RE: [cobalt-users] [RaQ XTR] root pwd stolen, web services down,l ost control over machine

[David Etheridge <DavidE@xxxxxxxxxxxx>]

Looks like a recovery CD job. You can get the iso's for such CD's at the
Cobalt site (I think), if you haven't got an original CD.

Dave Etheridge

-----Original Message-----
From: Etienne Antoniutti Di Muro [mailto:etienne@xxxxxxxxxxxxx]
Sent: 15 June 2001 10:25
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: [cobalt-users] [RaQ XTR] root pwd stolen, web services
down,lost control over machine


Dear list members,
this is my first message posted, so Hi everybody !!
As my experience with the XTR will increase, I hope to be of help, as
well.


Someone hacked my Raq XTR.

Results:
1- root pwd stolen, I have no more control over the appliance;
2- can't change any pwd with 'passwd' in a telnet session, even admin's
after a regular login!!!; (maybe password and shadow files corrupted
???)
3- web server is not working ==>> no more browser interface to set up
services;
4- log files (ie 'last' output) deleted
5- launching 'man' command it replies with "THE TERMINAL IS NOT
WORKINGPROPERLY"
6- found a "cocaine.c" file at '/' level in the filesystem

a pretty mess, uh?!!

I've tried to reset admin password from the LCD console, but no luck,
'passwd' comand is not working,yet and at the moment the server has no
admin password
I'm going to try with some cracking software to get through and get the
root back.


Isn't there a way to restore the machine with factory defaults, and
clean up filesystem and restart all services, properly ??

any idea ???

tnx in advance
etienne

_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users