|
Grex > Mnet > #21: m-b0x cracked & wiped sunday nite, it seems | |
|
| Author |
Message |
tsty
|
|
m-b0x cracked & wiped sunday nite, it seems
| 
Jul 20 08:44 UTC 1998 |
well .... some vandal cracked root and the m-b0x as you knew it ...isn't.
trex paged me about 245a to turn everything off and with some
luck the backup tapes will put the m-b0x in a previous state from which
we may continue.
m2-net was power cycled, per rex. the console screen supported that action.
dammit.
|
| 16 responses total. |
other
|
|
response 1 of 16:
|
Jul 20 20:37 UTC 1998 |
so besides changing the root password, what else will have to happen before
mnet comes back?
|
lk
|
|
response 2 of 16:
|
Jul 20 20:43 UTC 1998 |
I'm not even sure that would have to happen; the hacker probably got
root without knowing the root password. If everything has been wiped
out, it worries me that we won't be able to find out how the system
was compromised. If we don't know what hole to plug, what is to prevent
the same person from coming back and doing it again next week?
|
mbobak
|
|
response 3 of 16:
|
Jul 20 23:24 UTC 1998 |
#18 Mark J Bobak(mbobak) on Mon Jul 20 19:21:08 1998:
Update to the minute update from NEW Center:
trex, casper, myself, and tsty are here now.
We lost /migs, /guest, /bin, /dev, and /etc.
Restore is currently runing for /dev /bin and /etc.
When that completes, we'll have (hopefully) a bootable system.
After that, I'll restore /migs and /guest, and we ought to be
back in business. The crash happened just before our nightly backup,
so, the previous 24 hours of data will be lost.
Back to the trenches....
|
scott
|
|
response 4 of 16:
|
Jul 21 00:35 UTC 1998 |
Wow, nightly backups? M-Net is apparently *much* better than Grex on backups.
|
tsty
|
|
response 5 of 16:
|
Jul 21 02:36 UTC 1998 |
lk is sysop .. and configured pax to do that rather well, *THANK YOU* lk.
|
tsty
|
|
response 6 of 16:
|
Jul 21 02:39 UTC 1998 |
left supreme hq about an hour ago.. /migs restore was rapidly
in progress adn /guest is not far behind (but not started yet.)
the login process has been truncated to a message from mjb .. and
wil be released after the stuff is restored and the system checked.
|
trex
|
|
response 7 of 16:
|
Jul 21 02:44 UTC 1998 |
I've put updates into item 79 of angora. or general, whatever.
|
krj
|
|
response 8 of 16:
|
Jul 21 04:03 UTC 1998 |
(one could just get agora 79 linked here...)
|
slynne
|
|
response 9 of 16:
|
Jul 21 18:25 UTC 1998 |
Yes, Mnet is very fortunate to have Leeron and the rest of the staff there
is wonderful as well. I doubt they'll get the credit they deserve though.
|
davenger
|
|
response 10 of 16:
|
Jul 21 18:34 UTC 1998 |
didn't m-net use qpopper 2.1.4 before the crack? if you did, then thats
how you got hacked. a *working* bsd386 qpopper exploit was posted a few
days ago. you people got to learn to read the appropriate security
mailing lists if you want to run a public unix system.
oh yeah and if your root password was something like 'sysadmin', change it.
with that kind of password, people dont need to exploits to break root.
|
mbobak
|
|
response 11 of 16:
|
Jul 21 19:51 UTC 1998 |
well, yeah, they got in via qpopper. Some of us do keep up on security,
but, it's a volunteer position. Sometimes stuff slips by, this kind of
stuff happens. Life goes on. And no, our root password is NOTHING like
'sysadmin'. give us *some* credit! Geez!
|
jerome
|
|
response 12 of 16:
|
Jul 21 21:46 UTC 1998 |
I've used m-net for a while but so far haven't supported it financially.
I'm very impressed, though, with the effort being put in by m-net staff
to get the system running again, and also with the well implemented
backup system (something that grex, from what I understand, is severely
lacking). My financial support of m-net will be starting soon (I'm already
a grex member).
|
lk
|
|
response 13 of 16:
|
Jul 22 16:26 UTC 1998 |
That's great, Jerome, we can use a few more members just now to
help pay the bills.
Note that the time span between the security alert and this hack was
a matter of a few days. Consider that for every M-Net root there are
probably 1000 hackers out there. Yet for every hack who manages to
break into M-Net, 1000 others fail....
No, the root password is not nor was it ever "sysadmin".
It is "" (wups, looked like my echo got turned off. Oh well).
Next month (if I have some time) I'll look into switching from pax
to cpio so as to avoid the problem that precluded us from restoring
from the nightly incremental backups.
The M-Net roots (as the sysadmin I have the password but I don't
consider myself a root) did a great job restoring the system.
I'm just going to have to learn not to be impressed with each miracle
they pull off. (:
|
tsty
|
|
response 14 of 16:
|
Jun 19 01:56 UTC 2000 |
hmmmm, this is deja vu all over again.
|
ric
|
|
response 15 of 16:
|
Jun 19 02:06 UTC 2000 |
lay off the crack pipe, man
|
willard
|
|
response 16 of 16:
|
Jun 19 16:37 UTC 2000 |
You think it's crack? Or Jack?
|