[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Re: HACKED! Unable To TELNET in to RAQ3 asadmin or any other user!!!

Subject: Re: [cobalt-users] Re: HACKED! Unable To TELNET in to RAQ3 asadmin or any other user!!!
From: Jan Tietze <jptietze@xxxxxxxxxxx>
Date: Sat Feb 10 04:35:34 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Please try your admin password with the case reversed, then all uppercase, then all lowercase. I have seen a PAM filter module being involved in hacks lately that will change the stored password's case transparently when you update a password.

If you can login, please check whether you can cd to /usr/src/.puta. If so, the t0rnkit has been used, as with many RaQ hacks lately.

Jan

David Conorozzo wrote:

> As you may have noticed, the same thing happened to me.  Are they doing anything for you?  Why would they want your admin password if you can't get in through telnet?  They didn't offer to do anything for me except to send me a restore CD.
>
> David Conorozzo
> PC Assistance, Inc.
>
> >>> "Eddie Jones" <ejones@xxxxxxxxxxx> 02/08/01 05:46AM >>>
> This is the response I got from Support.
>
> Eddie-
>         Sorry to take so long to get to you... you are not alone... this was
> caused by a hacker who has done the exact same thing to other cobalt's like
> yours. I am attempting to get them all fixed, but I will need your IP and
> admin password in order to help.
> Regards,
>
> Dedicated Hosting
> Support Technician
>
> My services are not back yet
>
> I wonder what security fix opened this door? Or will close it?
>
> > From: "Eddie Jones" <ejones@xxxxxxxxxxx>
> > To: <cobalt-users@xxxxxxxxxxxxxxx>
> > Date: Wed, 7 Feb 2001 21:08:28 -0600
> > Subject: [cobalt-users] Re: Unable To TELNET in to RAQ3 as admin or any
> other user!!!
> > Reply-To: cobalt-users@xxxxxxxxxxxxxxx
> >
> > FYI
> > I too, have the same problem.
> >
> > At 6:20 PM I started getting this message every 5 minutes "error: fatal:
> > Could not load host key: /etc/ssh_host_key.  Check path and permissions."
> >
> > I can not access telnet - this is the message:
> > "Cobalt Linux release 5.0 (Pacifica)
> > Kernel 2.2.14C10 on an i586
> > telnetd: /bin/login: No such file or directory
> > ."
> >
> > I can still create sites with the GUI and I can publish a site with
> > FrontPage.
> >
> > The server is co-located and call to support got me a confirmation that
> GUI
> > work and they would get the telnet back tonight.
> >
> > I am still getting that email every 5 minutes.

References:
- [cobalt-users] Re: HACKED! Unable To TELNET in to RAQ3 as admin or any other user!!!
  - From: David Conorozzo

Prev by Date: Re: [cobalt-users] Unable To TELNET in to RAQ3 as admin or any other user!!!
Next by Date: Re: [cobalt-users] Cron jobs
Previous by thread: [cobalt-users] Re: HACKED! Unable To TELNET in to RAQ3 as admin or any other user!!!
Next by thread: [cobalt-users] Email server and sendmail

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index