My cobalt was also hacked last week and in a similar fashion OS & version numbers were changed (According to genius techies at the co-location building). In my case, the users changed versions of most programs and then created user accounts called Site1 Site2 Site3 etc etc. Thanks to the quick action of my colocation providers I knew within about 5 minutes of the culprits trying to use the box to flood some other system. I was advised to download the logs and they re-loaded the entire box from scratch. Admittedly I had not added two of the most recent patches before this "hack", however I'm now subscribed to both this list and the announcement list - the same mistake hopefully won't happen again... Rgds Joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Administrator Sent: 08 March 2001 17:05 To: '[EMAIL PROTECTED]' Subject: [cobalt-security] RaQ3 Hacked - Information Gathered Recently, my Raq3 was hacked. I was able to get back into the system with the ROM boot method. I was able to determine that the kernel, among other things, was modified. Additionally, the hacker left some information behind that might be of interest to someone. My question is what do I do with the information gathered? Is there some sort of central authority that tracks this information? Does Sun / Cobalt want this information before I rebuild the OS? My apologies if I posted in the wrong list. -Todd S. _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
