[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] Hacked Into
- Subject: [cobalt-users] Hacked Into
- From: almax@xxxxxxxxxxxxxxx
- Date: Sun Sep 16 18:30:02 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Back from holiday, server hacked, oh joy.
It appears that somebody randomly whoised a domain on one of our servers and uploaded a 100mb file by the name of french-porn.dvd.divx.avi and then set servers wgetting it, eating up 9gb of bandwidth in little over 8 hours. Luckily this happened the day before I returned and so I managed to delete the file, grab IP's from the server logs and as I thought, stop the leak.
However, came in today and find that a 1.5gb file beautifulgirls.tar has suddenly appeared once again in the web folder and another 1.3gb of transfer has disappeared. I suspect we are being used by a porn site who are happy to have found a fast web server. What worries me is that I have applied every single security update from Cobalt as soon as they have come out.
Does anyone have any info that could help me, ie programs to make the RaQ4i more secure. I don't believe they have access to the server as everything is just going to this one domain, which I have now removed from the server and it will remain to be seen if files start appearing in the other domains. I do not know if there are ways to hack into the web domain of the server and put the files in.
I am the only user on the whole of the RaQ and therefore, I do not believe it is a case of an "inside job" or users on other domains somehow gaining access.
Any help would be most appreciated.
Thanks
Simon