[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Raq 4 Help needed
- Subject: Re: [cobalt-users] Raq 4 Help needed
- From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
- Date: Tue Jan 1 14:09:00 2002
- Organization: nobaloney.net
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
William Moore wrote:
> I have a raq4 in Virginia that was hacked by world of hell yesterday. he
> got in thru the ssh daemon that I was not even aware was there.
Do you mean he got in through an exploit of an old ssh daemon?
> anyway it has been disabled,
Then how do you get into the box?
> but after going thru and fixing everything,
How did you get into the box to fix things? Another sshd that was
installed? Or telnet? I hope not telnet; it's notoriously insecure.
How do you know you "fixed everything"?
> I find I cannot su to root. I reset the root password with
> webmin but I still cannot get in.
Then you really haven't fixed everything <frown>.
> Any idea's ?
The only real safe thing to do is backup the sites, rebuild from
scratch, and restore the sites.
Which of course requires local access <frown>. If you can't log in as
root, the easiest way to do it is remove the drive and put it into
another system.
I'm presuming you're not near your box. I hope the people who host it
have both clue and a good support option you can use.
> This hacker guy deleted my live backup drive so he totally screwed things up
> for me.
What do you mean by a live backup drive?
Jeff
--
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net
P. O. Box 52672, Riverside, CA 92517
voice: (909) 778-9980 * fax: (702) 548-9484