IMPORTANT ! Please read below.... Our Raq's are Raq3's, but this may be more wide spread, we have suspicions that its another bind problem Regards Kul -------- Original Message -------- Subject: [cobalt-users] RAQ's in UK hacked Date: Thu, 8 Feb 2001 01:46:34 -0000 From: "Steve Bassi" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: <[EMAIL PROTECTED]> Hi Many of our RAQ's seem to have been hacked despite having installed the recent updates. Anyone on this list been hacked ? This is a recent post to our UK2 group (below) - anyone on the list with other suggestions o can help would be much appreciated Rgds Steve Bassi ======================= Yes I do mean machines have been compromised. To check to see if you have been the target this is what I suggest. check in the /lib/security/.config directory (If you have one) on mine theres a rootkit in there. check file mfs (sniffer log, passwords etc.) you will also prob see a scan.log file and heres a fill listing ava cleaner lpsched nfs-utils-0.1.9.1-1.i386.rpm rcp ssh sz backup crypt mfs patcher scan.log sshd utime bin instmod sh wget Web : http://firstwebspace.com My Online Communications ICQ#:5647095 - AIM:fwsweb - Yahoo:stevebassi - MSM:[EMAIL PROTECTED] - AOL:sacbassi _______________________________________________ cobalt-users mailing list [EMAIL PROTECTED] To Subscribe or Unsubscribe, please go to: http://list.cobalt.com/mailman/listinfo/cobalt-users _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
