RE: [cobalt-users] I've been hacked

["Peter Masloch" <peter@xxxxxxxxxxx>]

Download Putty from here:
http://www.chiark.greenend.org.uk/~sgtatham/putty/

You have to run a portscan on your server. It also is possible
that the intruder has created an account for himself. Check the file
/etc/group. Look if there is a username/groupname you don'e know of.
Look ate your logfiles in /var/log (messages, secure), look in the 
logfiles for admin_access (probably in /etc/httpd/log).
Change the passwords from all known users and admin. Use non dictionary
passwords.
Peter


>Thanks,
>Then what do I do to access the box via telnet?
>And where do I get ssh for windows?
>
>----- Original Message -----
>From: "Wood, Bradley" <Bradley.Wood@xxxxxxxxxxxxxxxxxxxx>
>To: <cobalt-users@xxxxxxxxxxxxxxx>
>Sent: Friday, June 21, 2002 8:20 AM
>Subject: RE: [cobalt-users] I've been hacked
>
>
>>
>>
>> > -----Original Message-----
>> > From: wcstaff [mailto:wcstaff@xxxxxxxxxxxx]
>> > Sent: 21 June 2002 13:13
>> > To: cobalt-users@xxxxxxxxxxxxxxx
>> > Subject: Re: [cobalt-users] I've been hacked
>> >
>> >
>> > ?How does one turn off telnet and implement ssh. We have ssh
>> > installed on
>> > the raq 4 r systems.
>>
>> edit /etc/inetd.conf and put a # before the line that says "telnet"
>>
>> then do
>>
>> killall -HUP inetd
>>
>>
>>
>> Our network may monitor outgoing and incoming e-mail 
>messages for security
>and customer service purposes,
>> but this e-mail is confidential. Please notify the sender 
>immediately if
>you receive it in error, and then delete it. Thank you.
>>
>> _______________________________________________
>> cobalt-users mailing list
>> cobalt-users@xxxxxxxxxxxxxxx
>> To Subscribe or Unsubscribe, please go to:
>> http://list.cobalt.com/mailman/listinfo/cobalt-users
>>
>>
>
>_______________________________________________
>cobalt-users mailing list
>cobalt-users@xxxxxxxxxxxxxxx
>To Subscribe or Unsubscribe, please go to:
>http://list.cobalt.com/mailman/listinfo/cobalt-users
>
>