[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] RAq 3 Hacked ( all over the glode ?! )
- Subject: Re: [cobalt-security] RAq 3 Hacked ( all over the glode ?! )
- From: "Bjorn Zwaaneveld" <bjorn@xxxxxxx>
- Date: Mon, 12 Feb 2001 08:43:00 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Peter,
As a matter of fact, a client of ours also had his Raq3 down (thursday
23:00). The LCD display showed only the hostname, no IP address. Somebody (a
hacker?) deleted a lot of files and made the Raq inaccessible. After a night
of calling and trying we got the Raq up again by logging in using Single
User Mode and starting the network manually. Some things were still disabled
(telnet), so later that day we did a complete restore of the Raq3, installed
all patches, mounted the other disk and copied some important files.
Bjorn Zwaaneveld
Caveo BV - caveo.nl
----- Original Message -----
From: "ICDServers" <Info@xxxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Sunday, February 11, 2001 3:50 PM
Subject: [cobalt-security] RAq 3 Hacked ( all over the glode ?! )
> Hi All,
>
> I'm just wondering if i'm the only one suffering from this or are there
more
> people that have been hacked this weekend.
> I HAD a raq3 and some crappy hacker has deleted all files in the /VAR
> folder, this disables the entire raq.
> Somehow they have maneged to get into the raq at a root level and there
> created a mess of things.
> Fortunalty i'm online again, this time on a raq 4 but i still wonder if i
> should block certain sites form accessing the server and if so what sites
?
>
> Can anyone here advise me ? I have installed all updates for the raq 4
that
> are currently available.
>
> regards,
>
> Peter Broerse
> ICDServers
> info@xxxxxxxxxxxxxx
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security