|
|
|
well .... some vandal cracked root and the m-b0x as you knew it ...isn't. trex paged me about 245a to turn everything off and with some luck the backup tapes will put the m-b0x in a previous state from which we may continue. m2-net was power cycled, per rex. the console screen supported that action. dammit.
16 responses total.
so besides changing the root password, what else will have to happen before mnet comes back?
I'm not even sure that would have to happen; the hacker probably got root without knowing the root password. If everything has been wiped out, it worries me that we won't be able to find out how the system was compromised. If we don't know what hole to plug, what is to prevent the same person from coming back and doing it again next week?
#18 Mark J Bobak(mbobak) on Mon Jul 20 19:21:08 1998: Update to the minute update from NEW Center: trex, casper, myself, and tsty are here now. We lost /migs, /guest, /bin, /dev, and /etc. Restore is currently runing for /dev /bin and /etc. When that completes, we'll have (hopefully) a bootable system. After that, I'll restore /migs and /guest, and we ought to be back in business. The crash happened just before our nightly backup, so, the previous 24 hours of data will be lost. Back to the trenches....
Wow, nightly backups? M-Net is apparently *much* better than Grex on backups.
lk is sysop .. and configured pax to do that rather well, *THANK YOU* lk.
left supreme hq about an hour ago.. /migs restore was rapidly in progress adn /guest is not far behind (but not started yet.) the login process has been truncated to a message from mjb .. and wil be released after the stuff is restored and the system checked.
I've put updates into item 79 of angora. or general, whatever.
(one could just get agora 79 linked here...)
Yes, Mnet is very fortunate to have Leeron and the rest of the staff there is wonderful as well. I doubt they'll get the credit they deserve though.
didn't m-net use qpopper 2.1.4 before the crack? if you did, then thats how you got hacked. a *working* bsd386 qpopper exploit was posted a few days ago. you people got to learn to read the appropriate security mailing lists if you want to run a public unix system. oh yeah and if your root password was something like 'sysadmin', change it. with that kind of password, people dont need to exploits to break root.
well, yeah, they got in via qpopper. Some of us do keep up on security, but, it's a volunteer position. Sometimes stuff slips by, this kind of stuff happens. Life goes on. And no, our root password is NOTHING like 'sysadmin'. give us *some* credit! Geez!
I've used m-net for a while but so far haven't supported it financially. I'm very impressed, though, with the effort being put in by m-net staff to get the system running again, and also with the well implemented backup system (something that grex, from what I understand, is severely lacking). My financial support of m-net will be starting soon (I'm already a grex member).
That's great, Jerome, we can use a few more members just now to help pay the bills. Note that the time span between the security alert and this hack was a matter of a few days. Consider that for every M-Net root there are probably 1000 hackers out there. Yet for every hack who manages to break into M-Net, 1000 others fail.... No, the root password is not nor was it ever "sysadmin". It is "" (wups, looked like my echo got turned off. Oh well). Next month (if I have some time) I'll look into switching from pax to cpio so as to avoid the problem that precluded us from restoring from the nightly incremental backups. The M-Net roots (as the sysadmin I have the password but I don't consider myself a root) did a great job restoring the system. I'm just going to have to learn not to be impressed with each miracle they pull off. (:
hmmmm, this is deja vu all over again.
lay off the crack pipe, man
You think it's crack? Or Jack?
Response not possible - You must register and login before posting.
|
|
|
- Backtalk version 1.3.30 - Copyright 1996-2006, Jan Wolter and Steve Weiss