[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Raq Hacked
- Subject: Re: [cobalt-users] Raq Hacked
- From: Rob Kennedy <rob@xxxxxxxxx>
- Date: Tue Apr 10 04:43:33 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Joe,
There's a 'lionfind' utility, and instructions on how to de-lion your
machine at the sans.org web site.. thinking its:
http://www.sans.org/y2k/lion.htm
They probably didn't 'choose' you, you probably got scanned from an
already infected box that's job was to find other servers running bind
8.2.2 or lower..
Good luck!
Rob
--
Rob Kennedy
ASPRE, Inc.
rkennedy@xxxxxxxxx
http://www.aspre.net/
Managed e-Business that works
---------------------------------
the first exclusive e-Business Application Service Provider (ASP)
t. 215.957.2266 Ext. 2145
f. 215.957.2277
113 Rock Road
Horsham, PA 19044
On Mon, 9 Apr 2001, J. Ambrose wrote:
> My Raq3 was hacked this weekend by 1i0n Crew.
>
> 24 hours later and $$$ to my colo provider. I'm
> still recovering.
>
> All index pages said Powered by H.U.C. ---the 1iOn Crew.
>
> It was a mess.
>
> I have just a small business and why did they pick
> me? Well, I'm not gonna waste my time thinking about
> this.
>
> I figure I just want as many Cobalt users to hear about
> it, so they can make sure they have taken the right
> precautions. I paid the price! Hopefully someone else
> can benefit from my awful experience. USE THE PKG UPDATES!
> USE PORT SENTRY! DISABLE TELNET!
>
> Joe A.
>
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>