RE: [cobalt-users] cant login telnet

["Benjamin Charles Tehan" <sysadmin@xxxxxxxxxxxx>]

Yeah, I know it's either hacked which is a sure bet or there idiot admins
are at it again.

Just last week they wrecked the virtusertable which I had to repair, I don't
know what was going through their minds but every 110+ domains had the
admin/root/nobody alias pointed to the user admin's email, along with loads
of other non standard junk in the virtusertable.

My only thought was to some how edit the init scripts with an installation
of ssh and reset the server and hope for the best.

I have got the logs I could retrieve but I cannot view the bash history,
which is a shame as it would tell me an awful lot.

Right now I cant do much with the server not being able to access root, I'll
try ssh.

They are going to pay big for this fix, teach them not to play with things
they don't understand.

If any one has any other ideas would be good if you people could give me a
yell.

Regards, Benjamin



-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Carrie
Bartkowiak
Sent: Monday, March 26, 2001 6:37 PM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-users] cant login telnet


> Hey peeps, I have a problem with one of my co-located servers
> When you telnet to the machine it never prompts you for the login.

That's strange... and dangerous. Check the logs for a haqd job;
although they've probably been wiped out. Run the chkrootkit and go
through the archives (search for "hacked") to see what files you can
look for to see if the box has been broken into.

I'd almost guarantee it's compromised.

CarrieB

_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users