[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] I've been hacked

Subject: Re: [cobalt-users] I've been hacked
From: "wcstaff" <wcstaff@xxxxxxxxxxxx>
Date: Fri Jun 21 05:14:02 2002
Organization: WebCoast
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

?How does one turn off telnet and implement ssh. We have ssh installed on
the raq 4 r systems.

----- Original Message -----
From: "Gavin Nelmes-Crocker" <cobalt@xxxxxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Friday, June 21, 2002 7:08 AM
Subject: RE: [cobalt-users] I've been hacked


> > Someone got into my Raq4 last night and dropped a new home
> > page with one graphic file onto 2 sites. I has OS2, the
> > latest PHP, webmail and webalized from pkgmastrer.com running
> > on the server, but that was about it. To combat the problem,
> > I changed the servers passwords right away before I put in
> > the latest patches, and I was hacked again before the latest
> > patches went in, including the Security Bundle 2.0.1. I
> > changed the passwords again.
> >
> > I am not seeing where the person got in. Any thoughts?
>
> First off once you've been hacked - that's it its best to move all the
> sites onto another RaQ rebuild that RaQ install all patches and then
> connect back to the net.  One of the first things a hacker does when
> they get in is to make sure they can get in again later even if you
> change passwords install patches etc its called a backdoor and it could
> be anywhere.
>
> If the hacker is good you may never really be sure how they got in - I
> believe there are crime units who will look into it but you have to keep
> the hard drive as it is for them and the chances are that not much will
> happen so its probably best just to accept it as part of the rich
> tapestry of the internet and get on with it.
>
> Next once you have restored your RaQ patched it up to date installed
> your pkgs from pkgmaster then install portsentry either from sources
> (plenty of info in the archive) or pkg if you want from
> www.cobaltworld.com then downloads then install logcheck (again look in
> the archives) make sure you turn off telnet and install SSH from
> pkgmaster and then edit the sshd_conf in /etc and only allow ssh2 to
> connect and then finally on your main site issue a self signed
> certificate which will allow all your customers to access their admin
> pages as https:// they will get a non trusted warning but at least they
> can look at the cert see its from you and know its ok better than having
> your passwords sniffed.
>
> I think that's all for now should keep you occupied for today, I'm sure
> some others will have some views as well if I have missed anything out.
>
> Gavin
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>
>

Follow-Ups:
- Re: [cobalt-users] I've been hacked
  - From: Jonothon Ortiz

References:
- RE: [cobalt-users] I've been hacked
  - From: Gavin Nelmes-Crocker

Prev by Date: Re: [cobalt-users] Urgent - Fans needed
Next by Date: My Apologies.... was: [cobalt-users] Cobalt Slam Dunk Members Photo Album
Previous by thread: RE: [cobalt-users] I've been hacked
Next by thread: Re: [cobalt-users] I've been hacked

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index