[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] RE: hacked raq

Subject: [cobalt-users] RE: hacked raq
From: "Cindy Tyo" <cjtyo@xxxxxxxxxxxxxxxx>
Date: Wed Feb 21 18:47:08 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Randy,

My ISP just called and had me telnet in, su to root and cd to /bin and run
'lsattr login'. It showed my login file as '----i---', which means
impenetrable and a sign of having been hacked according to Cobalt (per my
ISP's Cobalt person who has been dealing with Cobalt on a hacking issue).

The word is - total backup, do a full OS restore, update your machine with
ALL the OS updates and patches on Cobalt's site and restore your files.

SUCKS!!!

If anyone has any other information or feedback, I'd appreciate it!!

Thanks,
C

-----Original Message-----
Message: 1
From: Randy Davis <randy@xxxxxxxxxxxxx>
To: "'cobalt-users@xxxxxxxxxxxxxxx'" <cobalt-users@xxxxxxxxxxxxxxx>
Subject: RE: [cobalt-users] hacked raq
Date: Wed, 21 Feb 2001 16:47:45 -0600
Reply-To: cobalt-users@xxxxxxxxxxxxxxx

Yepper.  Did try force as well.  Here is the actual error message I get
back:

# rpm -Uvh --force util-linux-2.10m-C1.i386.rpm
util-linux
can't rename /bin/login to /bin/login-RPMDELETE: Operation not permitted
unpacking of archive failed on file /bin/login: cpio: unlink failed - Bad
file descriptor

Ciao
Randy

Follow-Ups:
- RE: [cobalt-users] RE: hacked raq
  - From: John-Andrew M. Minniti

Prev by Date: Re: [cobalt-users] Hacking attempts on certain port what is this used for?
Next by Date: [cobalt-users] Urgent Problem With Raq3 and BIND
Previous by thread: [cobalt-users] FW: [cobalt-announce] <<< Software Update Notification For CacheRaQ 4, Qube 2, Qube 3, RaQ 1, RaQ 2 ,RaQ 3, RaQ 4, and RaQ XTR >>>
Next by thread: RE: [cobalt-users] RE: hacked raq

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index