Dylan
09-05-2001, 02:30 PM
woohoo... take a look at board.hostyard.com
I haven't got much info on the hack yet but as soon as I do, I'll let you know.
I haven't got much info on the hack yet but as soon as I do, I'll let you know.
 | View Full Version : Hacked!!! Ericd 09-05-2001, 02:36 PM Some people don't have any better to do than hacking :rolleyes: Was this board running off a RaQ like the other times it was hacked? MCHost-Marc 09-05-2001, 02:36 PM Looks like your message board was exploited. Dylan 09-05-2001, 02:49 PM FreeBSD system. All the domains on the server have been affected. The index pages are still intact, so I'm presuming they've let the default freebsd apache program (not Plesk) take over. I can't get into the server though, waiting for a tech at the facility to help me. cperciva 09-05-2001, 02:56 PM Let me guess... you haven't updated telnetd recently have you? MCHost-Marc 09-05-2001, 03:03 PM http://packetstormsecurity.org/advisories/freebsd/FreeBSD-SA-01_49.telnetd.v1.1 ;) Dylan 09-05-2001, 03:21 PM :blush: cperciva 09-05-2001, 03:30 PM Originally posted by Dylan :blush: I don't get this. I've seen this with many hosts ... security advisories come and go and they do not react at all. Do people not subscribe to security mailing lists? qslack 09-05-2001, 04:24 PM Originally posted by cperciva I don't get this. I've seen this with many hosts ... security advisories come and go and they do not react at all. Do people not subscribe to security mailing lists? Isn't telnet even a security risk in itself? I would say so. cperciva 09-05-2001, 04:26 PM Originally posted by qslack Isn't telnet even a security risk in itself? I would say so. Telnet isn't a security risk if nobody tries to use it... *unless* the telnet daemon has a remote root hole in it. qslack 09-05-2001, 04:40 PM Originally posted by cperciva Telnet isn't a security risk if nobody tries to use it... *unless* the telnet daemon has a remote root hole in it. I would say that any unused running service is a security risk. cperciva 09-05-2001, 04:47 PM Originally posted by qslack I would say that any unused running service is a security risk. Well, yes, but only theoretically. Perhaps I should have stated "running telnetd should be a much lower risk than the actual risk of running that particular version of telnetd." qslack 09-05-2001, 04:54 PM Well, yes...let's not get into semantics, sorry, I read your post wrong the first time. :) Anyways...I can tell that Dylan is going to have a very fun day today, reinstalling the OS, restoring from backups, and such. :( Dylan 09-05-2001, 10:18 PM :D I must congratulate the techs at dtwebworks on a magnificent and prompt clean up :love: Nicholas Brown 09-06-2001, 05:00 AM Die telnet Die haha :stickout Dylan, have you disabled Telnet now? :) Synergy 09-06-2001, 07:42 AM Dylan its time to stop telnet and offer shell access with SSH :D Dylan 09-06-2001, 07:46 AM Telnet is dead now. I've never offered my clients telnet access before. qslack 09-08-2001, 02:09 AM Just curious. By "clean up", do you mean a reinstall of the OS? You seem to imply that the techs just cleaned up the visible traces of the attack. Synergy 09-08-2001, 02:36 AM like clearing directories :) I have seen an attack where it filled up all the available partitions. WeinBar Jack 09-08-2001, 02:37 AM That's not a good idea. Once someone is in, a reformat iand reinstallation is necessary. Not just a "cleanup". |