[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Re: Hacked RAQ

Subject: [cobalt-users] Re: Hacked RAQ
From: hardill <hardill@xxxxxxxxxxx>
Date: Thu Mar 8 18:55:05 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> From: flash22@xxxxxxx
> Date: Tue, 27 Feb 2001 17:53:01 -0500 (EST)
> Reply-To: flash22@xxxxxxx
> To: cobalt-users@xxxxxxxxxxxxxxx
> Subject: Re: [cobalt-users] hacked RAQ
>
> On Tue, 27 Feb 2001, Jim Hagani wrote:
>
> > There is one directory that gives root "permission denied".
> > Any ideas what command to use to give root the ownership of this
directory.
> > I just want to see what they have left behind.
>
> Remember, even root needs execute permission to read a directory...
>
> chmod +x dirname
> also, if that seems funky, lsattr dirname
>
> also the directory that directory is in may have strange attributes...
>
> Looks like you still have things hiding....
>
> (I did warn you ;)
>
> gsh
>
I had done the chmod, chown, lsattr before. No help!, Still no permission.
Any command I missed to try?

I don't know how short time that may be, but I know I have blocked their
entry for now, My Portsentry shows them trying to login unsuccessfully.

I also know I have not found all the backdoors, and other junk they have
left behind. But I simply can not have my ISP restore from CD every week.

I have already ordered couple of books you suggested, and I will be learning
the syntax and commands.

If I am going to make it as a RAQ owner, I have to learn all the tricks
there is about it. It is my fault that I did not start any sooner. And any
help and pointers I get from you guys is appreciated.

For now, I just go through directories and files, use all the commands and
tools I have learned so far, and try to find anything that looks funny.

I know I don't know as much the hackers, and I will probably loose this
round, and may have to bite the bullet and pay for another OS restore, and
go through installing all the virtual sites,....Oh God!, but at least I am
learning something from this process. I will be more knowledgeable next time
I go through this, and may be next time I can beat them at this childish
game!.

Any way, thanks for all your help. Time to ssh back to my site, and keep
looking for more junk!

Jim Hagani

Prev by Date: [cobalt-users] webilazer .pkg for raq2 wanted please
Next by Date: Re: [cobalt-users] PHP via cronjob
Previous by thread: Re: [cobalt-users] RE: hacked raq
Next by thread: [cobalt-users] [OT] WS-FTP transfers failing

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index