[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] Hackers and what they do (and as stupid they are)
- Subject: [cobalt-users] Hackers and what they do (and as stupid they are)
- From: Oliver Schlag <chairman@xxxxxxxx>
- Date: Sun Jun 10 13:50:28 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Hy,
last night we have a visit from a hacker at one of our raqs. I think it was a
real kiddie and it really doesnt now what he do.
1. I don't know how the kid came in, but we're sure one of our admin accounts
was cracked (i think the password was to easy)
2. The hacker created a new passwd file, there was only one problem, there was
a Special Character at the end of the file, and so the system does no accept it
and used the old file (which he has not deleted).
3. He only tried to create a passwd file entry and no shadow entry. I think on
a shadow system, you need both entrys ?!
4. The hacker opened a shell at port 80. Is this funky ? Yes, because we were
developing and our browsers doesn't show up any pages. And we have the problem
found in less than 10 minutes !
5. The hacker tried to smear his tracks with deleting /var/log/messages (bad
boy) but there were some .bash_history files left on the server and we could
see every step he has made. :o)
6. After checking the system for some hours, there were no more shells open,
and all passwords are changed. I think that was a kid with more luck as if
understood.
Lovely hacker attack which costs me more than 8 hours work to fix. If I ever
get this kit into my fingers, God may protect it.
I wish you all a happy day and a good start into the new week.
Oliver
------------------------------------------------------------------------
Oliver Schlag
Hauptstr. 43 Tel : 06081-963009
61267 Neu Anspach Fax : 06081-43953
------------------------------------------------------------------------