[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] Cobalt Raq 4 Hacked

Subject: RE: [cobalt-security] Cobalt Raq 4 Hacked
From: "Michele Neylon :: Blacknight Solutions" <michele@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 4 Nov 2003 20:34:10 -0000
Organization: Blacknight Internet Solutions Ltd
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

You will need to find the point of entry. Without the point of entry you
have no way od stopping it.

Mr. Michele Neylon
Blacknight Solutions
http://www.blacknightsolutions.ie/
http://www.search.ie/
FREE IE domains - see site for details
Tel. +353 (0)59 9139897
Fax. +353 (0)59 9139897 

> -----Original Message-----
> From: cobalt-security-admin@xxxxxxxxxxxxxxx 
> [mailto:cobalt-security-admin@xxxxxxxxxxxxxxx] On Behalf Of 
> Pablo Medina
> Sent: 04 November 2003 13:10
> To: cobalt-security@xxxxxxxxxxxxxxx
> Subject: [cobalt-security] Cobalt Raq 4 Hacked
> 
> Hi all.
> Today at 2:00 in the morning our RaQ4 was hacked.
> 
> The hack replaced all files named index.* with own hacker content.
> 
> We have had this issue a couple of weeks ago. That time the 
> hack afected all index.* files under /home/sites.
> 
> Now the hack affected all index.* files under / so the 
> Control Panel is affected too.
> 
> I must note a week ago the server wass rebuilded formm 
> scratch and ALL upgrades were applied.
> 
> I have chkrootkit and portsentry installed. None of those 
> reported strange activity.
> 
> I have checked open ports in the server and theres' no 
> strange ports opened.
> 
> I want to know if somebody has experienced the same issue, 
> and any help will be apreciated..
> 
> TIA
> Pablo 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> ------------
> ¡Ayudá a los chicos navegando!
> En noviembre, Yahoo! dona un plato de comida por cada usuario 
> que nevegue gratis con Yahoo! Conexión.
> Conectate ya en http://conexion.yahoo.com.ar
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
> 
> 


#########################################################
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance to it is prohibited.

References:
- [cobalt-security] Cobalt Raq 4 Hacked
  - From: Pablo Medina

Prev by Date: Re: [cobalt-security] Slightly OT - spammers using my domain
Next by Date: [cobalt-security] About Hacked Raq 4
Previous by thread: [cobalt-security] Cobalt Raq 4 Hacked
Next by thread: Re: [cobalt-security] Cobalt Raq 4 Hacked

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index