[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] Hacked Into
- Subject: RE: [cobalt-users] Hacked Into
- From: "Andy Brown" <andy.brown@xxxxxxxxxxxxx>
- Date: Sun Sep 16 21:01:14 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
You've probably done this, but just in case, when you're logged in take
a look at the owner/group the files were created by, might give you a
hint as to where to focus on.
(ls -la /home/wherever)
Andy Brown
http://www.linuxnetworking.co.uk/
-----Original Message-----
From: almax@xxxxxxxxxxxxxxx [mailto:almax@xxxxxxxxxxxxxxx]
Sent: 17 September 2001 10:31 AM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: [cobalt-users] Hacked Into
Back from holiday, server hacked, oh joy.
It appears that somebody randomly whoised a domain on one of our servers
and uploaded a 100mb file by the name of french-porn.dvd.divx.avi and
then set servers wgetting it, eating up 9gb of bandwidth in little over
8 hours. Luckily this happened the day before I returned and so I
managed to delete the file, grab IP's from the server logs and as I
thought, stop the leak.
However, came in today and find that a 1.5gb file beautifulgirls.tar has
suddenly appeared once again in the web folder and another 1.3gb of
transfer has disappeared. I suspect we are being used by a porn site
who are happy to have found a fast web server. What worries me is that
I have applied every single security update from Cobalt as soon as they
have come out.
Does anyone have any info that could help me, ie programs to make the
RaQ4i more secure. I don't believe they have access to the server as
everything is just going to this one domain, which I have now removed
from the server and it will remain to be seen if files start appearing
in the other domains. I do not know if there are ways to hack into the
web domain of the server and put the files in.
I am the only user on the whole of the RaQ and therefore, I do not
believe it is a case of an "inside job" or users on other domains
somehow gaining access.
Any help would be most appreciated.
Thanks
Simon
_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users