As to the question which particular service is being hacked: it seems possible to sniff individual ftp-accounts and get root-access. Peter
-----Oorspronkelijk bericht----- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Namens Ian Verzonden: donderdag 23 januari 2003 10:50 Aan: [EMAIL PROTECTED] Onderwerp: Re: [cobalt-developers] Fixing the nasty RaQ Hack... On 21 Jan 2003 at 11:20, Jeff Lasman wrote: > I'm posting this information to a few of the lists because some fairly > intelligent people have written me unsure of exactly what they have to > do to protect agains the nasty hack going around that completely > destroys all the content on RaQ4s. Does anyone know which particular service is being hacked ? > > You really need to do this. If you can't do it yourself, have someone > do it for you. > > This information comes from various sources, and is presented as a > simple recipe for your convenience. All liability disclamers in effect > of course. If you need someone to be responsible for the work, then > find someone to do it for you. > > First of all, according to the docs published for the hack, a quick fix > is to chmod 755 /usr/lib/authenticate if it's not already set to that. Will this have any side affects ? I seem to remember a bit of a heated discussion about this a while back (might have been on the security list). > > Second, according to Michael, make sure you've got the latest update for > apache, patch 15787, from the Cobalt package site. > > Third, upgrade OpenSSL to Version 0.9.7; you can get RPMs from > ftp://ftp.nacs.net/pub/software/cobalt_raq4 > > openssl-0.9.7-1.i386.rpm > openssl-0.9.7-1.src.rpm > openssl-devel-0.9.7-1.i386.rpm > openssl-doc-0.9.7-1.i386.rpm Do we need to update mod_ssl as well ? I didn't install the 15787 patch because I manually re-compiled mod_ssl - should I just do it again with the 0.9.7 version of OpenSSL ? > > Fourth, upgrade OpenSSH, either from solarspeed.net > (http://www.solarspeed.net/downloads/index.php), or from pkgmaster: > (http://pkgmaster.com/packages/raq/4/). (Required, previous versions of > SSH may not work properly with the rpm versions of OpenSSL.) > I recently installed the latest pkgmaster version of OpenSSH, will installing openssl-0.9.7 break anything ? > Sixth, make frequent backups; this is nasty and destroys most of the > content on your RaQ. > > Seventh, cross your fingers. > > Jeff Cheers for the warning Jeff. Ian -- _______________________________________________ cobalt-developers mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-developers _______________________________________________ cobalt-developers mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-developers
