[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] hacked raq3 Info

Subject: RE: [cobalt-users] hacked raq3 Info
From: "Lennie Core" <lcore@xxxxxxxx>
Date: Sun Feb 25 18:10:12 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Well they got me too !

I did notice just before we pulled the plug that there was an la.pid 
file in my root.

also during the restoring from individual site backups, we noticed
most of the sites ownerships were changed to numbers like 
149:site# and 239:site#..

the la.pid contained one line. a number 16459

If that's a clue as to their personal identification. Perhaps some
of the experts on this list can inform me.

Other than that I found a chkroot kit installed. I never did it. And I 
suppose perhaps Cobalt did one time during a tech support 
session.

Anyways, wiped it all out did the restore CD thing and all the 
current updates. So far 3 days and running. 

Disabled Telnet... Put up ssh and only open ftp on request..

She's locked down..

Cheers, Lennie Core

Follow-Ups:
- RE: [cobalt-users] hacked raq3 Info
  - From: flash22

References:
- Re: [cobalt-users] hacked raq
  - From: Gerald Waugh
- RE: [cobalt-users] hacked raq
  - From: John-Andrew M. Minniti

Prev by Date: Re: [cobalt-users] One User - Admin for multiple domains
Next by Date: Re: [cobalt-users] EZPublish on a RaQ3?
Previous by thread: RE: [cobalt-users] hacked raq
Next by thread: RE: [cobalt-users] hacked raq3 Info

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index