[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] I've been hacked

Subject: RE: [cobalt-users] I've been hacked
From: "Paul Alcock" <webmgr@xxxxxxxxxxxxxxxxxx>
Date: Fri Jun 21 12:13:01 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

> You have to run a portscan on your server. It also is possible
> that the intruder has created an account for himself. Check the file
> /etc/group. Look if there is a username/groupname you don'e know of.

Hey guys, on the same subject, do these (on a RAQ2) look normal.
It's the adm that I don't recognize and wonder if it's a system 
user.
Anyone got any comments on these ??

These were found in my /etc/group.
...
adm:x:4:root,adm,daemon
...
site-adm:x:111:
...

TIA.
Paul.

Follow-Ups:
- RE: [cobalt-users] I've been hacked
  - From: Peter Masloch

References:
- RE: [cobalt-users] I've been hacked
  - From: Peter Masloch

Prev by Date: [cobalt-users] Re:Apache Chunked Vulnerability and Cobalt servers
Next by Date: RE: [cobalt-users] I've been hacked
Previous by thread: RE: [cobalt-users] I've been hacked
Next by thread: RE: [cobalt-users] I've been hacked

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index