[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Hacked Into
- Subject: Re: [cobalt-users] Hacked Into
- From: Marco Baurdoux <linux@xxxxxxxxxxxxx>
- Date: Sun Sep 16 19:10:01 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Hi Simon,
If the attacks come from the same IP al the time you should check how they
get the files on your system, if it is via FTP, you can use the inetd
service to block this particular address, therefore consult the man pages
for the host.allow and host.deny files.
le 17.9.2001 11:30, almax@xxxxxxxxxxxxxxx à almax@xxxxxxxxxxxxxxx a écrit :
> Back from holiday, server hacked, oh joy.
>
> It appears that somebody randomly whoised a domain on one of our servers and
> uploaded a 100mb file by the name of french-porn.dvd.divx.avi and then set
> servers wgetting it, eating up 9gb of bandwidth in little over 8 hours.
> Luckily this happened the day before I returned and so I managed to delete the
> file, grab IP's from the server logs and as I thought, stop the leak.
>
> However, came in today and find that a 1.5gb file beautifulgirls.tar has
> suddenly appeared once again in the web folder and another 1.3gb of transfer
> has disappeared. I suspect we are being used by a porn site who are happy to
> have found a fast web server. What worries me is that I have applied every
> single security update from Cobalt as soon as they have come out.
>
> Does anyone have any info that could help me, ie programs to make the RaQ4i
> more secure. I don't believe they have access to the server as everything is
> just going to this one domain, which I have now removed from the server and it
> will remain to be seen if files start appearing in the other domains. I do
> not know if there are ways to hack into the web domain of the server and put
> the files in.
>
> I am the only user on the whole of the RaQ and therefore, I do not believe it
> is a case of an "inside job" or users on other domains somehow gaining access.
>
> Any help would be most appreciated.
>
> Thanks
>
> Simon
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
=======================================================================
Marco Baurdoux
Unix Administrator
Infomaniak Network SA
Avenue de la Praille 26
1227 Carouge
Switzerland
Tel: +41 (0)22 820 35 41
Fax: +41 (0)22 820 35 46
http://web.infomaniak.ch
=======================================================================