[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [[cobalt-users] Server Hacked?]
- Subject: RE: [[cobalt-users] Server Hacked?]
- From: spamcatcher <spamcatcher@xxxxxxxxx>
- Date: Mon Feb 14 08:25:54 2000
FYI,
If someone somehow gained access to your system (guess/hack password),
and they add a user to the passwd file, it won't show up as a user in the
GUI. So don't rely on just the GUI to keep you informed.
>FTP traffic is logged to /var/log/xferlog. Username, IP they came from, Time
>and what they transferred.
>Seperate line and entry for EACH file.
>
>tail -10 xferlog
>
>If you see this you're in trouble <g> :
>
>Sun Feb 13 15:10:45 2000 0 dialup-209.245.234.197.Dallas1.Level3.net 0
>/etc/passwd a _ d r nobody ftp 0 *
>
>
>-----Original Message-----
>From: cobalt-users-admin@xxxxxxxxxxxxxxx
>[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Chris Adams
>Sent: Sunday, February 13, 2000 4:54 PM
>To: cobalt-users@xxxxxxxxxxxxxxx
>Subject: Re: [[cobalt-users] Server Hacked?]
>
>
>On Sun, 13 Feb 2000 23:47:23 +0100, manitu wrote:
>
>>> The 'last' command will tell you all the people that have logged
>>> in assuming that they have not hacked your log files.
>>
>>Does this only show the telnet-logins or all logins (also ftp etc.) ?
>
>All logins and some other useful information - here's the first three lines
>from our Qube2:
>
>chris ttyp3 chris-nt Sun Feb 13 14:51 still logged in
>chris ttyp3 chris-nt Sun Feb 13 14:50 - 14:50 (00:00)
>reach ftp gateway.digitari Fri Feb 11 18:11 - 18:11 (00:00)
>
>
>_______________________________________________
>cobalt-users mailing list
>cobalt-users@xxxxxxxxxxxxxxx
>http://list.cobalt.com/mailman/listinfo/cobalt-users
>
>
>_______________________________________________
>cobalt-users mailing list
>cobalt-users@xxxxxxxxxxxxxxx
>http://list.cobalt.com/mailman/listinfo/cobalt-users
>