[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re[2]: [cobalt-users] Raq 4 Help needed

Subject: Re[2]: [cobalt-users] Raq 4 Help needed
From: Aussie Hosts <support@xxxxxxxxxxxxxxx>
Date: Tue Jan 1 15:55:01 2002
Organization: EDIT Group
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Hello William,

If you are still stuck on this, drop Stuart a line at
thedude@xxxxxxxxxxx and see if he can help.

We had exactly the same situation on a RaQ a little while back, and
things did *not* look good for a while. But armed with Webmin (and
some advice from friends of his who eat root kits for fun) he did his
usual magic trick and got it all back for us. (anyone looking for a
remote sysadmin who wont let a RaQ beat him...Stuart's the guy to
speak to)

We explained the symptons to a few people, and were given all sorts of
advice...none of which really appealed to us (or to the clients on
that box :-).

All the best with it.

Cheers

Gary

Wednesday, January 02, 2002, 8:46:58 AM, you wrote:

W> ----- Original Message -----
W> From: "Jeff Lasman" <jblists@xxxxxxxxxxxxx>
W> To: <cobalt-users@xxxxxxxxxxxxxxx>
W> Sent: Tuesday, January 01, 2002 4:12 PM
W> Subject: Re: [cobalt-users] Raq 4 Help needed

>> William Moore wrote:
>>
>> > I have a raq4 in Virginia that was hacked by world of hell yesterday.
W> he
>> > got in thru the ssh daemon that I was not even aware was there.
>>
>> Do you mean he got in through an exploit of an old ssh daemon?

W> Yes,  I bought this hosting company and was not even aware it was on the
W> box.

>>
>> > anyway it has been disabled,
>>
>> Then how do you get into the box?

W> I install webmin as a mater of course on all my boxes...  set it to only
W> allow my ip address
W> then I can do whatever I need to to the box.

>>
>> > but after going thru and fixing everything,

>>
>> How did you get into the box to fix things?  Another sshd that was
>> installed?  Or telnet?  I hope not telnet; it's notoriously insecure.

W> see above.

>>
>> How do you know you "fixed everything"?
>>

W> guessing.   until the upstream sets up another box for me.  then I will
W> migrate sites over and have this box reloaded.

>> > I find I cannot su to root.  I reset the root password with
>> > webmin but I still cannot get in.
>>
>> Then you really haven't fixed everything <frown>.

W> actually when I rebotted the box after changing the password,  all was well
W> with
W> the world.

>>
>> > Any idea's ?
>>
>> The only real safe thing to do is backup the sites, rebuild from
>> scratch, and restore the sites.

W> going to be doing that,  just finished backing the sites up to one of my
W> servers
W> in chicago

>>
>> Which of course requires local access <frown>.  If you can't log in as
>> root, the easiest way to do it is remove the drive and put it into
>> another system.
>>
>> I'm presuming you're not near your box.  I hope the people who host it
>> have both clue and a good support option you can use.

W> nope it is in Virginia,  I am in Chicago.   but the people there are very
W> knowledgeable.  I think

>>
>> > This hacker guy deleted my live backup drive so he totally screwed
W> things up
>> > for me.
>>
>> What do you mean by a live backup drive?

W> I had an external drive on the scsi port,  like I do all my machines.  I run
W> a cron job which
W> will either ftp the tar'd sites to my ftp server here in chicago or store
W> them locally.  I had not
W> wanted to use the bw so I was just storing them local,  he erased the drive
W> deleteing my
W> backups.

W> I do it this way as I feel the hardware is cheap enough to have an external
W> drive on each
W> box for backup purposes.

W> Bill
>>
>> Jeff
>> --
>> Jeff Lasman <jblists@xxxxxxxxxxxxx>
>> Linux and Cobalt/Sun/RaQ Consulting
>> nobaloney.net
>> P. O. Box 52672, Riverside, CA  92517
>> voice: (909) 778-9980  *  fax: (702) 548-9484
>>
>> _______________________________________________
>> cobalt-users mailing list
>> cobalt-users@xxxxxxxxxxxxxxx
>> To Subscribe or Unsubscribe, please go to:
>> http://list.cobalt.com/mailman/listinfo/cobalt-users
>>

W> _______________________________________________
W> cobalt-users mailing list
W> cobalt-users@xxxxxxxxxxxxxxx
W> To Subscribe or Unsubscribe, please go to:
W> http://list.cobalt.com/mailman/listinfo/cobalt-users

-- 
Kind regards,

Aussie Hosts
An EDIT Group Division
support@xxxxxxxxxxxxxxx

Wednesday, January 02, 2002 9:39:55 AM

Follow-Ups:
- Re: Re[2]: [cobalt-users] Raq 4 Help needed
  - From: William Moore

References:
- RE: [cobalt-users] FrontPage woes...
  - From: Lanny Gridley
- Re: [cobalt-users] FrontPage woes...
  - From: Bob Cruz
- [cobalt-users] Raq 4 Help needed
  - From: William Moore
- Re: [cobalt-users] Raq 4 Help needed
  - From: Jeff Lasman
- Re: [cobalt-users] Raq 4 Help needed
  - From: William Moore

Prev by Date: Re: [cobalt-users] Raq 4 Help needed another question
Next by Date: Re: Re[2]: [cobalt-users] Raq 4 Help needed
Previous by thread: Re: [cobalt-users] Raq 4 Help needed
Next by thread: Re: Re[2]: [cobalt-users] Raq 4 Help needed

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index