You may have been hacked. Search the hard drive for a file called Masscanner I think. You have probably been rooted, meaning a hacker used a known exploit to gain root access to your server. Embarrassed to say it, but it happened to me. You may be spending the night to rebuild the server. If you have been running backups it's probably not too bad. If not, turn off the server, take out the hard drive, get another Linux machine up and running. Install Raq hard drive. Mount the HD, Copy all the files under /home/sites to a folder on the new Linux box. Install the hard drive back in the Raq and reinstall the Cobalt OS. Use the links under /home/sites to rebuild all the sites in the order specified. Do some more research, you may not have been hacked. But that's what happened to me. The hacker got root access, used a port scanner to scan the Australian CERT. Oh it was a fun weekend. Enjoy Mike, email me if you have any questions.
---- Original Message ---- From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: RE: [cobalt-developers] Outbound Port Scan Date: Fri, 18 Jul 2003 07:19:13 -0700 >We have had inbound port scans, but this is the first outbound I have >received. > >How does an outbound happen? This machine hosts only our web sites. > > Timestamp: Fri 18 Jul 2003 04:04:11 AM PDT > Alert Type: Port Scan Detected > Interface: eth0 > Protocol: tcp > Packet Size (bytes): 40 > > Source Address: xxx.xxx.xxx.xxx > Source port: 445 > Direction: outbound > Destination Address: 140.109.34.14 > Destination Port: 3519 > > Log Entry: eth0:portscan: tcp xxx.xxx.xxx.xxx/445 -> >140.109.34.14/3519 40 rst (16) > >_______________________________________________ >cobalt-developers mailing list >[EMAIL PROTECTED] >http://list.cobalt.com/mailman/listinfo/cobalt-developers _______________________________________________ cobalt-developers mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-developers
