On Sun, Jun 29, 2003 at 04:16:47PM +0200, Thomas Lamy wrote:
> > Re-installing from scratch would be a real pain... the server
> > runs on a
> > 3ware array, and has hundreds of users, all active :-/
> IMHO there's only one save way to go after being hacked: reinstall.
Jason, if you're really det
Hi Shri,
Good idea... installing tiger too now!
Sincerely,
Jas
- Original Message -
From: "Shri Shrikumar" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, 01 July, 2003 2:15 AM
Subject: Re: Server hacked - next...?
- Original Message -
From: "Andrew Miehs" <[EMAIL PROTECTED]>
To:
Sent: Friday, 27 June, 2003 6:36 PM
Subject: Woody Stable and Kernel 2.4.21
> Hi all!
>
> I need to compile a 2.4.21 Kernel for Woody.
> Which version of GCC should I use...
> GCC3 or GCC2.95?
>
> Should I download stan
> As Russell Coker points out, the attaccer probably got in trough
> apache and a vulnerable CGI script.
> When you reinstall, be sure you dont run any insecure CGI's.
> There is probably a bunch of other improvements jou can do.
DOH... I just posted saying that in my previous email before read
Hi Daniel,
Yeap, I follow Bugtraq... too bad Debian came out with the "official"
kernel ages after it was revealed.
Actually running 2.4.21 now... but it certainly is possible that during
the gap between when we were running 2.4.17/18 to when we upraded to
2.4.21, someone got in.
Actually, from
Howdy folks,
I have installed mysql a few times (from debian packages) and never had
any trouble, but this one just stumpes me. I installed debian woody and
mysql on a server. I screwed up /var/lib/mysql trying to copy over some
databases so I reinstalled mysql to bring things back to normal. I
On Mon, Jun 30, 2003 at 08:03:11PM +0200, Marcin Owsiany wrote:
> > find / -uid 0 -perm 0400
>
> I guess this should have been 04000
Actually, it should be
find / -uid 0 -perm +4000
Sorry about that..
--
bda
Cyberpunk is dead. Long live cyberpunk.
http://mirrorshades.org
On Sun, Jun 29, 2003 at 04:16:47PM +0200, Thomas Lamy wrote:
> > Re-installing from scratch would be a real pain... the server
> > runs on a
> > 3ware array, and has hundreds of users, all active :-/
> IMHO there's only one save way to go after being hacked: reinstall.
Jason, if you're really det
Hi Shri,
Good idea... installing tiger too now!
Sincerely,
Jas
- Original Message -
From: "Shri Shrikumar" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, 01 July, 2003 2:15 AM
Subject: Re: Server hacked - next...?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subj
- Original Message -
From: "Andrew Miehs" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, 27 June, 2003 6:36 PM
Subject: Woody Stable and Kernel 2.4.21
> Hi all!
>
> I need to compile a 2.4.21 Kernel for Woody.
> Which version of GCC should I use...
> GCC3 or GCC2.95?
>
> Sho
> As Russell Coker points out, the attaccer probably got in trough
> apache and a vulnerable CGI script.
> When you reinstall, be sure you dont run any insecure CGI's.
> There is probably a bunch of other improvements jou can do.
DOH... I just posted saying that in my previous email before read
Hi Daniel,
Yeap, I follow Bugtraq... too bad Debian came out with the "official"
kernel ages after it was revealed.
Actually running 2.4.21 now... but it certainly is possible that during
the gap between when we were running 2.4.17/18 to when we upraded to
2.4.21, someone got in.
Actually, from
Howdy folks,
I have installed mysql a few times (from debian packages) and never had
any trouble, but this one just stumpes me. I installed debian woody and
mysql on a server. I screwed up /var/lib/mysql trying to copy over some
databases so I reinstalled mysql to bring things back to normal. I
On Mon, Jun 30, 2003 at 08:03:11PM +0200, Marcin Owsiany wrote:
> > find / -uid 0 -perm 0400
>
> I guess this should have been 04000
Actually, it should be
find / -uid 0 -perm +4000
Sorry about that..
--
bda
Cyberpunk is dead. Long live cyberpunk.
http://mirrorshades.org
--
To UNSUBSCRI
Hello,
I'm looking the way to configure a debian box as a PPP-server.
Today, I have to run `pppd call myscript' everytime I want
someone to connect. What is the way to automaticaly rerun pppd to
accept new connections.
Then, is there any way use radius server with pppd ?
Thanks a
chkrootkit is also avaialble through apt-get
apt-get install chkrootkit
##
On Sun, 29 Jun 2003, Jason Lim wrote:
> Hi Russell,
>
> Well, SE Linux certainly seems like something that needs to be installed.
> Most annoying is that all the recent security updates were already done!
>
> T
Hello list :
i got a odd problem about samba.
i have a share folder named "[webdata]" for LDAP authentic user access ONLY.
However, My windows 2000/XP client can read [webdata] through Netneighbor.
when i upload a text file named "ipsec.txt" to [webdata] , My windows2000/XP
alert me "Can not
Hello,
I'm looking the way to configure a debian box as a PPP-server.
Today, I have to run `pppd call myscript' everytime I want
someone to connect. What is the way to automaticaly rerun pppd to
accept new connections.
Then, is there any way use radius server with pppd ?
Thanks a
chkrootkit is also avaialble through apt-get
apt-get install chkrootkit
##
On Sun, 29 Jun 2003, Jason Lim wrote:
> Hi Russell,
>
> Well, SE Linux certainly seems like something that needs to be installed.
> Most annoying is that all the recent security updates were already done!
>
> T
Hello list :
i got a odd problem about samba.
i have a share folder named "[webdata]" for LDAP authentic user access ONLY.
However, My windows 2000/XP client can read [webdata] through Netneighbor.
when i upload a text file named "ipsec.txt" to [webdata] , My windows2000/XP
alert me "Can not
On Sun, 2003-06-29 at 06:00, Jason Lim wrote:
> Hi all,
>
> Well... bad day for me.
>
> One of our servers was hacked (woody)... badly, from what I can see. A
> whole bunch of binaries have been modified, and strange processes are
> running on the server. The hack date appears to be jun 6.
>
> I
On Sun, Jun 29, 2003 at 11:28:47AM -0400, bda wrote:
> On Sun, Jun 29, 2003 at 09:47:13PM +0800, Jason Lim wrote:
> > Is there any tool that could search the system for root suid scripts (so
> > the hacker can login again and gain root easily)?
>
> find / -uid 0 -perm 0400
I guess this should hav
On Mon, 2003-06-30 at 04:07, Jones, Steven wrote:
> It would just be a matter of time before your email address was sold by
> Gates to a spammer I bet.
Too late. Have you tried opening a hotmail account and just leaving it
for a few weeks. You will get spam in there even if you dont use that
adr
On Sun, 2003-06-29 at 06:00, Jason Lim wrote:
> Hi all,
>
> Well... bad day for me.
>
> One of our servers was hacked (woody)... badly, from what I can see. A
> whole bunch of binaries have been modified, and strange processes are
> running on the server. The hack date appears to be jun 6.
>
> I
On Sun, Jun 29, 2003 at 11:28:47AM -0400, bda wrote:
> On Sun, Jun 29, 2003 at 09:47:13PM +0800, Jason Lim wrote:
> > Is there any tool that could search the system for root suid scripts (so
> > the hacker can login again and gain root easily)?
>
> find / -uid 0 -perm 0400
I guess this should hav
On Mon, 2003-06-30 at 04:07, Jones, Steven wrote:
> It would just be a matter of time before your email address was sold by
> Gates to a spammer I bet.
Too late. Have you tried opening a hotmail account and just leaving it
for a few weeks. You will get spam in there even if you dont use that
adr
On Mon, 30 Jun 2003 16:12, Donovan Baarda wrote:
> In then end it is nearly always easier to re-install than to just clean
> the system without it, even if the hacker did leave .bash_histories
> behind that show everything he/she did.
Besides, just because a script-kiddie got in first does not mea
On Mon, 30 Jun 2003 16:12, Donovan Baarda wrote:
> In then end it is nearly always easier to re-install than to just clean
> the system without it, even if the hacker did leave .bash_histories
> behind that show everything he/she did.
Besides, just because a script-kiddie got in first does not mea
Hay there . thanks for stopping to read my email.
I have compiled exim with perl support...
I need to be able to auto reply to certain emails with a mail containing an
attachment .. the standandrad exim autoreply doesn't support , attachments.
So i figured parse incoming mail to check if requires
On Sunday 29 June 2003 05:39, Gene Grimm wrote:
> Has anyone heard any details about Gates' new ideas on how to "block"
> spam? [...]
> First, he wants to create a "challenge response" scheme [...]This is what
> I fear:
> 3. Recipient's mail client downloads incoming message for analysis
> 4. Re
On Sun, 2003-06-29 at 19:02, Donovan Baarda wrote:
[...]
> Once you get compromised, it's pretty darn hard to get clean without
> starting fresh. Some rootkit compromises do weird stuff like infect
> every binary file you even 'ls'. One system I saw had been compromised
> via an ssh vulerability (o
This is an automatically generated Attachment Filtering notification. The data
is *details.zip and the action is Message Dropped.
Message details are as follows.
*
From: debian-isp@lists.debian.org
Subject: Re: Movie
Date: 2003-06-30 00:48:22
*
8><===
I think Gates' second idea is more of a joke. He wants to require mail
senders to "offer cash" to the recipient. The recipient would get the
cash if they chose to open a message from an unknown sender. Potential
customers would have to pay to send an inquiry to a company asking
Hay there . thanks for stopping to read my email.
I have compiled exim with perl support...
I need to be able to auto reply to certain emails with a mail containing an
attachment .. the standandrad exim autoreply doesn't support , attachments.
So i figured parse incoming mail to check if requires
On Sunday 29 June 2003 05:39, Gene Grimm wrote:
> Has anyone heard any details about Gates' new ideas on how to "block"
> spam? [...]
> First, he wants to create a "challenge response" scheme [...]This is what
> I fear:
> 3. Recipient's mail client downloads incoming message for analysis
> 4. Re
On Sun, 2003-06-29 at 19:02, Donovan Baarda wrote:
[...]
> Once you get compromised, it's pretty darn hard to get clean without
> starting fresh. Some rootkit compromises do weird stuff like infect
> every binary file you even 'ls'. One system I saw had been compromised
> via an ssh vulerability (o
This is an automatically generated Attachment Filtering notification. The data is
*details.zip and the action is Message Dropped.
Message details are as follows.
*
From: [EMAIL PROTECTED]
Subject: Re: Movie
Date: 2003-06-30 00:48:22
*
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
wit
On Sun, 29 Jun 2003 17:12, Jason Lim wrote:
> The box is a very recently updated "stable" box... virtually every other
> date apt-get is update/upgrade.
>
> The box is setup very secure... the usual things were done... like
> ensuring no unused services are running and things like that.
>
> So does
On Sun, 29 Jun 2003 13:00:57 +0800, Jason Lim wrote:
>Is there a document somewhere, or procedure, to recover after this?
It's as simple as reinstalling. There's no other way, you can't get around
this...
--
L I N U X .~.
The Choice /V\
of a GNU /( )\
Generation
Hi all!
I need to compile a 2.4.21 Kernel for Woody.
Which version of GCC should I use...
GCC3 or GCC2.95?
Should I download standard kernel src - or should I get
it from testing, or unstable?
Thanks for your help
Andrew
8><===
I think Gates' second idea is more of a joke. He wants to require mail
senders to "offer cash" to the recipient. The recipient would get the
cash if they chose to open a message from an unknown sender. Potential
customers would have to pay to send an inquiry to a company asking
On Sun, 29 Jun 2003 17:12, Jason Lim wrote:
> The box is a very recently updated "stable" box... virtually every other
> date apt-get is update/upgrade.
>
> The box is setup very secure... the usual things were done... like
> ensuring no unused services are running and things like that.
>
> So does
On Sun, 29 Jun 2003 13:00:57 +0800, Jason Lim wrote:
>Is there a document somewhere, or procedure, to recover after this?
It's as simple as reinstalling. There's no other way, you can't get around
this...
--
L I N U X .~.
The Choice /V\
of a GNU /( )\
Generation
Hi all!
I need to compile a 2.4.21 Kernel for Woody.
Which version of GCC should I use...
GCC3 or GCC2.95?
Should I download standard kernel src - or should I get
it from testing, or unstable?
Thanks for your help
Andrew
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of
44 matches
Mail list logo