The box must not be using IPtables or chains, which would have stopped this from ever happening, since you control who has access to which files and specific services, like FTP, telnet, SSH etc. ----- Original Message ----- From: "John K Mitchell" <johnm@xxxxxxxxxxxxxxxxxxxx> To: <cobalt-users@xxxxxxxxxxxxxxx> Sent: Friday, September 19, 2003 12:03 PM Subject: [cobalt-users] (no subject) > Hi there > > I have just had a message from my server supplier that :- > > "After further investigations we have found your server to have been > hacked, to protect the rest of our network we have taken your server off > line. T > > We found these files to have been replaced on xxx.xxx.xxx.xxx. > > S.5..... /bin/netstat > S.5..... /sbin/ifconfig > S.5..... /usr/bin/pstree > S.5..... /usr/bin/find > SM5..... /bin/ps > SM5..... /usr/bin/top > S.5..UGT /usr/bin/ftpcount > S.5..UGT /usr/bin/ftpwho > S.5..UGT /usr/bin/ftpshut > > Furthermore, there's an IRC bot running on the server in /usr/man/manag > and the source file is bhbp.tar.gz > > ./shell.sh > ./bot1.up > ./lpdi sezam > ./clean " > > They are offering to rebuild the server for me - any ideas whether this > is needed - I've tried several searches in Google for information on > this to no avail. > > Cheers > > John > > > _____________________________________ > cobalt-users mailing list > cobalt-users@xxxxxxxxxxxxxxx > To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to: > http://list.cobalt.com/mailman/listinfo/cobalt-users > >
Sun Cobalt and Linux Support by Zeffie.com
Zeffie's Sun Cobalt User Forums
A Sun Cobalt and Linux Support Specialist Since 1999
Sun Cobalt Support, Repairs, Development, and Maintenance.
Home of the Worlds Largest Collection of Sun Cobalt Updates!
Sun Cobalt Spam Filter, Security, Firewall, Anti Virus Products.
734-454-9117 US Toll Free 800-231-4459 UK 0208-150-6860
Zeffie's Sun Cobalt Restore CD's
Zeffie's Sun Cobalt Updates
Sun Cobalt Users List
Sun Cobalt Security List
Sun Cobalt Developers List
Copyright 2009 by Electronic Consultants Inc.