[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] hacked raq3 Info

Subject: RE: [cobalt-users] hacked raq3 Info
From: flash22@xxxxxxx
Date: Sun Feb 25 18:50:05 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Sun, 25 Feb 2001, Lennie Core wrote:

> Well they got me too !

Ouch :(
> 
> I did notice just before we pulled the plug that there was an la.pid 
> file in my root.
> the la.pid contained one line. a number 16459
> If that's a clue as to their personal identification. Perhaps some
> of the experts on this list can inform me.

Probably just the process id of some program they were running, should
have been in /var/run/ , had you done a ps on that number you might have
gotten the program's full name...

> Other than that I found a chkroot kit installed. I never did it. And I 

Or someone was making sure their kit was cleaned up enough to avoid simple
detection...

> Anyways, wiped it all out did the restore CD thing and all the 
> current updates. So far 3 days and running. 
> Disabled Telnet... Put up ssh and only open ftp on request..

Best solution, painfull education :)

gsh

Follow-Ups:
- RE: [cobalt-users] hacked raq3 Info
  - From: Brent Sims

References:
- RE: [cobalt-users] hacked raq3 Info
  - From: Lennie Core

Prev by Date: Re: [cobalt-users] CGI Script wwwcount2.5
Next by Date: [cobalt-users] what is the difference in these two softwares
Previous by thread: RE: [cobalt-users] hacked raq3 Info
Next by thread: RE: [cobalt-users] hacked raq3 Info

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index