[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[no subject]

The box must not be using IPtables or chains, which would have
stopped this from ever happening, since you control who has access to 
which files and specific services, like FTP, telnet, SSH etc.




----- Original Message ----- 
From: "John K Mitchell" <johnm@xxxxxxxxxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Friday, September 19, 2003 12:03 PM
Subject: [cobalt-users] (no subject)


> Hi there
> 
> I have just had a message from my server supplier that :-
> 
> "After further investigations we have found your server to have been 
> hacked, to protect the rest of our network we have taken your server off 
> line. T
> 
> We found these files to have been replaced on xxx.xxx.xxx.xxx.
> 
> S.5..... /bin/netstat
> S.5..... /sbin/ifconfig
> S.5..... /usr/bin/pstree
> S.5..... /usr/bin/find
> SM5..... /bin/ps
> SM5..... /usr/bin/top
> S.5..UGT /usr/bin/ftpcount
> S.5..UGT /usr/bin/ftpwho
> S.5..UGT /usr/bin/ftpshut
> 
> Furthermore, there's an IRC bot running on the server in /usr/man/manag 
> and the source file is bhbp.tar.gz
> 
> ./shell.sh
> ./bot1.up
> ./lpdi sezam
> ./clean "
> 
> They are offering to rebuild the server for me - any ideas whether this 
> is needed - I've tried several searches in Google for information on 
> this to no avail.
> 
> Cheers
> 
> John
> 
> 
> _____________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
> 
>

Prev by Date: [no subject]
Next by Date: [no subject]
Previous by thread: [no subject]
Next by thread: [no subject]

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index