I have recently had a couple of message boards on my server hacked. i expect that one of my users who has telnet access has used it to view the password files for the ubbs.
Is there any log files that show what users have logged in to telnet on a raq3?

Any help would be much appreciated.

Alan Reid
madhosts.com

I'm not an expert on this issue, but couldn't
you check every users .bash_history file to see
who has been snooping in the wrong directories?

Of course, if the user has the rights to this file,
the user may have removed (or emptied) this file himself. So this trick will only work if the hacker was a newbie...

One other possibility is to check /var/log/secure
This file should log all access (telnet, pop3) to your
server - including IP address, time of login and login
name. It won't tell you however what those users actually
did on the system.

Thanks very much GHDpro

that proved very usefull

FYI, the files containing the passwords of a UBB are chmoded 777, which means that anyone can read, modify or replace them to execute any arbitrary code.

I would not offer telnet access on a RAQ, it is _way_ too easy to root a server with it... It leaks passwords from almost everywhere, you can find the PostgreSQL password in 2 seconds, view the source of anyone's web page, etc,etc,etc.

The command 'FINGER' can be used to determine when an individual last logged in, if you have any ideas on when the 'hack' happened.

Alan,

Isn't offering Telnet access on a free web service a little risky. Many free hosts don't even offer FTP access. Just my opinion, and please feel free to tell me to mind my own business, but if they don't need it, I wouldn't give them Telnet access.

We dont offer telnet access, some people were left with it enabled after we were using it to edit there files for them. oops

Alan,

Sorry about that, I should have known that you wonldn't offer them telnet access. Any luck findng another server? I remember you said you needed a control panel to manage the server. Have you thought about just a regular Linux box, with the Plesk control panel? It's not the greatest, but it's as good as a RAQ.

I am seriously considering just a linux box. They are cheaper and more powerfull. how long would it take to set up a web-site on one of them by editing the configuration files by hand?

Once you have done it a few times, and are comfortable with the process, only a few minutes. Do you plan to offer any sort of control panel to your users? That was why I suggested Plesk.

I was actually thinking about learning cgi or php and making my own control panel which would do exactly what i would want it.