[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Hacked?

Subject: [cobalt-users] Hacked?
From: Paul Warner <pwarner@xxxxxxxxxxxxxxxxxx>
Date: Tue Sep 24 05:47:30 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

Strange entries in the apache this morning...looked through all I know to
check and see no evidence that it was successful.  Netstat, logs, chkrootkit
output all seem normal.  Anything else obvious I should check?  The
following sequence was repeated 30 minutes later from another netblock
(first .jp and second .lt)

[Tue Sep 24 03:01:12 2002] [error] [client xxx.xxx.xxx.xxx] client sent
HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Tue Sep 24 03:01:12 2002] [error] [client xxx.xxx.xxx.xxx] client sent
HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Tue Sep 24 03:01:12 2002] [error] [client xxx.xxx.xxx.xxx] client sent
HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Tue Sep 24 03:01:12 2002] [error] [client xxx.xxx.xxx.xxx] client sent
HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Tue Sep 24 03:01:20 2002] [error] mod_ssl: SSL handshake failed (server
yyy.yyy.yyy.yyy:443, client xxx.xxx.xxx.xxx) (OpenSSL library error follows)
[Tue Sep 24 03:01:20 2002] [error] OpenSSL: error:1406908F:SSL
routines:GET_CLIENT_FINISHED:connection id is different
[Tue Sep 24 03:01:21 2002] [notice] child pid 27426 exit signal Segmentation
fault (11)

Follow-Ups:
- Re: [cobalt-users] Hacked?
  - From: Dave Thurman (Mailing List Email)
- Re: [cobalt-users] Hacked?
  - From: roland

Prev by Date: RE: [cobalt-users] [RAQ4] Howto Convert kbp/s into GB's ?
Next by Date: [cobalt-users] FYI - Heres why CobaltBandaid is down
Previous by thread: Re: [cobalt-users] Hacked?
Next by thread: Re: [cobalt-users] Hacked?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index