[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] "Sort of" hacked?? Raq3 with some problems...

Subject: Re: [cobalt-users] "Sort of" hacked?? Raq3 with some problems...
From: "Zahid N. Sindhu" <zahid@xxxxxxxxxxxx>
Date: Tue Feb 27 04:33:03 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> I also don't seem to have all the xlogin, ld.so.hash, crth.o, etc files,
> BUT I have come across the directory (empty):
>
> usr/src/.puta
>

MOST DEFENITELY compromised and the tool used was "t0rn kit".
I would sugest you look at your /etc/inetd.conf and /etc/rc.local files
carefully.

Something else that would help would be, if you had a copy of t0rn kit to
check which files it replaces etc. (It is publically available). However, if
the t0rn kit used on your server was changed by the cracker, you would have
trouble finding which files they replaced etc.

Best option:    back-up user data and do a re-install from the CD.

- Zahid

References:
- [cobalt-users] "Sort of" hacked?? Raq3 with some problems...
  - From: Cobalt Newbie

Prev by Date: RE: [cobalt-users] Site Admin Interface
Next by Date: Re: [cobalt-users] Raq3 Logcheck question & other hack questions
Previous by thread: RE: [cobalt-users] "Sort of" hacked?? Raq3 with some problems...
Next by thread: [cobalt-users] Possible LKM Trojan installed

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index