Products.
734-454-9117 US Toll Free 800-231-4459 UK 0208-150-6860
Zeffie's Sun Cobalt Restore CD's
Zeffie's Sun Cobalt Updates
Sun Cobalt Users List
Sun Cobalt Security List
Sun Cobalt Developers List
Copyright 2009 by Electronic Consultants Inc.