[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] I've been Haq'd
- Subject: RE: [cobalt-users] I've been Haq'd
- From: "Peter Masloch" <peter@xxxxxxxxxxx>
- Date: Thu Jul 4 10:41:54 2002
- Organization: EasyniX Consulting
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
Looks like this guy got root access. He also might have
Done some other things, difficult to tell.
My advice: restore the OS from CD.
Peter
> Oh well I guess sooner or later my server would be haqd
>
> Symptoms
>
> index.html is renamed 'old' and everything else moved into
> and 'old' directory.
>
> a jpg is uploaded (FTP?) which says fs aka freestyler owned you
>
> This guy appears to be widespead with his support Israel graffiti.
>
> Whilst I was away from my desk, my customer who essentially
> owns the box called the colo who installed cobalt security
> patches and now I can't SSH - System doesnt respond. Turn
> Telnet back on but all I get is
>
> Cobalt Linux release 6.0 (Shinkansen-Decaf)
> Kernel 2.2.16C32_III on an i586
>
> and then it hangs.
>
> Is it known whether this bozo interferes elsewhere in the
> system, i.e. does he 'own' it or is it graffiti.
>
> Should I reinit the whole system, install patches from the
> bottom and then hope that the CMUimport works on my nightly backup?
>
> Thoughts please friends??
>
>
> Every Blessings
>
> Revd Leonard
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt> -users
>
>