Re: [cobalt-security] Qubes - hacked

[Jeroen Wunnink <jeroen@xxxxxxxxxxxxxx>]

The main hacking source I've encountered so far, are unsecure PHP scripts 
that are owned by users.., there's many exploits in older versions of the 
bigger oftenly used packages (like PHPNuke and phpBB) which allow 
uploading, compiling and running custom code as the apache user..



At 12:56 PM 4/29/2003 +0100, you wrote:
> Hi
>
> Has anyone else been having problems with Qubes getting hacked?
>
> If you run the latest version of chkrootkit it comes up with infected stuff,
> login, and others as well as suggesting a show tee root kit.  The only
> visible symptom to the user or sysadmin seems to be that the windows file
> sharing server goes off line and won't come back up.
>
> I'm not sure how they get in to start with, we tend to run the qubes a
> little behind on the patching as they are not always a help if your Qube
> goes down due to a patch error, however at this moment we are patching to
> every last patch available on bluelink to try and lock this out.
>
> The only way we can be sure of getting rid of the hack at the moment is to
> do a full restore which is a real pain and reminds me to try again at
> building an up to date OSRCD for Qubes.
>
> Anyone else seeing the same?
>
> Regards
>
> Gavin
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security



Met vriendelijke groet,

Jeroen Wunnink,
systeembeheer@xxxxxxxxxxxxxx

telefoon:+31 (035) 6285455              Postbus 1332
fax: +31 (035) 6838242                  1200 BH Hilversum

http://www.easyhosting.nl