[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] Server Hacked?
- Subject: RE: [cobalt-users] Server Hacked?
- From: spamcatcher <spamcatcher@xxxxxxxxx>
- Date: Wed Feb 16 13:18:06 2000
Hi Dan,
They didn't send us any logs. They pointed out to us that someone is
scanning their ports via our server. Since we don't really host other
people's sites. All telnet access is restricted to a couple of people on
our staff. Anyway, we looked thru all the logs on /var/log and can't find
anything that would tell us what actions were done. We did manage to find
the intruder in the secure log and have an idea of what (s)he
up/downloaded using the xferlog. However, we can't find a "history" of
the commands. We managed to find a "dot hidden" directory with some
portscanning software and source code. We can't find any trace of someone
uploading that to the server in the xferlog. Are we missing something? Or
is there a way of uploading something to the server that doesn't leave a
trail?
>> We just got a couple of angry emails from people claiming that one of our
>> RaQ1s tried to hack into their server (portscan). We are assuming someone
>> had found a backdoor into the one of the services.
>>
>> I thought the Cobalt servers were fairly secure from this sort of thing.
>> Anyone have any idea how to prevent this in the future and how they may
>> have accessed the server in the first place. Also, are there any logs I
>> should check to find what is going on?
>>
>What logs did they send you?
>
>--
>Dan Kriwitsky
>
>
>
>
>_______________________________________________
>cobalt-users mailing list
>cobalt-users@xxxxxxxxxxxxxxx
>http://list.cobalt.com/mailman/listinfo/cobalt-users
>