[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] ftp is down after raq updates HELP URGENT ...I am willing to pay for help
- Subject: Re: [cobalt-users] ftp is down after raq updates HELP URGENT ...I am willing to pay for help
- From: "Sqlcoders.com Programming Dept" <coders@xxxxxxxxxxxxx>
- Date: Sat Nov 10 19:07:02 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Hiya,
I'm assuming from your email address and the backup data you copied into the
post your RAQ is at cobaltexpress.com, when I try to login I get the
following:
C:\WINDOWS\Desktop>ftp cobaltexpress.com
Connected to cobaltexpress.com.
Connection closed by remote host.
So your ftp services are listening, they just immediately close the
connection, I've done a search on google for the message you get in active
monitor and this has happened to other people, but its probably not gonna
brighten your day...
----------------------------------------------------------------------------
--------------
:I had the same message when I was hacked. Both mail and ftp daemons were
involveld. Somewhere it should tell you where the problem is.
----------------------------------------------------------------------------
--------------
this one
http://list.cobalt.com/pipermail/cobalt-users/2001-February/034315.html is a
post from someone explaining how it's a symptom of being hacked, so I'd be
inclined to think this is a hack, considering most posts from a search on
google all refer to the server being hacked
[http://www.google.com/search?q=swatch_service_body_defcon_2&hl=en&start=10&;
sa=N&filter=0]., although the one following the above post
[http://list.cobalt.com/pipermail/cobalt-users/2001-February/034350.html]
says that it went away for them, but doesn't give any real explanation about
the going away so it might be a red herring, although a comforting one at
that.
Other posts like this one,
http://list.cobalt.com/pipermail/cobalt-security/2000-November/000953.html ,
say pretty much the same thing about it being a hack though, so I'm afraid
that's the most likely cause at this point.
So assuming it is a hack, the next thing is how to fix it, there's the
drastic "backup/wipe the disks/reinstall/pray" route, or the patch the
damage route, but you cant necessarily be sure you've fixed things properly.
So apart from the advice offered in 2 of the posts about fixing it, one an
apparent way to fix it, the other the "wipe and pray"[ I think ], that's
most of what I can do until someone volunteers any other information, or
more likely, you post a fresh message asking for suggestions about how to
fix things, at which time with luck the appropriate list people will jump in
and guide you as much as possible, because I've never been hacked (yet).
One thing, as soon as possible switch off telnet, its a huge security hole
and as your cobalt's domain has been made public from your post, and if I
I'd be switching off telnet just as soon as I was sure ssh worked(do a list
search for ssh if you don't know the hows or where's of using ssh instead of
standard telnet)
I hope this has helped some :)
----- Original Message -----
From: "Sasha Pavlovic" <sasha@xxxxxxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Saturday, November 10, 2001 6:07 PM
Subject: RE: [cobalt-users] ftp is down after raq updates HELP URGENT ...I
am willing to pay for help
> Thanks for the reply.
> the GUI message beside a yellow light is "swatch_service_body_defcon_2 "
> The model is a Raq3i.
> all other components and access works fine including adding sites and
update
> via http ie:frontpage
> The ftp client simply will not log in at all. I tried several programs
from
> several different computers and networks but no go. The internal workings
of
> the ftp don't work either as the daily backup has failed for two days now.
> The message from the server in that regard is:
> "scheduled backup failed
>
>
> backupset: config
> target: config
> protocol: ftp
> resource: spavlovic@xxxxxxxxxxxxxxxxx"
>
> going directly from the Run prompt in windows with the command
ftp.site.com
> does not even give an error message and the window just shuts down.
>
> I had a friend go in via telnet and all he could find was that the ftp was
> posting the error message above.
>
> All I can think of is that the one of the .pkg updates from cobalt was
> corrupted and did not place the correct files where they should be
regarding
> the ftp server. I don't know anything about linux file structure or
> commands, so I am hooped. I tried rebooting, re-installing the .pkg's and
> even restoring a backup of the previous days system backups, but all that
> does is reset the web pages and other non-relevant files.
>
> Would you know about going via telnet to manually replace ftp files where
> they should be?
> Please help if you can. I will send you a money order for your time.
> Nobody else has responded since I posted a message yesterday.
> Sasha
>
> -----Original Message-----
> From: cobalt-users-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Sqlcoders.com
> Programming Dept
> Sent: November 11, 2001 3:43 AM
> To: cobalt-users@xxxxxxxxxxxxxxx
> Subject: Re: [cobalt-users] ftp is down after raq updates HELP URGENT
> ...I am willing to pay for help
>
>
>
> Hiya,
> The first part of solving any mystery is to get some facts to work with.
> o Go into the gui, go to the active monitor or such, and get the details
of
> any errors/warnings.
> o Is it a raq?, if so what one(2/3/4/4r etc).
> o Can you access the sites hosted on that server?
> o When you try to access the site via ftp how far do you get? if your
client
> dosent give you enough info to work out whether its the connection or
> authentication stage, then (this will work for either windows or linux),
go
> to a command prompt (this is a shell in linux or start
button>run>command>ok
> in windows), type [minus the quotes] "ftp yourdomain.com", this will
either
> connect or give a error, if it connects then give your username and
password
> when prompted, note how far you get, and what (if any) error messages you
> get back.
> o Post this info to the list
>
> >From initial thought's i wonder if its something with your ftp client,
but
> doing the command prompt version of ftp will clear this up i hope.
>
> HTH,
> dw
>
> ----- Original Message -----
> From: "Sasha Pavlovic" <sasha@xxxxxxxxxxxxxxxxx>
> To: <cobalt-users@xxxxxxxxxxxxxxx>
> Sent: Saturday, November 10, 2001 4:09 PM
> Subject: [cobalt-users] ftp is down after raq updates HELP URGENT ...I am
> willing to pay for help
>
>
> > after I updated some files from the cobalt site, I am now unable to log
in
> > > with any ftp program. I have to get in to do my work. Does anybody
know
> > how
> > > to get things working again? I don't know how to do anything with
> telnet.
> > > So I am REALLY stuck.I tried rebooting,
> > The GUI shows a yellow light and a message something like swatch_(not
> > sure)_defcon_2
> > > HELP!!! URgent
> > > sasha
> >
> > _______________________________________________
> > cobalt-users mailing list
> > cobalt-users@xxxxxxxxxxxxxxx
> > To Subscribe or Unsubscribe, please go to:
> > http://list.cobalt.com/mailman/listinfo/cobalt-users
> >
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>