[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] RAq 3 Hacked ( all over the glode ?! )

Subject: Re: [cobalt-security] RAq 3 Hacked ( all over the glode ?! )
From: Gossi The Dog <gossi@xxxxxxxxxxxxxx>
Date: Sun, 11 Feb 2001 17:44:46 +0000 (GMT)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Sun, 11 Feb 2001, ICDServers wrote:

> Hi All,
>
> I'm just wondering if i'm the only one suffering from this or are there more
> people that have been hacked this weekend.
> I HAD a raq3 and some crappy hacker has deleted all files in the /VAR
> folder, this disables the entire raq.
> Somehow they have maneged to get into the raq at a root level and there
> created a mess of things.
> Fortunalty i'm online again, this time on a raq 4 but i still wonder if i
> should block certain sites form accessing the server and if so what sites ?
>
> Can anyone here advise me ? I have installed all updates for the raq 4 that
> are currently available.
>
> regards,
>
> Peter Broerse
> ICDServers
> info@xxxxxxxxxxxxxx

You were probably hacked via bind.  Install the new BIND rpm (not listed
on the website yet) or you will likely be hacked again.

/var was probably removed in an attempt to hide logs.  However, whoever
did this isn't very clueful (they should have been fiddling with /var/log
for starters, not the whole of /var).

HTH,
Gossi.

Follow-Ups:
- Re: [cobalt-security] RAq 3 Hacked ( all over the glode ?! )
  - From: H.P. Stroebel

References:
- [cobalt-security] RAq 3 Hacked ( all over the glode ?! )
  - From: ICDServers

Prev by Date: [cobalt-security] Template for placeder page
Next by Date: Re: [cobalt-security] Template for placeder page
Previous by thread: RE: [cobalt-security] Template for placeder page
Next by thread: Re: [cobalt-security] RAq 3 Hacked ( all over the glode ?! )

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index