[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] I assume I was hacked...

Subject: [cobalt-users] I assume I was hacked...
From: "Jay Jennings" <jennings@xxxxxxxxxx>
Date: Thu Apr 5 16:31:13 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

...but I can't find any "proof." Last night after receiving the email from
Lion I ran Lionfind and chkrootkit with negative results. I also checked 7-8
things that were mentioned on this list. Nothing. But this afternoon
everything went "dead" when Portsentry seemed to lock everyone out. Thanks
to some help from the list I was able to get in and set things right.

However...

I log all incoming requests for domains into a special database. This
evening after I got things back to normal I looked in the database and saw
that about an hour before things went screwy I logged a request for this
domain, "weeeeeeirdname" -- and the IP that requested it was the IP of my
server.

So, a request for a domain that's not "correct" coming from inside the
box -- am I paranoid? Or have I been hacked by someone who doesn't leave the
normal tracks?

I want to try and button the server up as much as possible -- but not if
there's still someone inside!

Any hints on what to do would be GREATLY appreciated. Step-by-steps are
always nice, but even a pointer to articles, other sites, etc., would be
cool.

 ..jj..

Prev by Date: Re: [cobalt-users] Macintosh, AppleShare IP Users
Next by Date: Re[2]: [cobalt-users] Title Problems
Previous by thread: Re: [cobalt-users] Raq3 webmail
Next by thread: RE: [cobalt-users] SSH - NEWBIE

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index