[Coco] Re: Not sure about the Barden issue
Boisy G. Pitre
boisy at boisypitre.com
Wed Jul 28 07:51:32 EDT 2004
John,
There was no hacking going on at all. This was an account whose
username and password were known to quite a few people, and was set up
for passing around files related to CoCo projects like NitrOS-9,
cocotools, etc. The individual who did this knew of the account's
existence and of the username and password. The system log shows a
normal login through SSH that would not have raised any flags with me
whatsoever.
Since this fiasco, my machine has locked up repeatedly and I am
currently looking at it to figure out if (a) the same individual placed
some type of rogue application on the server or (b) someone from this
group is targeting my IP address as a means of revenge. So if anyone
on this list is taking advantage of this situation by attempting to
raze my system, please stop. My attempts to provide a service to CoCo
folks is providing me more grief than it's worth, frankly.
Boisy
On Jul 27, 2004, at 10:07 PM, John E. Malmberg wrote:
> Dennis Bathory-Kitsz wrote:
>> At 04:05 PM 7/27/04 -0400, James Dessart wrote:
>>> They all seem to have been submitted from the same IP address...
>>> including the original email sent to the list.
>> I overlooked the X-Originating-IP line the first time, which was
>> Charter
>> Communications, identifying the cable customer. I have filed an abuse
>> notice.
>
>> The original mail came from Hotmail, however, so I'm guessing it's
>> still
>> legit.
>
> The original mail from Hotmail also came from the same computer
> through the HTTP interface to Hotmail.
>
> If they hacked Boisy's shell account, then they had to use a web
> browser to do the sending. For a shell account, that would be LYNX.
>
> But there is another clue that gives things away, the text format of
> the e-mail is "format/flowed", which as far as I know is only set by
> Netscape Navigator and Mozilla.
>
> To use Mozilla or Navigator, would indicate that an x-11 outgoing
> session was created. On my system setup, the I.P. address of the
> display would show up in at least one log. Which means that it still
> may be possible to track who did the breakin.
>
> -John
> wb8tyw(at)qsl.net
> Personal Opinion Only
>
>
> --
> Coco mailing list
> Coco at maltedmedia.com
> http://five.pairlist.net/mailman/listinfo/coco
>
More information about the Coco
mailing list