[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Server Hacked?

Subject: RE: [cobalt-users] Server Hacked?
From: "Dan" <dan@xxxxxxxxxxxxx>
Date: Wed Feb 16 14:46:30 2000

>
> They didn't send us any logs. They pointed out to us that someone is
> scanning their ports via our server. Since we don't really host other
> people's sites. All telnet access is restricted to a couple of people on
> our staff. Anyway, we looked thru all the logs on /var/log and can't find
> anything that would tell us what actions were done. We did manage to find
> the intruder in the secure log and have an idea of what (s)he
> up/downloaded using the xferlog. However, we can't find a "history" of
> the commands. We managed to find a "dot hidden" directory with some
> portscanning software and source code. We can't find any trace of someone
> uploading that to the server in the xferlog. Are we missing something? Or
> is there a way of uploading something to the server that doesn't leave a
> trail?
>
>
>
I would guess that whatever access they got, gave them access to your logs.
If they used WGET via Telnet, I'm not sure how that would be logged.
--
Dan Kriwitsky

References:
- RE: [cobalt-users] Server Hacked?
  - From: spamcatcher

Prev by Date: RE: [cobalt-users] Help
Next by Date: RE: [cobalt-users] Perl ERROR: 13 Permission denied
Previous by thread: RE: [cobalt-users] Server Hacked?
Next by thread: Re: [cobalt-users] Server Hacked?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index