[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] My Server has been hacked

I would try to get in touch with your provider and have
the password on the box changed directly on the rack.

I also use the rack remotely, so I don't know the exact
procedure, but If I remember correctly, you can press
a combination of buttons on the rack which resets the passwords for
both ADMIN and ROOT

Cheers,

Dave.


----- Original Message -----
From: "Richard Proctor" <Richard@xxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Monday, March 10, 2003 3:26 PM
Subject: [cobalt-users] My Server has been hacked


> My RaQ4 has been hacked.  It will ultimately need to be reloaded, but
> waiting for the support at where I lease it from, to respond, is like
waiting
> for the next ice age.
>
> The hack left normal SSH suspended and killed off all normal cobalt admin
> access, and left a backdoor open on port 6662.  I have managed to access
> it through that port as admin, but can't su to root - I suspect the
hackers
> have changed it :-( ftp as admin also still works.  All my customer sites
are
> apparently operating normally, other than the lack of siteadmin for them.
>
> Does anybody know anyway to gain better control of the machine?  I would
like
> to save as much info as I can prior to the reload (and to stop whatever
> dubious use the hackers may use the machine for in it's present form).
>
> Richard
>
> --
> Personal     Richard@xxxxxxxxxxx            http://www.waveney.org
> Telecoms     Richard@xxxxxxxxxxxxxxxxxxxxx
http://www.WaveneyConsulting.com
> Web services Richard@xxxxxxxxxxx            http://www.wavwebs.com
> Independent Telecomms Specialist, ATM expert, Web Analyst & Services
>
> _____________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>