[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] My Server has been hacked

Subject: RE: [cobalt-users] My Server has been hacked
From: aljuhani <aljuhani@xxxxxxxxx>
Date: Mon Mar 10 06:53:01 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

Hello Richard,

What makes you think that your system is hacked?
Port 6662 is for Internet Relay Chat (IRC).  Have you checked remaining space 
on your partitions?

What Firewalls (IPchains, Portsentry, etc) installed.  I think you can access 
the logs at /var/log/ and tail them with admin.

Need to know more info from the logs.  Plus have you installed the latest SSH 
from pkgmaster.com?

aljuhani@xxxxxxxxx

>===== Original Message From cobalt-users@xxxxxxxxxxxxxxx =====
>My RaQ4 has been hacked.  It will ultimately need to be reloaded, but
>waiting for the support at where I lease it from, to respond, is like waiting
>for the next ice age.
>
>The hack left normal SSH suspended and killed off all normal cobalt admin
>access, and left a backdoor open on port 6662.  I have managed to access
>it through that port as admin, but can't su to root - I suspect the hackers
>have changed it :-( ftp as admin also still works.  All my customer sites are
>apparently operating normally, other than the lack of siteadmin for them.
>
>Does anybody know anyway to gain better control of the machine?  I would like
>to save as much info as I can prior to the reload (and to stop whatever
>dubious use the hackers may use the machine for in it's present form).
>
>Richard

Prev by Date: Re: [cobalt-users] My Server has been hacked
Next by Date: Re: [cobalt-users] MailScanner and SpamAssassin RAQ550
Previous by thread: Re: [cobalt-users] My Server has been hacked
Next by thread: [cobalt-users] Mx error

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index