[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Been Hacked... Where to begin?

Subject: Re: [cobalt-security] Been Hacked... Where to begin?
From: "Robbert Hamburg \(HaVa Web- & Processdesign\)" <user@xxxxxxx>
Date: Mon, 24 Dec 2001 18:36:00 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> Well, I've been hacked.  Where do I begin to fix it?  So far I've noticed
> that they replaced any page beginning with index with their own.  Also,
when
> I telnet to my box, I can no longer access root.
>
> What is the best way to fix this?  Is an OS restore the fastest way?

If you want to investigate the issue, unplug the box from the net and do
what you want.
Then I advice you to do an entire OS restore, apply all suplied patches from
cobalt on to your box.
Then restore your sites, make sure that there are no malicious codes in your
site backups.
Then install, logcheck, portsentry, ipchains, just to give you some more
security.

If you need more help investigating the issue or restoring your box, contact
me offlist.

Have a very merry christmas all !

Robbert

References:
- [cobalt-security] Been Hacked... Where to begin?
  - From: Chris De Herrera

Prev by Date: [cobalt-security] Been Hacked... Where to begin?
Next by Date: [cobalt-security] Backing Up
Previous by thread: [cobalt-security] Been Hacked... Where to begin?
Next by thread: [cobalt-security] Backing Up

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index