[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] "Sort of" hacked?? Raq3 with some problems...

Subject: Re: [cobalt-users] "Sort of" hacked?? Raq3 with some problems...
From: "Roger Dunk" <roger@xxxxxxxxx>
Date: Tue Feb 27 15:02:02 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

True. Someone with very little *nix experience isn't likely to be sucessful
in manually restoring a box. But, how can you automatically assume that
everyone who gets hacked and asks for help is totally clueless in this
regard. You may as well give people both options, and then let them decide
what they want to do, rather than stating that the *only* way is to use the
restore cd. IMO, most people that bother to join this list either do have a
reasonable amount of *nix experience, or are willing to learn. Otherwise
they probably would've just gone crying to Cobalt and asked for help there.

Just my 2 cents.

Cheers...
Roger

----- Original Message -----
From: <elmer@xxxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Tuesday, February 27, 2001 12:20 PM
Subject: Re: [cobalt-users] "Sort of" hacked?? Raq3 with some problems...


> On Tue, 27 Feb 2001, Roger Dunk wrote:
>
> } to use the restore CD. Furthermore, when you know what rootkit has been
used
> } on your machine, you can usually find out exactly what has been affected
and
> } replace the necessary files. I have cleaned several machines of the t0rn
> } rootkit, and haven't had any problems since, so I think it's definately
> } worth a try.
>
> This may be true for someone that knows what they are doing, but
> I've also noticed a few postings from people who claim to have been
> hacked again shortly after cleaning their server. They could has
> just as easily missed a backdoor. In situations such as this where
> the level of technical expertise is low suggesting anything other
> than the best way can and just might cause more problems than the
> right way of fixing it would have.
>
> The reality of the situation is this: unless a full and
> complete audit of the box is done by someone that really knows what
> they are doing there is no way way to be sure that all the backdoors
> have been found.
>
> I've only cleaned two boxes so the stats cannot be taken to
> the bank, but the results are clear. One box was easy to clean
> although the unhack.pl script would have missed the additional
> modified SSHD and the other box had so many tricks installed
> that re-installing from a CD was the only viable option even though
> recomending that they do so cost me a rather nice fee.
>
> I'm certainly not looking for an argument but I simply don't
> think that suggesting that someone who isn't comfortable and quite
> handy at the shell prompt can successfully unhack their server is
> something we ought to be doing.
>
>
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users

Follow-Ups:
- Re: [cobalt-users] "Sort of" hacked?? Raq3 with some problems...
  - From: elmer
- RE: [cobalt-users] "Sort of" hacked?? Raq3 with some problems...
  - From: Rodolfo Paiz

References:
- Re: [cobalt-users] "Sort of" hacked?? Raq3 with some problems...
  - From: elmer

Prev by Date: Re: [cobalt-users] Free Shopping Cart with Processing back end.
Next by Date: [cobalt-users] ProFTPd exploits
Previous by thread: Re: [cobalt-users] ProFTPd exploits
Next by thread: Re: [cobalt-users] "Sort of" hacked?? Raq3 with some problems...

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index