RE: [cobalt-users] If you have been a victim

["Tony" <isplists@xxxxxxxxxxxx>]

+1) I obtained and installed the SSH server from the cobalt packages
+page here:
+http://pkg.nl.cobalt.com/
+
+There was also a client page; but I already had it on my local
+linux box and it worked just fine. If you need a windows version
+I've tested telneat:
+http://telneat.lipetsk.ru/
+
+and it seems to get the job done.
+
+Using the above I was able to log in.
+
+2) I browsed about for signs of hacker activity, checking filenames
+and dates, password files, logs, the usual suspects, with no luck.
+But inetd.conf had been emptied. I copied inetd.conf.master to
+to the inetd.conf filename, sighup'ed inetd and appear to
+have returned to normal functioning.


Hate to give you the bad news but per SEVERAL posts here within
the past week the SSH server package from pkg.nl.cobalt.com is 
OLD and EXPLOITABLE and needs to be upgraded.

Within an hour of having a Raq 3 OS restored the bastards from
Korea came calling attempting to hammer their way in through
SSH.  You need to upgrade to:

sshd version OpenSSH_2.3.0p1
Actually 2.5 was released this week but the RPMs are not available yet.
If you want to compile it from the source at www.openssh.org there seems
to be a bug that won't let it see where Cobalt put openssl. Too weary
to figure out how to patch it so I went with the 2.3 rpms.