[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Raq4 Server hacked :'(

Subject: [cobalt-security] Raq4 Server hacked :'(
From: "James Zawacki" <jzawacki@xxxxxxxxxxxxxx>
Date: Tue, 23 Mar 2004 20:39:56 -0600
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Ok.. I've been keeping up with patches.. and am up to date except for the last pine patch on the 17th.  But, one of my servers bounced 5 days ago.  I started looking into it, and found one of the web sites cgi-bin has a TON of hacking scripts.  CGI-Telnet server, irc bots, etc.

And, there was a binary file that was this:

 Linux Kernel kmod.c modprobe ptrace vulnerability exploit

Now, I'm trying to do clean up.  What's the easiest way to determine if root has been compromised, or just that user account for that web site?

Thanks,
James




---------------------------------------------------------------
http://www.customlynx.com - Low cost web authoring and hosting!
Get your FREE E-mail address or give them out! (culymail.com)

Follow-Ups:
- Re: [cobalt-security] Raq4 Server hacked :'(
  - From: R. Hamburg .: HaVa Web- & Processdesign :.
- Re: [cobalt-security] Raq4 Server hacked :'(
  - From: Dmitry Alexeyev

Prev by Date: Re: [cobalt-security] Auto Kernel pdate
Next by Date: Re: [cobalt-security] Raq4 Server hacked :'(
Previous by thread: Re: [cobalt-security] Auto Kernel pdate
Next by thread: Re: [cobalt-security] Raq4 Server hacked :'(

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index