[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Raq 4 Help needed
- Subject: Re: [cobalt-users] Raq 4 Help needed
- From: "William Moore" <bmoore@xxxxxxxxxxxxxxxxx>
- Date: Tue Jan 1 14:45:01 2002
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
----- Original Message -----
From: "Jeff Lasman" <jblists@xxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Tuesday, January 01, 2002 4:12 PM
Subject: Re: [cobalt-users] Raq 4 Help needed
> William Moore wrote:
>
> > I have a raq4 in Virginia that was hacked by world of hell yesterday.
he
> > got in thru the ssh daemon that I was not even aware was there.
>
> Do you mean he got in through an exploit of an old ssh daemon?
Yes, I bought this hosting company and was not even aware it was on the
box.
>
> > anyway it has been disabled,
>
> Then how do you get into the box?
I install webmin as a mater of course on all my boxes... set it to only
allow my ip address
then I can do whatever I need to to the box.
>
> > but after going thru and fixing everything,
>
> How did you get into the box to fix things? Another sshd that was
> installed? Or telnet? I hope not telnet; it's notoriously insecure.
see above.
>
> How do you know you "fixed everything"?
>
guessing. until the upstream sets up another box for me. then I will
migrate sites over and have this box reloaded.
> > I find I cannot su to root. I reset the root password with
> > webmin but I still cannot get in.
>
> Then you really haven't fixed everything <frown>.
actually when I rebotted the box after changing the password, all was well
with
the world.
>
> > Any idea's ?
>
> The only real safe thing to do is backup the sites, rebuild from
> scratch, and restore the sites.
going to be doing that, just finished backing the sites up to one of my
servers
in chicago
>
> Which of course requires local access <frown>. If you can't log in as
> root, the easiest way to do it is remove the drive and put it into
> another system.
>
> I'm presuming you're not near your box. I hope the people who host it
> have both clue and a good support option you can use.
nope it is in Virginia, I am in Chicago. but the people there are very
knowledgeable. I think
>
> > This hacker guy deleted my live backup drive so he totally screwed
things up
> > for me.
>
> What do you mean by a live backup drive?
I had an external drive on the scsi port, like I do all my machines. I run
a cron job which
will either ftp the tar'd sites to my ftp server here in chicago or store
them locally. I had not
wanted to use the bw so I was just storing them local, he erased the drive
deleteing my
backups.
I do it this way as I feel the hardware is cheap enough to have an external
drive on each
box for backup purposes.
Bill
>
> Jeff
> --
> Jeff Lasman <jblists@xxxxxxxxxxxxx>
> Linux and Cobalt/Sun/RaQ Consulting
> nobaloney.net
> P. O. Box 52672, Riverside, CA 92517
> voice: (909) 778-9980 * fax: (702) 548-9484
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>