[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] My Server has been hacked

Subject: [cobalt-users] My Server has been hacked
From: Richard Proctor <Richard@xxxxxxxxxxx>
Date: Mon Mar 10 06:31:00 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

My RaQ4 has been hacked.  It will ultimately need to be reloaded, but
waiting for the support at where I lease it from, to respond, is like waiting
for the next ice age.

The hack left normal SSH suspended and killed off all normal cobalt admin
access, and left a backdoor open on port 6662.  I have managed to access
it through that port as admin, but can't su to root - I suspect the hackers
have changed it :-( ftp as admin also still works.  All my customer sites are
apparently operating normally, other than the lack of siteadmin for them.

Does anybody know anyway to gain better control of the machine?  I would like
to save as much info as I can prior to the reload (and to stop whatever
dubious use the hackers may use the machine for in it's present form).

Richard

-- 
Personal     Richard@xxxxxxxxxxx            http://www.waveney.org
Telecoms     Richard@xxxxxxxxxxxxxxxxxxxxx  http://www.WaveneyConsulting.com
Web services Richard@xxxxxxxxxxx            http://www.wavwebs.com
Independent Telecomms Specialist, ATM expert, Web Analyst & Services

Follow-Ups:
- Re: [cobalt-users] My Server has been hacked
  - From: dcrudo

Prev by Date: AW: [cobalt-users] Raq550: Port Scans - need help
Next by Date: RE: [cobalt-users] MailScanner and SpamAssassin RAQ550
Previous by thread: Re: [cobalt-users] MailScanner and SpamAssassin RAQ550
Next by thread: Re: [cobalt-users] My Server has been hacked

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index