[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Howto trace hack (was: Raq550: SMTP shutting down)

Subject: RE: [cobalt-users] Howto trace hack (was: Raq550: SMTP shutting down)
From: "Crocket" <crocket@xxxxxxxxxxx>
Date: Sat Mar 20 12:10:01 2004
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

> While I still don't believe in leaving a compromised machine online, and
> I heartily recommend a complete rebuild, whether or not you do said
> rebuild, yes it could happen again.

I know ... but they never had shell access and according to the logs they
used the /tmp/ the first time and /var/spool/samba the second time.
The gallery module they used has been removed from the 2 sites.
I also keep monitoring the processes and nothing unusual is popping up ...

> I'd recommend setting permissions on gcc so it will only work for root.
I already did that once I knew what they had done ;-)

References:
- Re: [cobalt-users] Howto trace hack (was: Raq550: SMTP shutting down)
  - From: Jeff Lasman

Prev by Date: Re: [cobalt-users] (RAQ4) couldn't create a mailing list
Next by Date: [cobalt-users] Sendmail Authentification Warning
Previous by thread: Re: [cobalt-users] Howto trace hack (was: Raq550: SMTP shutting down)
Next by thread: RE: [cobalt-users] Raq550: SMTP shutting down

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index