[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] Cobalt Raq 4 Hacked
- Subject: RE: [cobalt-security] Cobalt Raq 4 Hacked
- From: "Michele Neylon :: Blacknight Solutions" <michele@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 4 Nov 2003 20:34:10 -0000
- Organization: Blacknight Internet Solutions Ltd
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
You will need to find the point of entry. Without the point of entry you
have no way od stopping it.
Mr. Michele Neylon
Blacknight Solutions
http://www.blacknightsolutions.ie/
http://www.search.ie/
FREE IE domains - see site for details
Tel. +353 (0)59 9139897
Fax. +353 (0)59 9139897
> -----Original Message-----
> From: cobalt-security-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-security-admin@xxxxxxxxxxxxxxx] On Behalf Of
> Pablo Medina
> Sent: 04 November 2003 13:10
> To: cobalt-security@xxxxxxxxxxxxxxx
> Subject: [cobalt-security] Cobalt Raq 4 Hacked
>
> Hi all.
> Today at 2:00 in the morning our RaQ4 was hacked.
>
> The hack replaced all files named index.* with own hacker content.
>
> We have had this issue a couple of weeks ago. That time the
> hack afected all index.* files under /home/sites.
>
> Now the hack affected all index.* files under / so the
> Control Panel is affected too.
>
> I must note a week ago the server wass rebuilded formm
> scratch and ALL upgrades were applied.
>
> I have chkrootkit and portsentry installed. None of those
> reported strange activity.
>
> I have checked open ports in the server and theres' no
> strange ports opened.
>
> I want to know if somebody has experienced the same issue,
> and any help will be apreciated..
>
> TIA
> Pablo
>
>
>
>
>
>
>
>
>
>
>
>
>
> ------------
> ¡Ayudá a los chicos navegando!
> En noviembre, Yahoo! dona un plato de comida por cada usuario
> que nevegue gratis con Yahoo! Conexión.
> Conectate ya en http://conexion.yahoo.com.ar
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>
>
#########################################################
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material. If you have received this in error, please contact the
sender and delete this message immediately. Disclosure, copying
or other action taken in respect of this email or in
reliance to it is prohibited.