[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] POP3 and FTP down (Hackers?)

Subject: Re: [cobalt-users] POP3 and FTP down (Hackers?)
From: Mark Engelhardt <marke@xxxxxxxxxxxxxxxxxxxxxxxx>
Date: Sat Feb 17 17:47:03 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Gregg,

Over the past week, this list is filled with people that have been hacked...
I believe the hackers are picking machines to have based on who posts on
this list :(

The symptom of the problem is the stopped/ missing services.

The "easy" way:

Back up your data to some other machine, restore the Raq with the restore
CD... Recreate the accounts by hand and upload th
e data from the backup. this takes quite a bit of time and you need contact
the users with new passwords, etc.

The "hard" way:  

Pull binaries of the broken / infected files and replace them with known
good ones find and remove any trojan horses and any other tricks left behind
by the hackers.

this takes a linux expert and a quite a bit of time.

The hard way has the risk that you miss something the hackers left behind,
the easy way is better, but you have be sure you have a good backup. (I
would put the old hard drive in a pc running red-hat and put a new drive in
the Raq b4 you start. That way you can "go back" and try again if you missed
something.

Good Luck.

Mark

P.S. On my raq3i, we tried to do it the 'hard' way and the raq failed to
reboot, So now we must fetch it from the co-lo and do it the  'easy' way.

P.P.S. I have tar.gz file of my raq3i when it was new if you want a place to
grab files from.  It is 450mb or so.

on 2/17/01 4:43 PM, Gregory C. Kock at gregg@xxxxxxxxxxxx wrote:

> Hello,
> I just got off the phone with Cobalt Tech Support, what a waste of time!
> They told me that some hackers must have gotten into my cobalt system, and
> they are shutting down and restarting systems, or some kind of story like
> that.  I noticed this morning that my POP3 and FTP wasn't working, but my
> IMAP is still functioning.  They also said that the only thing I could do
> was to reinstall the cobalt software using the restore cd and start again,
> is this true?
> The supposedly had an update posted just last week about some BIND problem
> and that's how the hackers are able to get through, I don't know if this is
> true or not.  Can anyone help me to try to get these services back up and
> running without having to restore the Raq? By the way, I'm running on a Raq
> 3.
> If anyone has any information, please let me know.
> I noticed that over the passed couple of days, quite a bit of users on this
> board have gotten similar problems with the POP3 suddenly stop working.

References:
- [cobalt-users] POP3 and FTP down (Hackers?)
  - From: Gregory C. Kock

Prev by Date: Re: [cobalt-users] Raq4/ Upgrade packages
Next by Date: [cobalt-users] siteadmin
Previous by thread: RE: [cobalt-users] POP3 and FTP down (Hackers?)
Next by thread: [cobalt-users] RAQ3: Outgoing mail not accepted - Data format error

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index