[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Re[2]: [cobalt-users] Raq 4 Help needed
- Subject: Re: Re[2]: [cobalt-users] Raq 4 Help needed
- From: "William Moore" <bmoore@xxxxxxxxxxxxxxxxx>
- Date: Tue Jan 1 18:15:01 2002
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Cool, thanks for the heads up on that. I have been looking for
someone good to assist here.
Bill
----- Original Message -----
From: "Aussie Hosts" <support@xxxxxxxxxxxxxxx>
To: "William Moore" <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Tuesday, January 01, 2002 5:50 PM
Subject: Re[2]: [cobalt-users] Raq 4 Help needed
> Hello William,
>
> If you are still stuck on this, drop Stuart a line at
> thedude@xxxxxxxxxxx and see if he can help.
>
> We had exactly the same situation on a RaQ a little while back, and
> things did *not* look good for a while. But armed with Webmin (and
> some advice from friends of his who eat root kits for fun) he did his
> usual magic trick and got it all back for us. (anyone looking for a
> remote sysadmin who wont let a RaQ beat him...Stuart's the guy to
> speak to)
>
> We explained the symptons to a few people, and were given all sorts of
> advice...none of which really appealed to us (or to the clients on
> that box :-).
>
> All the best with it.
>
> Cheers
>
> Gary
>
>
>
> Wednesday, January 02, 2002, 8:46:58 AM, you wrote:
>
>
> W> ----- Original Message -----
> W> From: "Jeff Lasman" <jblists@xxxxxxxxxxxxx>
> W> To: <cobalt-users@xxxxxxxxxxxxxxx>
> W> Sent: Tuesday, January 01, 2002 4:12 PM
> W> Subject: Re: [cobalt-users] Raq 4 Help needed
>
>
> >> William Moore wrote:
> >>
> >> > I have a raq4 in Virginia that was hacked by world of hell yesterday.
> W> he
> >> > got in thru the ssh daemon that I was not even aware was there.
> >>
> >> Do you mean he got in through an exploit of an old ssh daemon?
>
> W> Yes, I bought this hosting company and was not even aware it was on
the
> W> box.
>
> >>
> >> > anyway it has been disabled,
> >>
> >> Then how do you get into the box?
>
> W> I install webmin as a mater of course on all my boxes... set it to
only
> W> allow my ip address
> W> then I can do whatever I need to to the box.
>
> >>
> >> > but after going thru and fixing everything,
>
> >>
> >> How did you get into the box to fix things? Another sshd that was
> >> installed? Or telnet? I hope not telnet; it's notoriously insecure.
>
> W> see above.
>
> >>
> >> How do you know you "fixed everything"?
> >>
>
> W> guessing. until the upstream sets up another box for me. then I will
> W> migrate sites over and have this box reloaded.
>
> >> > I find I cannot su to root. I reset the root password with
> >> > webmin but I still cannot get in.
> >>
> >> Then you really haven't fixed everything <frown>.
>
> W> actually when I rebotted the box after changing the password, all was
well
> W> with
> W> the world.
>
> >>
> >> > Any idea's ?
> >>
> >> The only real safe thing to do is backup the sites, rebuild from
> >> scratch, and restore the sites.
>
> W> going to be doing that, just finished backing the sites up to one of
my
> W> servers
> W> in chicago
>
> >>
> >> Which of course requires local access <frown>. If you can't log in as
> >> root, the easiest way to do it is remove the drive and put it into
> >> another system.
> >>
> >> I'm presuming you're not near your box. I hope the people who host it
> >> have both clue and a good support option you can use.
>
> W> nope it is in Virginia, I am in Chicago. but the people there are
very
> W> knowledgeable. I think
>
> >>
> >> > This hacker guy deleted my live backup drive so he totally screwed
> W> things up
> >> > for me.
> >>
> >> What do you mean by a live backup drive?
>
> W> I had an external drive on the scsi port, like I do all my machines.
I run
> W> a cron job which
> W> will either ftp the tar'd sites to my ftp server here in chicago or
store
> W> them locally. I had not
> W> wanted to use the bw so I was just storing them local, he erased the
drive
> W> deleteing my
> W> backups.
>
> W> I do it this way as I feel the hardware is cheap enough to have an
external
> W> drive on each
> W> box for backup purposes.
>
> W> Bill
> >>
> >> Jeff
> >> --
> >> Jeff Lasman <jblists@xxxxxxxxxxxxx>
> >> Linux and Cobalt/Sun/RaQ Consulting
> >> nobaloney.net
> >> P. O. Box 52672, Riverside, CA 92517
> >> voice: (909) 778-9980 * fax: (702) 548-9484
> >>
> >> _______________________________________________
> >> cobalt-users mailing list
> >> cobalt-users@xxxxxxxxxxxxxxx
> >> To Subscribe or Unsubscribe, please go to:
> >> http://list.cobalt.com/mailman/listinfo/cobalt-users
> >>
>
> W> _______________________________________________
> W> cobalt-users mailing list
> W> cobalt-users@xxxxxxxxxxxxxxx
> W> To Subscribe or Unsubscribe, please go to:
> W> http://list.cobalt.com/mailman/listinfo/cobalt-users
>
>
>
> --
> Kind regards,
>
> Aussie Hosts
> An EDIT Group Division
> support@xxxxxxxxxxxxxxx
>
> Wednesday, January 02, 2002 9:39:55 AM
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>