[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] paranoid

Subject: [cobalt-users] paranoid
From: "Sean Chester" <seanc@xxxxxxxxxxxxxxxxxxxxxx>
Date: Fri Feb 16 04:24:44 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

im trying to recover after beeing r00ted,

so far all i have found was a rootshell on port 9705.
there was a .bash_history in my / dir, but it was all scrambled txt i
(id guess they got in, created a backdoor, and left)

ive done md5sums on files and they seem ok, i ran chkrootkit and it reported
i had an infected 'bindshell'

whats bindshell and how do i fix this?

i also have a couple of odd names in my /etc/passwd file

pop:x:17:17:APOP:/etc:
named:x:25:25:Named:/etc/named:/bin/false

do these look ok?

Follow-Ups:
- Re: [cobalt-users] paranoid
  - From: elmer
- Re: [cobalt-users] paranoid
  - From: Zeffie

References:
- [cobalt-users] Error every 5 minutes
  - From: Steve Chase

Prev by Date: Re: [cobalt-users] Mail stuck in /var/spool/mqueue
Next by Date: [cobalt-users] error adding virtual site
Previous by thread: RE: [cobalt-users] Error every 5 minutes
Next by thread: Re: [cobalt-users] paranoid

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index