[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] Major Qube 3 update expected soon...

Subject: [cobalt-users] Major Qube 3 update expected soon...
From: "Phil Lewis" <phil@xxxxxxxxxxxxxxxxxx>
Date: Fri Feb 22 17:22:01 2002
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Major Qube 3 update expected soon...
I'm wondering if anyone knows when this update will be out.  I'm really
looking forward to it.  Right now, my users cannot authenticate for VPN, and
I'm hoping this patch / update fixes that.

Phil Lewis


-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of
cobalt-users-request@xxxxxxxxxxxxxxx
Sent: Friday, February 22, 2002 1:17 PM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: cobalt-users digest, Vol 1 #4069 - 13 msgs


Send cobalt-users mailing list submissions to
	cobalt-users@xxxxxxxxxxxxxxx

To subscribe or unsubscribe via the World Wide Web, visit
	http://list.cobalt.com/mailman/listinfo/cobalt-users
or, via email, send a message with subject or body 'help' to
	cobalt-users-request@xxxxxxxxxxxxxxx

You can reach the person managing the list at
	cobalt-users-admin@xxxxxxxxxxxxxxx

When replying, please edit your Subject line so it is more specific
than "Re: Contents of cobalt-users digest..."


Today's Topics:

   1. Re: Open LDAP howto ? (kaneda K)
   2. RE: Error message from cron.daily - PLEASE ENLIGHTEN (Curtis Ross)
   3. Re: FS and Question about the resale value of used Raq 3 and Raq 4
servers (Steve Werby)
   4. RE: RE: No.. No... Not hosting on cable... (BSmith@xxxxxxxxxxx)
   5. Re: RE: No.. No... Not hosting on cable... (Steve Werby)
   6. Ok.  I have been hacked and I have the .bash_history that shows how it
was done (Jane Meeker)
   7. Re: ssh stopped working and can't login as root (Wayne Sagar)
   8. RE: Ok.  I have been hacked and I have the .bash_history that shows
how it was done (Gavin Nelmes-Crocker)
   9. Entrust Chain Certificate [Raq4r] (Jonathan Alstead)
  10. Re: Ok. I have been hacked and I have the .bash_history that shows how
it was done (Gerald Waugh)
  11. RE: Ok.  I have been hacked and I have the .bash_history that shows
how it was done (Dan Kriwitsky)
  12. cURL (Chris Calabrese)
  13. Cobra rootkit FYI (Jane Meeker)

--__--__--

Message: 1
From: kaneda K <kaneda@xxxxxxxxxxxxxxxxxxxx>
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-users] Open LDAP howto ?
Date: Fri, 22 Feb 2002 16:18:36 +0100
Reply-To: cobalt-users@xxxxxxxxxxxxxxx

Le Vendredi 22 Février 2002 14:47, vous avez écrit :
> >  I like to use LDAP authentification to allow user with the
> > same name but on
> > differrent virtual host to existe.
> > I have looked into /etc/pam.d/ and see "*.master" files, what
> > are they ? I wonder how i can set the LDAP server to allow
> > site1:webmaster and
> > site2:webmaster to existe on the same server.
>
> You might be able to, I don't know if it's been done, but you will
> probably affect something and void any Cobalt warranty.
> I also don't see the point and IIRC it won't work for FTP unless each
> site has a unique IP. Why take away a level of security in having random
> letter+number user names and use webmaster as an email alias, if wanted?

The choice of user com.exemple+username instead of toto1245E is a pure
choise
of (theorical) symplicity.

I am looking toward pam + openLdap but yet I am not sure i would work.


--__--__--

Message: 2
Subject: RE: [cobalt-users] Error message from cron.daily - PLEASE ENLIGHTEN
Date: Fri, 22 Feb 2002 10:02:55 -0700
From: "Curtis Ross" <Curtis_Ross@xxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Reply-To: cobalt-users@xxxxxxxxxxxxxxx

>
> I received this in my email from the server this morning.  Everything
seems
> to be functioning normally SSH, SMTP, POP, HTTP, The GUI.
>
> I looked in the archives and found this
> http://list.cobalt.com/pipermail/cobalt-users/2001-August/051066.html
>
> It doesn't give an answer as to what is actually happening and if I am
> looking at a problem here.  If anyone can give me a little insight
here I
> would appreciate it very much.
>
> Kody
>
> NOTICE:  Rel pg_type: TID 3/6: InsertTransactionInProgress 2424202 -
can't
> shrink relation
> NOTICE:  Rel pg_attribute: TID 23/29: InsertTransactionInProgress
2424202 -
> can't shrink relation
<snip>

Not exactly sure but I think it has to do with your Postgress being in
use when the vacuumdb script runs. Hope this helps.

Curtis


--__--__--

Message: 3
From: "Steve Werby" <steve-lists@xxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Cc: "\"Eduardo Seudonimo\"" <ohdamnthathurts@xxxxxxxxx>
Subject: Re: [cobalt-users] FS and Question about the resale value of used
Raq 3 and Raq 4 servers
Date: Fri, 22 Feb 2002 12:03:29 -0500
Reply-To: cobalt-users@xxxxxxxxxxxxxxx

"Eduardo Seudonimo" <ohdamnthathurts@xxxxxxxxx> wrote:
> My company has 14 raq3, 1 raq4 and box labeled 'secureworks'
> which looks like a rebranded raq 3/4. We are interested in selling
> these items. Each one of these is working and has had fresh O/S
> installed from a restore CD. Does anyone know what a fair
> price would be for these items?

Ebay listings are a good gauge of market prices.

> What would be a good venue for selling them?

Ebay.  Or list them on your company website.  Also, the isp-equipment
mailing list at isp-equipment.com.  Maybe the bottom advertising forum at
webhostingtalk.com.

> We thought of Ebay but it seems like a headache.

It's probably your best bet.

> We'd rather have some hardware liquidator make us an
> offer. If anyone is interested, we're in the central New
> Jersey area.

Expect that a liquidator might give you half of the market price at best.
After all, they're likely going to sell at or below market and have to make
some profit.  If you're leaning that way, you're probably interested in
selling at a price range at which I may be interested in some units.
Contact me off-list if you'd like.  Email through the contact form on the
site in my sig will get to me a lot quicker than email to my list email
address.

--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/



--__--__--

Message: 4
From: BSmith@xxxxxxxxxxx
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: RE: [cobalt-users] RE: No.. No... Not hosting on cable...
Date: Fri, 22 Feb 2002 12:19:40 -0500
Reply-To: cobalt-users@xxxxxxxxxxxxxxx

Just my two sense about cable networks.

The only way you can sniff traffic on a cable is to purchase like a 10k
product that will be able to decode MPEG packets.  The reason why I say this
is because IP traffic DOES NOT flow over your cable lines.  Your DOCSIS 1.1
Compliant modem turns them essentially into video traffic and it gets
transported that way.  Sure cable modems share the same bandwidth as every
other user.  But stop and think about it for it a minute.  Unless you are
doing a point to point T1 from SITE to SITE (private T1) doesn't that T1
share bandwidth with whomever your pulling from?  Yes is does.  So, if your
ISP has a DS3 (45mb) link to the world, and has twenty T1s he is selling to
customers, they all share the same pipe.  Btw, Time Warner, when they have
their Business Class, they do put it on a different NODE, so no you would
NOT share the same bandwidth.

Like I said, just my two sense about Cable Modems :)

Cheers,

Brian Smith.

-----Original Message-----
From: Nicolae [mailto:nicolaep@xxxxxxxxxxxxxxxxxx]
Sent: Friday, February 22, 2002 3:23 AM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: [cobalt-users] RE: No.. No... Not hosting on cable...


> -- __--__--
>
> Message: 6
> Date: Thu, 21 Feb 2002 09:16:31 -0700 (MST)
> From: Brent Sims <bs@xxxxxxxxxxx>
> To: <cobalt-users@xxxxxxxxxxxxxxx>
> Subject: Re: [cobalt-users] How many can I host on a T1 Line (Cobalt 4)
> Reply-To: cobalt-users@xxxxxxxxxxxxxxx
>
> On Thu, 21 Feb 2002, Nicolae wrote:
>
> } Although Business CABLE Modem program might just appear in my
> neighborhood.
> } I just wish they get it out sooner.  For extra a month they will provide
> } higher speed Cable access for business usage.  If I get T1 access via
> } my Cable company using their Business program for about $150/month I
> } wouldn't mind using them.
>
> Hi Nicolae,
>
> 	I think it important for you to know that you are not
> talking T1 here but Cable. There's a huge difference beyond that
> which is obvious. Cable technology is very similar to that which is
> used to create a network in a home, office or a data center.
> Basically, "neighborhood" groups of Cable users share something akin
> to a port on a Ethernet hub or switch. Regardless of what the label
> "Business" may imply, realize that every user in the group that your
> cable connection is in will have the kind of access to your bit
> stream that will allow them to easily sniff traffic and passwords.
> Even the like's of SSH won't protect you. I have a sniffer here
> which will sniff the ports on all of our switches and across
> the switches themselves and which gives me the plain text version of
> more than enough supposedly secured passwords to make it more than a
> bit difficult for me to sleep at night.
>
> 	I'm not saying that you shouldn't do this. Quite the
> contrary in fact. We started on a DSL connection and today, just
> three years or so later, we've got better connectivity and more
> of it than all the local ISPs that helped us get here have. Knock
> yourself out, and the best of luck to you. If I, a complete idiot,
> can do it someone as sharp as you won't have a bit of trouble. I am,
> however, suggesting that if you are going to be getting paid for
> hosting web sites than you really ought to be thinking about at
> least starting with a T1 kind of T1 and a real network behind it.
> Today a nice solid fractional T1, powered by a reputable National
> provider can be had for about the same price as the DSL connection
> we started on - which wasn't a whole lot more than that Cable
> connection you envision is going to cost you.


No... No.. mis-communication here. I am not looking to host on cable
or ever, but thought about it.  I am at home PC running Time Warner
cable connection to browse the internet.  I use a data-center
in Virnginia (I am in Calif) and have a leased Cobalt 4 Raq
unit in their data center.  I am complaining about the speed I get
from them and it is because it's slow.  I get faster speeds on
my cable than these guys in the datacenter.

Thanks to David Lucas on this mailing list.  He pointed me to
dslreports.com which I have used in the past for dsl but never
knew they do monitoring and such.  I activated an account for
traffic monitoring stuff and here is the link.

http://www.dslreports.com/monitored/pp/65.170.79.187

I don't know much about the stats but I think its slow based on
what people say.  I also opened up 3, 4 and 6 windows
donloading the file: http://www.mp3bynet.com/xtunnel.zip to
test out the speed.  It dropped to 12kbps.  I get 300-600kbps
from download.com or other various sites.

I think the reports I get above from DSLReports might be able
to tell my ISP that something is wrong and their new T1 Line
they got in the datacenter is not really helping...

My unit is empty with parked sites.  No major traffic. Hardly any.

I am only hosting sites for cleints I design their site for.
I might as well lease a cobalt for 150/month and host 15-20
sites pay the bill and also park my 10 or so domains also.

Maybe smeone can shed a light on this report:
http://www.dslreports.com/monitored/pp/65.170.79.187
Let me know what you think... you can email me
or reply here...

Hmmm I'll do more reading on packet sniffing...
I thought Win2K Server came with one to monitor
incomming and outgoing packets.... but that's
an entire new thing for me to learn/understand
what they are and so on...

--
EnigmaNetworks.com
nicolaep@xxxxxxxxxxxxxxxxxx
graphic/print/design/internet

_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users


--__--__--

Message: 5
From: "Steve Werby" <steve-lists@xxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Subject: Re: [cobalt-users] RE: No.. No... Not hosting on cable...
Date: Fri, 22 Feb 2002 08:45:53 -0500
Reply-To: cobalt-users@xxxxxxxxxxxxxxx

"Nicolae" <nicolaep@xxxxxxxxxxxxxxxxxx> wrote:
> No... No.. mis-communication here. I am not looking to host on cable
> or ever, but thought about it.  I am at home PC running Time Warner
> cable connection to browse the internet.  I use a data-center
> in Virnginia (I am in Calif) and have a leased Cobalt 4 Raq
> unit in their data center.  I am complaining about the speed I get
> from them and it is because it's slow.  I get faster speeds on
> my cable than these guys in the datacenter.

Who are they and what are they promising you in terms of speed?  Perhaps you
can send the URL on or off-list.  Without knowing what you're supposed to be
getting I don't know if it's a misunderstanding, their promises are
misleading or confusing, they're lying, there's a technical problem, etc.
Incidentally, I live in Virginia.  Like you, hosting is a side effect of my
business (focus on web programming and server administration), but I know a
bit about a few of the bigger hosting companies based here.

>
> Thanks to David Lucas on this mailing list.  He pointed me to
> dslreports.com which I have used in the past for dsl but never
> knew they do monitoring and such.  I activated an account for
> traffic monitoring stuff and here is the link.
>
> http://www.dslreports.com/monitored/pp/65.170.79.187
>
> I don't know much about the stats but I think its slow based on
> what people say.

It's a MRTG report of ping times.  And except for the spike at about 10 PM
they look pretty good to me.

> I also opened up 3, 4 and 6 windows
> donloading the file: http://www.mp3bynet.com/xtunnel.zip to
> test out the speed.  It dropped to 12kbps.  I get 300-600kbps
> from download.com or other various sites.

12kbps per connection or 12kbps total across all 6 connections?  From what
you're saying, it's fair to say that your cable modem speed is good.  I just
downloaded your file from a RaQ4 of mine leased from a low cost data center
at a rate of 131.41 KB/s.  For comparison, I just downloaded
ftp://ftp.gnu.org/gnu/binutils/binutils-2.10.1.tar.gz in 461.21 KB/s on the
same server.  That's kiloBYTES per second.  Jeff Lasman already alluded to
the difference between a kiloBYTE and a kiloBIT, but I'll go into more
detail.  A byte is equal to 8 bits.  A T1 is equivalent to 1.54 megabits per
second.  Divide that by 8 and you'll see that a T1 is equivalent to 0.19
megabytes per second.  There are 1,024 kiloBYTES in a megaBYTE so a T1 is
equivalent to 197 kiloBYTES per second.  So I was able to download a file
off of your server at a rate equivalent to 2/3 of a T1.  Not bad,
considering everything that can affect transmission speed between 2 points
and the fact that it's possible other data was being sent from your server
at the same time.

> I think the reports I get above from DSLReports might be able
> to tell my ISP that something is wrong and their new T1 Line
> they got in the datacenter is not really helping...

Well, ping response time will have little to do with the size of the pipe
they have.  In any case, did they get a new T1 line for you only?  Or are
you sharing it with other customers' servers?

> My unit is empty with parked sites.  No major traffic. Hardly any.
>
> I am only hosting sites for cleints I design their site for.
> I might as well lease a cobalt for 150/month and host 15-20
> sites pay the bill and also park my 10 or so domains also.

True.  Unless you have mission critical sites and/or sites doing large
volumes of ecommerce.  Then downtime is costly and it's important to be able
to handle burst of traffic.  I assume from your statement above that you're
paying much more than $150 per month.  If so, maybe you're not getting your
money's worth.  There are other hosting companies in your range that may be
worth considering.

HTH,

--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/



--__--__--

Message: 6
From: "Jane Meeker" <meeker45@xxxxxxxxxxx>
To: cobalt-users@xxxxxxxxxxxxxxx
Date: Fri, 22 Feb 2002 18:17:35 +0000
Subject: [cobalt-users] Ok.  I have been hacked and I have the .bash_history
that shows how it was done
Reply-To: cobalt-users@xxxxxxxxxxxxxxx

This is great.  I have the complete transcript of what happened.  In the
.bash_history I have where the hacker went to get his tar.gz files and how
he/she used them.

I downloaded all the tar.gz files that the hacker downloaded and I have the
yahoo account he/she used to mail files to.  So now what do I do?

_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com


--__--__--

Message: 7
From: "Wayne Sagar" <shortfork@xxxxxxxxxxx>
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-users] ssh stopped working and can't login as root
Date: Fri, 22 Feb 2002 10:25:17 -0800
Reply-To: cobalt-users@xxxxxxxxxxxxxxx

>Wayne,
>did you make a typo, shouldn't that be
>  "change this to only 2"

Arguh Gerald.. yes, that is a typo and dammy there is no way to expunge it
from the archives so I will respond for clarity.. VERSION 2 or PROTOCOL 2
only is what is needed..

Thanks and sorry for the confusion!!

Wayne

_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com


--__--__--

Message: 8
From: "Gavin Nelmes-Crocker" <cobalt@xxxxxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Subject: RE: [cobalt-users] Ok.  I have been hacked and I have the
.bash_history that shows how it was done
Date: Fri, 22 Feb 2002 18:56:04 -0000
Reply-To: cobalt-users@xxxxxxxxxxxxxxx

> This is great.  I have the complete transcript of what happened.  In the
> .bash_history I have where the hacker went to get his tar.gz
> files and how
> he/she used them.
>
> I downloaded all the tar.gz files that the hacker downloaded and
> I have the
> yahoo account he/she used to mail files to.  So now what do I do?

Not a very clever hacker then assuming they don't read this list I would
call your local police department and hand the info over in the UK we have a
special computer sqad for this sort of thing.  Of course that doesn't mean
anything will get done so you could just ignore it rebuild the server apply
all patches and get back to work.

More interesting for the list is do you have any idea how you were hacked -
was the box fully patched, do you use ssh instead of telnet and was telnet
turned off do you use ssl for the admin pages.

Gavin


--__--__--

Message: 9
From: "Jonathan Alstead" <jjma@xxxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Date: Fri, 22 Feb 2002 19:18:19 -0000
Subject: [cobalt-users] Entrust Chain Certificate [Raq4r]
Reply-To: cobalt-users@xxxxxxxxxxxxxxx

Hi,

I received the chain certificate and installed it as per
http://list.cobalt.com/pipermail/cobalt-users/2001-April/042142.html but
the older browser like Netscape 4.05 still prompt with a certificate expired
box? Contacted entrust and they said it was a cobalt
issue and as cobalt wouldn't give them any ideas of resolving this they
couldn't help!

So tried copying chain cert to /etc/httpd/conf/entrustchaincert.txt
Edited httpd.conf to look like:
SSLCACertificateFile /etc/httpd/conf/entrustchaincert.txt
restarted apache, no luck?

Can anyone help as this certificate already has taken a month to be issued
....?

Thanks

ja


--__--__--

Message: 10
From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-users] Ok. I have been hacked and I have the
.bash_history that shows how it was done
Date: Fri, 22 Feb 2002 13:50:00 -0500
Reply-To: cobalt-users@xxxxxxxxxxxxxxx

On Fri, 22 Feb 2002, Jane Meeker wrote:
> This is great.  I have the complete transcript of what happened.  In the
> .bash_history I have where the hacker went to get his tar.gz files and how
> hhe/she used them.
>
> I downloaded all the tar.gz files that the hacker downloaded and I have
the
> yahoo account he/she used to mail files to.  So now what do I do?

I suppose call the FBI (joking)
It would be very informative for the list for you to tell us how they got
in.
Because you were running a version of ssh earlier than OpenSSH_3.0.2p1
Because you sere running a version of bind earlier than 8.2.3
Don't be bashful, let us know ;-)
--
Gerald Waugh


--__--__--

Message: 11
From: "Dan Kriwitsky" <webhosting@xxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Subject: RE: [cobalt-users] Ok.  I have been hacked and I have the
.bash_history that shows how it was done
Date: Fri, 22 Feb 2002 13:58:02 -0500
Reply-To: cobalt-users@xxxxxxxxxxxxxxx

> I downloaded all the tar.gz files that the hacker downloaded
> and I have the
> yahoo account he/she used to mail files to.  So now what do I do?
>
Take the server off-line. Download all the proof and log files.
Reinstall. Call the FBI.
--
Dan Kriwitsky




_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com


--__--__--

Message: 12
From: "Chris Calabrese" <webmaster@xxxxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Date: Fri, 22 Feb 2002 12:07:31 -0800
Subject: [cobalt-users] cURL
Reply-To: cobalt-users@xxxxxxxxxxxxxxx

Is there any chance that cURL is included in the PHP 4.0.6 upgrade from
pkg.nl.cobalt.com? If not, does anyone have any suggestions on the best way
to install it on a RaQ 4? Would it be best to try and compile it from
source, or would it be okay to grab an RPM from rpmfind.net and install it
that way?

I searched the archives and found a few things, but nothing specific.

~ Chris Calabrese



--__--__--

Message: 13
From: "Jane Meeker" <meeker45@xxxxxxxxxxx>
To: cobalt-users@xxxxxxxxxxxxxxx
Date: Fri, 22 Feb 2002 20:22:47 +0000
Subject: [cobalt-users] Cobra rootkit FYI
Reply-To: cobalt-users@xxxxxxxxxxxxxxx

This is what I got hacked with...


#!/bin/bash
#
# Cobra's internatl rootkit release 2002
# inspired from tk but fixed a lot of shits
# and added new ones to suite our needs.
# patched ./pg coz it was buggy on tkv8
# urgent release due to x2 SSHD vulnerability
# SSHD patched in this version so dont try
# ./x2 -t 1 victim port any more ;)
# hax0r w1th th1s as much as u want...



_________________________________________________________________
MSN Photos is the easiest way to share and print your photos:
http://photos.msn.com/support/worldwide.aspx



--__--__--

_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-users


End of cobalt-users Digest
Follow-Ups:
- Re: [cobalt-users] Major Qube 3 update expected soon...
  - From: Malcolm McLeary
Prev by Date: Re: [cobalt-users] Fixed: CGIWrap problem but I don't understand
Next by Date: Re: [cobalt-users] RAQ4 OSUpdate 2
Previous by thread: RE: [cobalt-users] X-Windows on Raq 4r
Next by thread: Re: [cobalt-users] Major Qube 3 update expected soon...
Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index