The box must not be using IPtables or chains, which would have stopped this from ever happening, since you control who has access to which files and specific services, like FTP, telnet, SSH etc. ----- Original Message ----- From: "John K Mitchell" <johnm@xxxxxxxxxxxxxxxxxxxx> To: <cobalt-users@xxxxxxxxxxxxxxx> Sent: Friday, September 19, 2003 12:03 PM Subject: [cobalt-users] (no subject) > Hi there > > I have just had a message from my server supplier that :- > > "After further investigations we have found your server to have been > hacked, to protect the rest of our network we have taken your server off > line. T > > We found these files to have been replaced on xxx.xxx.xxx.xxx. > > S.5..... /bin/netstat > S.5..... /sbin/ifconfig > S.5..... /usr/bin/pstree > S.5..... /usr/bin/find > SM5..... /bin/ps > SM5..... /usr/bin/top > S.5..UGT /usr/bin/ftpcount > S.5..UGT /usr/bin/ftpwho > S.5..UGT /usr/bin/ftpshut > > Furthermore, there's an IRC bot running on the server in /usr/man/manag > and the source file is bhbp.tar.gz > > ./shell.sh > ./bot1.up > ./lpdi sezam > ./clean " > > They are offering to rebuild the server for me - any ideas whether this > is needed - I've tried several searches in Google for information on > this to no avail. > > Cheers > > John > > > _____________________________________ > cobalt-users mailing list > cobalt-users@xxxxxxxxxxxxxxx > To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to: > http://list.cobalt.com/mailman/listinfo/cobalt-users > >
Zeffie's Sun Cobalt User Forums
Zeffie's Sun Cobalt Restore CD's
Zeffie's Sun Cobalt Updates
Sun Cobalt Users List
Sun Cobalt Security List
Sun Cobalt Developers List
Copyright 2007 by Electronic Consultants Inc.