[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Server Hacked?

Subject: Re: [cobalt-users] Server Hacked?
From: "Richard E. Perlotto II" <richard@xxxxxxxxxxxx>
Date: Fri Feb 18 20:35:58 2000

There are several tool kits that allow the 'hacker' to subvert the 
normal tools you would use to see if they are on the machine.  These
tools replace many of the common tools such as 'ls', 'ps', 'ifconfig',
and many others.

In general if you think your machine has been compromised, the best
SOP is to reload from CD and load the last good backup that you
think you have.


Richard

spamcatcher wrote:
> 
> Hi Dan,
> 
> They didn't send us any logs. They pointed out to us that someone is
> scanning their ports via our server. Since we don't really host other
> people's sites. All telnet access is restricted to a couple of people on
> our staff. Anyway, we looked thru all the logs on /var/log and can't find
> anything that would tell us what actions were done. We did manage to find
> the intruder in the secure log and have an idea of what (s)he
> up/downloaded using the xferlog. However, we can't find a "history" of
> the commands. We managed to find a "dot hidden" directory with some
> portscanning software and source code. We can't find any trace of someone
> uploading that to the server in the xferlog. Are we missing something? Or
> is there a way of uploading something to the server that doesn't leave a
> trail?
> 
> >> We just got a couple of angry emails from people claiming that one of our
> >> RaQ1s tried to hack into their server (portscan). We are assuming someone
> >> had found a backdoor into the one of the services.
> >>
> >> I thought the Cobalt servers were fairly secure from this sort of thing.
> >> Anyone have any idea how to prevent this in the future and how they may
> >> have accessed the server in the first place. Also, are there any logs I
> >> should check to find what is going on?
> >>
> >What logs did they send you?
> >
> >--
> >Dan Kriwitsky
> >
> >
> >
> >
> >_______________________________________________
> >cobalt-users mailing list
> >cobalt-users@xxxxxxxxxxxxxxx
> >http://list.cobalt.com/mailman/listinfo/cobalt-users
> >
> 
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-users

References:
- RE: [cobalt-users] Server Hacked?
  - From: spamcatcher

Prev by Date: Re: [[cobalt-users] Server Hacked?]
Next by Date: Re: [cobalt-users] Forwarding to external recipient
Previous by thread: RE: [cobalt-users] Server Hacked?
Next by thread: [cobalt-users] Client nets without the ~ (Tilde) ??

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index