[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] I've Been Hacked

Subject: RE: [cobalt-users] I've Been Hacked
From: "E.B. Dreger" <eddy+public+spam@xxxxxxxxxxxxxxxxx>
Date: Sun Apr 13 09:23:01 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

HN> Date: Sun, 13 Apr 2003 16:23:50 +0100
HN> From: H.P. Noordam


HN> many hacks seem to be related to scripts or kits for shich
HN> shell access is required, if you offered shell access, a
HN> close look at the logs and abnornmal binaries is a good
HN> start.

s/many/some/


HN> anyone seen raq hacks done withhout shell access ? (other
HN> then bad admin passwd) ?

Of course.  I've seen many.  Remote holes in BIND, Apache,
OpenSSL, OpenSSH, Sendmail... the list goes on.  I actually see
more hacks from remote exploits than local ones.

FWIW, if you're worried about shell access, don't allow your
customers to supply CGIs.


Eddy
--
Brotsman & Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 (785) 865-5885 Lawrence and [inter]national
Phone: +1 (316) 794-8922 Wichita

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@xxxxxxxxx>
To: blacklist@xxxxxxxxx
Subject: Please ignore this portion of my mail signature.

These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist@xxxxxxxxx>, or you are likely to
be blocked.

References:
- RE: [cobalt-users] I've Been Hacked
  - From: H.P. Noordam

Prev by Date: RE: [cobalt-users] Solarspeed's Spam Filter
Next by Date: Re: [cobalt-users] Port 25 Email blocked by ISP
Previous by thread: RE: [cobalt-users] I've Been Hacked
Next by thread: Re: [cobalt-users] Raq 2 Smart Relay ...Help ...

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index