[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] RaQ3 Telnet Login Not Working

Subject: Re: [cobalt-users] RaQ3 Telnet Login Not Working
From: Wayne Sagar <wsagar@xxxxxxxx>
Date: Mon Feb 19 18:17:25 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

A
>I *think* (but am not sure) that with the hacks you can still do the GUI
>admin password trick and then get in through telnet. When you change the GUI
>admin pw it also changes root's pw; so that's an option.  I'm pretty sure I
>saw someone post that they couldn't get in through telnet after the hacks,
>but a quick change to the admin's password let them get back in and verify
>the file changes and stuff.

Numerous changes to password would still not allow me to telnet in... though the changes were obviously effective at my level. I had to change to access via FTP, email, GUI etc... I still can not FTP in.

I'm not sure how the internal DNS stuff works (or external either for that matter <blush>) on the RaQ single ip's (mine is) it does seem strange that the machine would work at all, other than the server farm's DNS pointing to the top level domain on the RaQ if indeed the machine's DNS server was down... The way I assume it works is their DNS points to my single IP address, then the machine handles the routing of the domains calls coming in sending the user to the proper virtual within the machine. Is this correct? As far as I can tell, All sites are still able to be accessed correctly, so this part of the problem seems quite strange. 

I just got off the phone with a very plesant but quite less than helpful lady at the sysadmin hq who relayed that they were having DNS problems with some of their system... but this would not explain it, as I'm able to access the top domain as well as all the other virtuals on the server... I certainly hope this does not turn into a "cluster <ahem>" as she actually needed me to S-P-E-L-L COBALT for her <sigh>

I know there are good techs up there (I'm in Portland, server is in Seattle) I may just have to go at it again till I connect with one of them that *does* know his arse from a chuckhole!

>What's weird to me is that these hackers wouldn't disable this somehow. They
>still leave web access up and running fine, which will allow you to break
>back into your own machine (so to speak).

Well Carrie, what I'm hoping against hope for is that... it is not, indeed, a hack and some sort of other glitch causing this. My symptoms are not *quite* the same as what I've been reading here this weekend... and it seems that some of the Guru's on the list are leaning towards other angles on some of the similar problems we seem to be seeing. Perhaps, if hacked, reason it's left up is in hopes that the hack is not discovered until *whatever* the hackers reasons for doing this timing is correct.. ie.. maybe this is part of something bigger and they want in, but do not want to do anything yet... perhaps part of a larger DOS attack on something else? Microsoft is right up the street from our server and I suppose this could be something to think about. In my particular case, it would be fairly easy for someone to read the logs and see that I use telnet fairly infrequently, FTP all the time and the GUI is used for most admin functions... (I know... I need to learn UNIX, get SSH a!
nd q
uite "GUIing" around <g>

Thanks for the support
Wayne Sagar
http://aafo.com

Prev by Date: RE: [cobalt-users] Cobalt to provide compensation for server hack?
Next by Date: RE: [cobalt-users] Frontpage extentions
Previous by thread: Re: [cobalt-users] lastlog on RaQ3
Next by thread: [cobalt-users] httpd.conf Alias and Firewall Configuration Tool

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index