[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] raQ4r HACK

Subject: [cobalt-users] raQ4r HACK
From: "Jerry Davis" <jerry@xxxxxxxxxxxx>
Date: Tue May 8 15:44:39 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Hello;
I have been transferring my domains to a new raQ4r for the past 3 days.
I have notices unusual activity on the following domains.

Access By Domain (Top 3)
64.24.73.27  6 (46.2%)  25k (36.9%)    <-- nslookup = popsite.net
64.24.73.63  5 (38.5%)  38k (55.2%)    <-- nslookup = popsite.net
207.215.107.5  2 (15.4%)  5k (7.9%)    <-- this is in my domain

I can't tell if I have been hacked at this time BUT have noticed a file
called .nsr in my
/ directory. The contence of the file is as follows.

<< / >>
        skip: tmp_mnt
        +skip: core
<< /tmp >>
        skip: .?* *
<< /nsr >>
        allow
<< /nsr/logs >>
        logasm: .
<< /etc/httpd/logs >>
	logasm: .
<< /etc/admserv/logs >>
	logasm: .
<< /var >>
        +logasm: .
<< /var/spool/mail >>
        mailasm: .
<< /dev >>
	+skip: .
<< /mnt >>
	+skip: .
<< /proc >>
	+skip: .

A fellow ISP owns a raQ3 and this file is not in his / directory.
Has any one had this type of problem ?
Thanks
 Gerald A. Davis
 Transworld Network, Inc.
 1-(888)-630-MOON

Follow-Ups:
- Re: [cobalt-users] raQ4r HACK
  - From: flash22

Prev by Date: [cobalt-users] tips for connecting with a null modem cable
Next by Date: Re: [cobalt-users] RACKSHACK.NET
Previous by thread: Re: [cobalt-users] tips for connecting with a null modem cable
Next by thread: Re: [cobalt-users] raQ4r HACK

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index