> > We got an e-mail today from our CoLo (UK2.net) that our RaQ3 had been hacked. The port 15000 > would be open as a result of this hack. It further says that aprox. 20 files had been changed and > we were urgently requested to apply an .pkg to repair those files. What .pkg did they tell you to install that would unhack the system? Mike > > Since I dare to fix things before they break, I tried to figure out and find some traces of the exploit. > > I couldn't find a foreign thing in .bash_history. We don't have a '/lib/security/.config like someone > wrote. I tried: 'telnet xxx.xxx.xxx.xxx 15000' and got 'Unable to connect' which tells me that port 15000 > is not open. Furthermore, everything is running smoothly: apache, ssh, e-mail and > '/usr/sbin/ndc status' prints out version bind-8.2.3 > > Can someone please give some hints and save me from a heart attack ? > How could I detect this hack ? > > Thanx > Thomas > > -- > InternAd.de > Internet Advertising > Thomas Prosi > tp@xxxxxxxxxxx > > _______________________________________________ > cobalt-security mailing list > cobalt-security@xxxxxxxxxxxxxxx > http://list.cobalt.com/mailman/listinfo/cobalt-security
Sun Cobalt and other Linux administration by Zeffie
A Sun Cobalt and Linux Specialist Since 1999
Sun Cobalt Repairs, Development, and Maintenance.
Home of the Worlds Largest Collection of Sun Cobalt Updates!
Sun Cobalt Spam Filter, Security, Firewall, Anti Virus Products.
734-454-9117 US Toll Free 800-231-4459
Copyright 2009 by Electronic Consultants Inc.