Anonymous was not turned on. So I am not sure how they got in. We suspect they used a network sniffer to grab the usernames and passwords and then installed the exploit.
Paul ----- Original Message ----- From: "Barbara -" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, September 29, 2001 12:04 PM Subject: [cobalt-security] Hacked by SDI linux remote exploit for ProFTP > >Although I have all the security patches in place, > >including the 'Security: proftpd Update 1.0.1' > >they got in using 'SDI linux remote exploit > >for ProFTP' > > Just out of curiosity, don't you need to be running > anonymous ftp for this exploit to work? I just checked > Security Focus and it says "SDI anonymous remote > exploit for proftpd". From what I can gather, it says > they first need "permission to download a file (like > welcome.msg or README)." Not that this isn't a serious > issue, but if anonymous FTP isn't turned on, I don't > think it would be so easy to exploit (unless of course > a user decides to try). Please correct me if I'm > wrong. > > http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=27450 > > Barbara > > __________________________________________________ > Do You Yahoo!? > Listen to your Yahoo! Mail messages from any phone. > http://phone.yahoo.com > _______________________________________________ > cobalt-security mailing list > [EMAIL PROTECTED] > http://list.cobalt.com/mailman/listinfo/cobalt-security > _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
