[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [[cobalt-users] Server Hacked?]

Subject: Re: [[cobalt-users] Server Hacked?]
From: Karl-Heinz <webmaster@xxxxxxxxxxxxxxxxx>
Date: Mon Feb 14 08:49:20 2000

On Sun, 13 Feb 2000 13:28:07 -0500, you wrote:

>Thanks to all for the quick response.
>
>Now that the fox is already in the hen house - so to speak, is there 
>anything we can do to improve security (short of replacing everything 
>with a RaQ3i). Also, are there any logs that we can look at to see what 
>the cracker may have done?

if he is a good one, he replaces all the programes and files and you
will find nothing. We have had a problem with a hacker a year ago. he
even replaces the program top with a patched version, so we have no
change to see what is the real server load or which users are online.
The same was with the w command. He trys to use our server as a mp3
download server.

i become aware of his actions, because the server was very slow, but
the load was below 1.00.

the hacker also installs a linsniffer. This is a programm which writes
as example all incoming or typed passwords from ftp, mail, telnet and
so on, readable in a hidden logfile. This way, he was able to get the
passwords from all users.

He links his snifferprogrammes with programmes which run all the time
on a unix server. So his tools are running also all the time.

You never know which files are infected. The best thing to format the
drive and change in the new installation all the passwords.

Karl

References:
- Re: [[cobalt-users] Server Hacked?]
  - From: spamcatcher

Prev by Date: [cobalt-users] Qube 2 Setup with ADSL question (newbie)
Next by Date: [cobalt-users] tail command
Previous by thread: Re: [[cobalt-users] Server Hacked?]
Next by thread: RE: [[cobalt-users] Server Hacked?]

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index