[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] ftp is down after raq updates HELP URGENT ...I am willing to pay for help

Erm,

Can you SSH or Telnet in? The easiest way to fix the problem would be to
login, check the FTP process and the syslog file to see how it is choking.
It is most probable that it was a dodgy .PKG file which modified a config
file somewhere in the hope of making things more 'secure' on the RaQ
(*snigger* Standard RaQs != secure).

It also might pay to see if any other domains you have setup on the box are
displaying the same problems as the original one. In either case if you want
me to login and take a look around drop me an email at thedude@xxxxxxxxxxx .

Ta,

Stuart

> -----Original Message-----
> From: cobalt-users-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Sasha Pavlovic
> Sent: Sunday, 11 November 2001 1:27 PM
> To: cobalt-users@xxxxxxxxxxxxxxx
> Subject: RE: [cobalt-users] ftp is down after raq updates HELP URGENT
> ...I am willing to pay for help
>
>
> well, I don't think it's a hack because immediately after I did some patch
> fixes via .pkg on the gui, the problem arose.  One or two of the patches
> definitely had a problem installing as I got a message regarding
> that.  What
> a crazy thing.  I don't really have a problem wiping it's just that when I
> tried to do that today at the isp, the os restore just wouldn't start.  It
> kept saying loading kernel... forever, so I just gave up hoping to find
> another solution.  At least I am able to make some changes via frontpage
> http but I HATE frontpage.  I use dreamweaver to design and ftp to upload
> because I can do a lot more with ftp like scripts and chmod etc...
> So you don't think the manual file restore method is worth it?
> Sasha
>
> -----Original Message-----
> From: cobalt-users-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Sqlcoders.com
> Programming Dept
> Sent: November 11, 2001 5:06 AM
> To: cobalt-users@xxxxxxxxxxxxxxx
> Subject: Re: [cobalt-users] ftp is down after raq updates HELP URGENT
> ...I am willing to pay for help
>
>
> Hiya,
> I'm assuming from your email address and the backup data you
> copied into the
> post your RAQ is at cobaltexpress.com, when I try to login I get the
> following:
> C:\WINDOWS\Desktop>ftp cobaltexpress.com
> Connected to cobaltexpress.com.
> Connection closed by remote host.
>
> So your ftp services are listening, they just immediately close the
> connection, I've done a search on google for the message you get in active
> monitor and this has happened to other people, but its probably not gonna
> brighten your day...
> ------------------------------------------------------------------
> ----------
> --------------
> :I had the same message when I was hacked. Both mail and ftp daemons were
> involveld. Somewhere it should tell you where the problem is.
> ------------------------------------------------------------------
> ----------
> --------------
>
> this one
> http://list.cobalt.com/pipermail/cobalt-users/2001-February/034315
> .html is a
> post from someone explaining how it's a symptom of being hacked, so I'd be
> inclined to think this is a hack, considering most posts from a search on
> google all refer to the server being hacked
> [http://www.google.com/search?q=swatch_service_body_defcon_2&hl=en
> &start=10&
> sa=N&filter=0]., although the one following the above post
> [http://list.cobalt.com/pipermail/cobalt-users/2001-February/034350.html]
> says that it went away for them, but doesn't give any real
> explanation about
> the going away so it might be a red herring, although a comforting one at
> that.
>
> Other posts like this one,
> http://list.cobalt.com/pipermail/cobalt-security/2000-November/000
> 953.html ,
> say pretty much the same thing about it being a hack though, so I'm afraid
> that's the most likely cause at this point.
>
> So assuming it is a hack, the next thing is how to fix it, there's the
> drastic "backup/wipe the disks/reinstall/pray" route, or the patch the
> damage route, but you cant necessarily be sure you've fixed
> things properly.
>
> So apart from the advice offered in 2 of the posts about fixing it, one an
> apparent way to fix it, the other the "wipe and pray"[ I think ], that's
> most of what I can do until someone volunteers any other information, or
> more likely, you post a fresh message asking for suggestions about how to
> fix things, at which time with luck the appropriate list people
> will jump in
> and guide you as much as possible, because I've never been hacked (yet).
> One thing, as soon as possible switch off telnet, its a huge security hole
> and as your cobalt's domain has been made public from your post, and if I
> I'd be switching off telnet just as soon as I was sure ssh
> worked(do a list
> search for ssh if you don't know the hows or where's of using ssh
> instead of
> standard telnet)
>
> I hope this has helped some :)
>
>
> ----- Original Message -----
> From: "Sasha Pavlovic" <sasha@xxxxxxxxxxxxxxxxx>
> To: <cobalt-users@xxxxxxxxxxxxxxx>
> Sent: Saturday, November 10, 2001 6:07 PM
> Subject: RE: [cobalt-users] ftp is down after raq updates HELP URGENT ...I
> am willing to pay for help
>
>
> > Thanks for the reply.
> > the GUI message beside a yellow light is "swatch_service_body_defcon_2 "
> > The model is a Raq3i.
> > all other components and access works fine including adding sites and
> update
> > via http ie:frontpage
> > The ftp client simply will not log in at all.  I tried several programs
> from
> > several different computers and networks but no go. The
> internal workings
> of
> > the ftp don't work either as the daily backup has failed for
> two days now.
> > The message from the server in that regard is:
> > "scheduled backup failed
> >
> >
> > backupset: config
> > target: config
> > protocol: ftp
> > resource: spavlovic@xxxxxxxxxxxxxxxxx"
> >
> > going directly from the Run prompt in windows with the command
> ftp.site.com
> > does not even give an error message and the window just shuts down.
> >
> > I had a friend go in via telnet and all he could find was that
> the ftp was
> > posting the error message above.
> >
> > All I can think of is that the one of the .pkg updates from cobalt was
> > corrupted and did not place the correct files where they should be
> regarding
> > the ftp server.  I don't know anything about linux file structure or
> > commands, so I am hooped. I tried rebooting, re-installing the
> .pkg's and
> > even restoring a backup of the previous days system backups,
> but all that
> > does is reset the web pages and other non-relevant files.
> >
> > Would you know about going via telnet to manually replace ftp
> files where
> > they should be?
> > Please help if you can.  I will send you a money order for your time.
> > Nobody else has responded since I posted a message yesterday.
> > Sasha
> >
> > -----Original Message-----
> > From: cobalt-users-admin@xxxxxxxxxxxxxxx
> > [mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Sqlcoders.com
> > Programming Dept
> > Sent: November 11, 2001 3:43 AM
> > To: cobalt-users@xxxxxxxxxxxxxxx
> > Subject: Re: [cobalt-users] ftp is down after raq updates HELP URGENT
> > ...I am willing to pay for help
> >
> >
> >
> > Hiya,
> > The first part of solving any mystery is to get some facts to work with.
> > o Go into the gui, go to the active monitor or such, and get the details
> of
> > any errors/warnings.
> > o Is it a raq?, if so what one(2/3/4/4r etc).
> > o Can you access the sites hosted on that server?
> > o When you try to access the site via ftp how far do you get? if your
> client
> > dosent give you enough info to work out whether its the connection or
> > authentication stage, then (this will work for either windows or linux),
> go
> > to a command prompt (this is a shell in linux or start
> button>run>command>ok
> > in windows), type [minus the quotes] "ftp yourdomain.com", this will
> either
> > connect or give a error, if it connects then give your username and
> password
> > when prompted, note how far you get, and what (if any) error
> messages you
> > get back.
> > o Post this info to the list
> >
> > >From initial thought's i wonder if its something with your ftp client,
> but
> > doing the command prompt version of ftp will clear this up i hope.
> >
> > HTH,
> > dw
> >
> > ----- Original Message -----
> > From: "Sasha Pavlovic" <sasha@xxxxxxxxxxxxxxxxx>
> > To: <cobalt-users@xxxxxxxxxxxxxxx>
> > Sent: Saturday, November 10, 2001 4:09 PM
> > Subject: [cobalt-users] ftp is down after raq updates HELP
> URGENT ...I am
> > willing to pay for help
> >
> >
> > > after I updated some files from the cobalt site, I am now
> unable to log
> in
> > > > with any ftp program.  I have to get in to do my work. Does anybody
> know
> > > how
> > > > to get things working again?  I don't know how to do anything with
> > telnet.
> > > > So I am REALLY stuck.I tried rebooting,
> > > The GUI shows a yellow light and a message something like swatch_(not
> > > sure)_defcon_2
> > > > HELP!!! URgent
> > > > sasha
> > >
> > > _______________________________________________
> > > cobalt-users mailing list
> > > cobalt-users@xxxxxxxxxxxxxxx
> > > To Subscribe or Unsubscribe, please go to:
> > > http://list.cobalt.com/mailman/listinfo/cobalt-users
> > >
> >
> > _______________________________________________
> > cobalt-users mailing list
> > cobalt-users@xxxxxxxxxxxxxxx
> > To Subscribe or Unsubscribe, please go to:
> > http://list.cobalt.com/mailman/listinfo/cobalt-users
> >
> > _______________________________________________
> > cobalt-users mailing list
> > cobalt-users@xxxxxxxxxxxxxxx
> > To Subscribe or Unsubscribe, please go to:
> > http://list.cobalt.com/mailman/listinfo/cobalt-users
> >
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>