On 23 Jan 2003 at 11:15, Peter Lorent wrote: > As to the question which particular service is being hacked: it seems > possible to sniff individual ftp-accounts and get root-access. > Peter
The hacker has to have the ability to place a sniffer on your network first ( or any network between you and the server ). You should not ftp as root/admin anyway. Create an unprivileged account and ftp to this. You can then move the files via ssh. Or just use sftp in the first place. > -----Oorspronkelijk bericht----- > Van: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]Namens Ian > Verzonden: donderdag 23 januari 2003 10:50 > Aan: [EMAIL PROTECTED] > Onderwerp: Re: [cobalt-developers] Fixing the nasty RaQ Hack... > > > On 21 Jan 2003 at 11:20, Jeff Lasman wrote: > > > I'm posting this information to a few of the lists because some fairly > > intelligent people have written me unsure of exactly what they have to > > do to protect agains the nasty hack going around that completely > > destroys all the content on RaQ4s. > > Does anyone know which particular service is being hacked ? > > > > > > You really need to do this. If you can't do it yourself, have someone > > do it for you. > > > > This information comes from various sources, and is presented as a > > simple recipe for your convenience. All liability disclamers in effect > > of course. If you need someone to be responsible for the work, then > > find someone to do it for you. > > > > First of all, according to the docs published for the hack, a quick fix > > is to chmod 755 /usr/lib/authenticate if it's not already set to that. > > Will this have any side affects ? I seem to remember a bit of a > heated discussion about this a while back (might have been on the > security list). > > > > > Second, according to Michael, make sure you've got the latest update for > > apache, patch 15787, from the Cobalt package site. > > > > Third, upgrade OpenSSL to Version 0.9.7; you can get RPMs from > > ftp://ftp.nacs.net/pub/software/cobalt_raq4 > > > > openssl-0.9.7-1.i386.rpm > > openssl-0.9.7-1.src.rpm > > openssl-devel-0.9.7-1.i386.rpm > > openssl-doc-0.9.7-1.i386.rpm > > Do we need to update mod_ssl as well ? > > I didn't install the 15787 patch because I manually re-compiled > mod_ssl - should I just do it again with the 0.9.7 version of OpenSSL > ? > > > > > Fourth, upgrade OpenSSH, either from solarspeed.net > > (http://www.solarspeed.net/downloads/index.php), or from pkgmaster: > > (http://pkgmaster.com/packages/raq/4/). (Required, previous versions of > > SSH may not work properly with the rpm versions of OpenSSL.) > > > > I recently installed the latest pkgmaster version of OpenSSH, will > installing openssl-0.9.7 break anything ? > > > Sixth, make frequent backups; this is nasty and destroys most of the > > content on your RaQ. > > > > Seventh, cross your fingers. > > > > Jeff > > Cheers for the warning Jeff. > > Ian > -- > > _______________________________________________ > cobalt-developers mailing list > [EMAIL PROTECTED] > http://list.cobalt.com/mailman/listinfo/cobalt-developers > > _______________________________________________ > cobalt-developers mailing list > [EMAIL PROTECTED] > http://list.cobalt.com/mailman/listinfo/cobalt-developers _______________________________________________ cobalt-developers mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-developers
