[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Emergency problem !!

Subject: Re: [cobalt-users] Emergency problem !!
From: "Graeme Fowler" <graeme.f@xxxxxxxxxxxxxxx>
Date: Thu Oct 5 05:22:01 2000
Organization: WebFusion Internet Solutions
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Martin Smit wrote:
> My provider sent me the following email:
<snip>
> This was in regard to your ticket:
> Unauthorized use of IP address.  No idea what ipadress he means but
anyway
> when I checked what happened I found out that apache is not running
anymore.

Sounds to me like your machine has been cracked and the provider has
noticed it before you did :(

Single-user mode is a method of booting the machine so a sysadmin can
have a good poke around to see what damage has been done. I have to do
this far too regularly with both RaQs and Linux boxes.

I'll wager that your RaQ has been compromised via (a) the Wu/Pro-ftpd
overflow hole, or (b) an RPC exploit, but let's wait and see what your
provider says first.

Graeme

Follow-Ups:
- [cobalt-users] RaQ3 exploits - RPC, Wu/Pro ftpd overflow
  - From: James Riordon

References:
- RE: [cobalt-users] web-based email, option 2
  - From: Paul McGovern
- [cobalt-users] Emergency problem !!
  - From: Martin de Smit

Prev by Date: [cobalt-users] Emergency problem !!
Next by Date: [cobalt-users] RaQ3 exploits - RPC, Wu/Pro ftpd overflow
Previous by thread: [cobalt-users] Emergency problem !!
Next by thread: [cobalt-users] RaQ3 exploits - RPC, Wu/Pro ftpd overflow

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index