[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re:[2] [cobalt-users] Bind Hack
- Subject: Re:[2] [cobalt-users] Bind Hack
- From: RaQ3 <cobalt@xxxxxxxxxxx>
- Date: Fri Feb 9 15:21:13 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
"Carrie Bartkowiak" <ravencarrie@xxxxxxxx> wrote on 09.02.01 21:58:59:
>
>> We got an e-mail today from our CoLo (UK2.net) that our RaQ3 had been
>hacked. The port 15000
>> would be open as a result of this hack. It further says that aprox. 20
>files had been changed and
>> we were urgently requested to apply an .pkg to repair those files.
>
>> I couldn't find a foreign thing...
>
>Thomas,
>Keep in mind that lots of servers on UK2.net were compromised - probably
>including UK2.net's servers themselves. If you haven't found anything
>suspicious on your machine, tread carefully.
>This could be a hacked email urging you to take action on your machine that
>would allow someone monitoring it to hop in and take over.
>
>Leave no room for doubt. CALL UK2.net and make sure *they* sent you that
>email, and then discuss what you've found (nothing) and how you should
>proceed regarding updates, if at all.
>It could be that you're safe somehow, but if you apply the packages that the
>email recommends, you could be opening yourself up to a hole someone has
>found in those packages.
>
>See what I'm saying?
>
>Carrie - whom you guys have made incredibly paranoid over the last two days!
>(I'm wanting to shut down everything but port 80! *L*)
Hi Carrie !
Your mail gave me a real warm feeling !!! Since that was exactely what I thougt.
No - you are not the only paranoid person out there ;-)
What I did was sending them an e-mail and starting a discussion with one of their
technicians. And from the answers I could feel that they are pretty pissed by that
thing. So I assumed that it is a real thing ... and I installed the patch.
The package they delivered came from their server and it would be a real big
hack, if that was compromised too.
I checked everything now, changed passwords - we'll see.
What I really want to know is, in which way the system was compromised. They
sure took the passwords, but what else. What should I do now ? Doing as if
nothing happened ? How would I know if a little trojan is now sitting somewhere ?
Hrgrrrrrrr ! As if I was sitting around only fumbeling my balls ...
It's after midnight now - time for a little break.
Happy Weekend ;-)
Thomas
P.S.: Thanx to everybody else who helped with an answer. I really appreciated it !!!
--
InternAd.de
Internet Advertising
Thomas Prosi
tp@xxxxxxxxxxx