[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] (no subject)

Subject: [cobalt-users] (no subject)
From: John K Mitchell <johnm@xxxxxxxxxxxxxxxxxxxx>
Date: Fri Sep 19 10:06:01 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

Hi there

I have just had a message from my server supplier that :-

"After further investigations we have found your server to have beenhacked, to protect the rest of our network we have taken your server offline. T


We found these files to have been replaced on xxx.xxx.xxx.xxx.

S.5..... /bin/netstat
S.5..... /sbin/ifconfig
S.5..... /usr/bin/pstree
S.5..... /usr/bin/find
SM5..... /bin/ps
SM5..... /usr/bin/top
S.5..UGT /usr/bin/ftpcount
S.5..UGT /usr/bin/ftpwho
S.5..UGT /usr/bin/ftpshut

Furthermore, there's an IRC bot running on the server in /usr/man/managand the source file is bhbp.tar.gz


./shell.sh
./bot1.up
./lpdi sezam
./clean "

They are offering to rebuild the server for me - any ideas whether thisis needed - I've tried several searches in Google for information onthis to no avail.


Cheers

John

Follow-Ups:
- Re: [cobalt-users] (no subject)
  - From: Greg Hewitt-Long
- Re: [cobalt-users] (no subject)
  - From: Parker Morse
- Re: [cobalt-users] (no subject)
  - From: Ted
- Re: [cobalt-users] (no subject)
  - From: Zeffie

Prev by Date: RE: [cobalt-users] OT brief note on: CERT AdvisoryCA-2003-25Buffer Overflow in Sendmail
Next by Date: [cobalt-users] Chaning domain name (raq2)
Previous by thread: [cobalt-users] (no subject)
Next by thread: Re: [cobalt-users] (no subject)

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index