[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] [Fwd: [cobalt-users] RAQ's in UK hacked]
- Subject: [cobalt-security] [Fwd: [cobalt-users] RAQ's in UK hacked]
- From: Kul <WebMaster@xxxxxxx>
- Date: Thu, 08 Feb 2001 03:00:39 +0000
- Organization: Qax
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
IMPORTANT !
Please read below....
Our Raq's are Raq3's, but this may be more wide spread, we have suspicions that its another bind problem
Regards
Kul
-------- Original Message --------
Subject: [cobalt-users] RAQ's in UK hacked
Date: Thu, 8 Feb 2001 01:46:34 -0000
From: "Steve Bassi" <steve@xxxxxxxxx>
Reply-To: cobalt-users@xxxxxxxxxxxxxxx
To: <cobalt-users@xxxxxxxxxxxxxxx>
Hi
Many of our RAQ's seem to have been hacked despite having installed the
recent updates.
Anyone on this list been hacked ?
This is a recent post to our UK2 group (below) - anyone on the list with
other suggestions o can help would be much appreciated
Rgds
Steve Bassi
=======================
Yes I do mean machines have been compromised.
To check to see if you have been the target this is what I suggest.
check in the /lib/security/.config directory (If you have one)
on mine theres a rootkit in there.
check file mfs (sniffer log, passwords etc.)
you will also prob see a scan.log file and heres a fill listing
ava cleaner lpsched nfs-utils-0.1.9.1-1.i386.rpm
rcp ssh sz backup crypt mfs
patcher scan.log sshd utime
bin instmod sh wget
Web : http://firstwebspace.com
My Online Communications
ICQ#:5647095 - AIM:fwsweb - Yahoo:stevebassi - MSM:stevebassi@xxxxxxxxxxx -
AOL:sacbassi
_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users