[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Unhack Script..?
- Subject: Re: [cobalt-users] Unhack Script..?
- From: elmer@xxxxxxxxxxxxxx
- Date: Fri Feb 16 07:44:17 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
On Fri, 16 Feb 2001, Craig Napier wrote:
} Were did you get that "unhack.pl" script you're talking about.. :-)
I did not keep a list and for that I apologize. However, I worked a
hacked server yesterday the hard way - manually comparing file to
file, directory to directory against an unhacked box. The hacked
server had not been online that long, fact is as I recall it was
just restored from CD a few weeks earlier. Anyway, to make a long
story short, unhack.pl doesn't catch everything. It does indeed
catch most of it but not all of.
For example, the server I worked has a trojened SSHD
installed which was not included in the unhack.pl script I looked
over after the clean up. Additionally it doesn't remove one of the
hidden directories I found in which cracker stuff was being stored
and there was some other stuff, including a running daemon that I'm
still trying to figure out what it's for - unfortunately I didn't
keep notes. I was just helping out a friend.
Unless you are capable of doing a complete and detailed
audit of the box, imo, unhack.pl doesn't clean the box up well
enough to forget about and I'd highly recomend a restore from CD or
setting an expert loose on the box (no, don't call me - I'm not
hustling business, nor do I have time to work on your server. I'm
just reporting what I found).
Hey, it's a great script. It will get you back into the box
and give you some breathing room, but it doesn't unhack the box.
Peace be with you,
Brent
Brent Sims
WebOkay Internet Services
http://www.WebOkay.net
Brent@xxxxxxxxxxx
(719) 595-1427 (Voice/Fax)