[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re:[cobalt-users] RaQ3 Telnet Login Not Working

Subject: Re:[cobalt-users] RaQ3 Telnet Login Not Working
From: Wayne Sagar <wsagar@xxxxxxxx>
Date: Sun Feb 18 19:50:43 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Hi Thomas,

>That doesn't sound very good. Probably a hack through bind or FTP.
>The fact that your sites are still working is most probably a result of
>the second DNS which is on another machine.

That's what my collocate guys said.. (unfortunately too short staffed this weekend to do anything about it till tomorrow, if I can't solve it.)

>First I would get a ssh client from www.openssh.com <snip> If you get a connection but the >password is not excepted then go 
>into the GUI, change the password and ssh in.

When I attempt a log in via Telnet, I can get to the log in, no accept password stage... I can also go to the GUI and change the password (believe me it's a lot more "cryptic" than it was memorable before!) The password change takes, I have to change it in my FTP to access via that means and also in my email.. So I do seem to have control of, at least one level of the machine.. 

I've got my fingers crossed that it is some sort of glitch and not an actual hack.. if so... Likely it would be cheaper to just abandon the machine (rented) and get another.. I've got all my virtuals mirrored on my HD so it would just take about two hours for the sysadmin's to get it set up... and probably another hour or so for me to sort it all out on the upload.. but probably considerably less time than trying to find every changed file, if there are changed files...

Don't know if this is a symptom.. but a lot of files are showing a very strange, all number date/time stamp in FTP... not rational at all... I *did* do a restore from a 10 day old backup  at the first sign of getting over my head but it did nothing to solve the problem.. Wondering if this might be the source of the strange date format?

>Then have a look around. One sure sign you'd been hacked is a 
>directory: /lib/security/.config

Been looking around, where I can at admin ownership level, with FTP and have not seen any file specifically by that name/folder... but have found quite a few  files within /lib/security but none directly named as such.. 

What is there seems harmless enough, files like pam_deny.so and one that sort of sounds scary pam_cracklib.~  

I have not seen anything really too strange yet, other than the odd dates.. hopefully this has nothing to do with being hacked and everything to do with something giving up the ghost on the machine.. I could be worse off.. Everyone's sites are still running and email is working... 

I've temporarily turned off both FTP and TELNET... if the GUI goes south... Suppose I'm pretty hosed...

>Good luck !
>Thomas

And thank you sir for the response, even it ya did scare the bejeezus out of me <grin>

Wayne Sagar
http://aafo.com

Prev by Date: RE: [cobalt-users] SFTP
Next by Date: Re: [cobalt-users] mail-server, telnet severe problems
Previous by thread: Re:[cobalt-users] RaQ3 Telnet Login Not Working
Next by thread: Re: [cobalt-users] RaQ3 Telnet Login Not Working

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index