[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] (no subject)

Subject: Re: [cobalt-users] (no subject)
From: "Zeffie" <cobaltlist@xxxxxxxx>
Date: Sun Sep 21 00:28:01 2003
Organization: http://www.zeffie.com/
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

> I have just had a message from my server supplier that :-
> "After further investigations we have found your server to have been
> hacked, to protect the rest of our network we have taken your server off
> line. T
> We found these files to have been replaced on xxx.xxx.xxx.xxx.
> S.5..... /bin/netstat
> S.5..... /sbin/ifconfig
> S.5..... /usr/bin/pstree

ya ya....  sounds like it's your turn...  yes you can clean them out..
However some isp's (like in england) like to shut the box of in fear and
have it restored a day later....  not sure why the day gets in there but if
you don't catch it in time they will charge you 200 or so pounds and make
some almost usefull backups for you...  Some isps like datapipe and
rackshack are nice enough to give you a new drive and your old drive as a
slave for a period of time...  You just have to catch it before they do and
be prepared to kick some butt when you get there...  it is always nice to do
a complete restore and rebuild from (hopefully your old drive as a slave)
if you can you should...

otherwise you need to know howto de-hack at high speed...  and I don't teach
that...  it just happens... :)

Zeffie
734-454-9117
http://www.zeffie.com/
Home of Worlds Largest collection of raq4 rpms

References:
- [cobalt-users] (no subject)
  - From: John K Mitchell

Prev by Date: RE: [cobalt-users] update sendmail from http://www.solarspeed.net
Next by Date: Re: [cobalt-users] Installing OpenSSH 3.7.1
Previous by thread: Re: [cobalt-users] (no subject)
Next by thread: [cobalt-users] (no subject)

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index