[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Recent Hacks
- Subject: Re: [cobalt-users] Recent Hacks
- From: John Shireley <jshirele@xxxxxxxxxxxxxxxxxxx>
- Date: Fri Feb 9 18:27:08 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
I've had the exact same problems on some of our boxes. Look in the /bin
directory for extra files they tuck in there, and they also replaced some.
For instance, look at /bin/ls - they replaced it on several of our
boxes. Normally its like 50kb, but on the hacked boxes its 120kb. what I
did to get telnet working was to hard-reboot the box. To get the httpd
back and running, you have to go create a directory called "httpd" where
the error says it wants it when you try to manually restart httpd. But
your box is still compromised, and you're better off getting all your
files off of it and doing a complete wipe and restore.
Regards,
- John
--------------------------------------------------------------
John Shireley, Operations Support Manager
CoreComm Web Hosting, formerly Voyager.net
Desk: 877.663.2748, ext. 105 Mobile: 317.710.7678
john.shireley @ voyager.net ICQ: 71529750
"Unbreakable toys are useful for breaking other toys."
On Thu, 8 Feb 2001, Mike Fritsch wrote:
> Does any one know what vulnerability was exploited that caused people to not
> be able to login via telnet(error: missing /bin/login) and FTP ?
>
> BIND?
> PROFTPD?
>
> Thanks
> Mike
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>