[cobalt-security] Unauthorized httpd.conf changes.

Subject: [cobalt-security] Unauthorized httpd.conf changes.

From: "Mike Dickinson" <mdickinson@xxxxxxxxxxxxxxxxxxxx>

Date: Mon, 1 Apr 2002 09:07:12 -0800

Organization: Totlcom Broadband Services LP

List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hey guys,

Over the last week, I have been experiencing weird symptoms on my RAQ3i in regards to the httpd.conf and log files. First off Cobalt will not help me because we have installed a RAQ4 OS on a RAQ3i.. (I know that is a NO NO…)

What I am seeing happening is that the httpd.conf file is being written to by an unauthorized service or individual on a nightly basis. The a’s are being changed to d’s and the e’s are being changed to d’s. Completely bizarre!

Can anyone pass their thoughts on…

Would be appreciated.

===========================================
Michael A. Dickinson
Systems Administrator / Sales Engineer
Totlcom Broadband Services
Voice: 559-420-0200 Ext. 0206
Fax: 559-291-1895
mdickinson@xxxxxxxxxxxxxxxxxxxx
Wireless Email: mdickinson@xxxxxxxxxxxxxxx
Come See our NEW SITE!!!!! http://www.totlcombroadband.com
===========================================