[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] [RaQ XTR] root pwd stolen, web services down,lost control over machine
- Subject: [cobalt-users] [RaQ XTR] root pwd stolen, web services down,lost control over machine
- From: Etienne Antoniutti Di Muro <etienne@xxxxxxxxxxxxx>
- Date: Thu Jun 14 18:25:01 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Dear list members,
this is my first message posted, so Hi everybody !!
As my experience with the XTR will increase, I hope to be of help, as
well.
Someone hacked my Raq XTR.
Results:
1- root pwd stolen, I have no more control over the appliance;
2- can't change any pwd with 'passwd' in a telnet session, even admin's
after a regular login!!!; (maybe password and shadow files corrupted
???)
3- web server is not working ==>> no more browser interface to set up
services;
4- log files (ie 'last' output) deleted
5- launching 'man' command it replies with "THE TERMINAL IS NOT
WORKINGPROPERLY"
6- found a "cocaine.c" file at '/' level in the filesystem
a pretty mess, uh?!!
I've tried to reset admin password from the LCD console, but no luck,
'passwd' comand is not working,yet and at the moment the server has no
admin password
I'm going to try with some cracking software to get through and get the
root back.
Isn't there a way to restore the machine with factory defaults, and
clean up filesystem and restart all services, properly ??
any idea ???
tnx in advance
etienne