HPE Community
Operating System - Linux
1753844 Members
7613 Online
108806 Solutions
New Discussion юеВ

Re: Hacked; recovering

 
SOLVED
Go to solution
Vernon Brown_2
Frequent Advisor

тАО08-14-2002 09:17 AM

тАО08-14-2002 09:17 AM

Hacked; recovering

Hacker changed my root password and did much damage. I reformated and installed RH 7.1. Recovered my data from backups. Have everything going now except pop-3 service. I typed in the ipop3 entry in xinetd.d by memory and maybe missed something.

When I telnet to my.domain 110 I get "connection refused."

How can I know if pop-3 is running ? Here is my ipop3 entry in xinetd.d.



service pop-3
{
protocol = tcp
user = root
socket_type = stream
wait = no
server = /usr/local/sbin/popper qpopper -s
disable = no
}

$ ls -l /usr/local/sbin
total 124
-rwxr-xr-x 1 root root 120980 Aug 13 09:44 popper

Thanks and points for any help !
0 Kudos
Reply
9 REPLIES 9
Ron Kinner
Honored Contributor

тАО08-14-2002 10:37 AM

тАО08-14-2002 10:37 AM

Solution

Re: Hacked; recovering

netstat -an |grep 110

should show if your PC is listening on port 110 which is pop3's usual port.

Ron

Reply
Vernon Brown_2
Frequent Advisor

тАО08-14-2002 10:54 AM

тАО08-14-2002 10:54 AM

Re: Hacked; recovering

Many Thanks !!

netstat -an | grep 110 returns empty. So can someone compare my pop-3 entry above with the RedHat ipop3 entry to see if it is correct.

Also; is there a way to update RedHat 7.1 to add stuff that was missed on the original install.
0 Kudos
Reply
Ron Kinner
Honored Contributor

тАО08-14-2002 12:19 PM

тАО08-14-2002 12:19 PM

Re: Hacked; recovering

Don't see anything wrong with your xinet.d entry.

See if either of these helps.

http://a1392.g.akamaitech.net/7/1392/939/0002/www.eudora.com/download/eudora/qpopper/4.0/free/final/Qpopper.pdf

Also:
http://www.naspa.com/PDF/2001/0401%20PDF/T0104006.pdf

Use RPM to add stuff to your Linux.

Ron






Reply
Vernon Brown_2
Frequent Advisor

тАО08-14-2002 12:45 PM

тАО08-14-2002 12:45 PM

Re: Hacked; recovering

Thanks !

Do you happen to know the rpm module that contains the RedHat pop-3 server. Or what can I grep for on what CD of the 7.1 release.
0 Kudos
Reply
Ron Kinner
Honored Contributor

тАО08-14-2002 02:22 PM

тАО08-14-2002 02:22 PM

Re: Hacked; recovering

I think it's hidden in the imap package:

http://isp-lists.isp-planet.com/isp-unix/0105/msg00093.html

Ron
Reply
Vernon Brown_2
Frequent Advisor

тАО08-14-2002 02:47 PM

тАО08-14-2002 02:47 PM

Re: Hacked; recovering

Thanks I'll see if I can rpm
the imap package.
0 Kudos
Reply
Sorrel G. Jakins
Valued Contributor

тАО08-14-2002 08:22 PM

тАО08-14-2002 08:22 PM

Re: Hacked; recovering

Ron Kinner,

Why do you use
http://a1392.g.akamaitech.net/7/1392/939/0002/www.eudora.com/download/eudora/qpopper/4.0/free/final/Qpopper.pdf

and not just go straight to eudora like this:
http://www.eudora.com/download/eudora/qpopper/4.0/free/final/Qpopper.pdf

In other words, who is akamai, and why would you want to go there to redirect to eudora?

Sorrel Jakins, pointy-hair boss and no cap/crown/wizard hat.
0 Kudos
Reply
Ron Kinner
Honored Contributor

тАО08-15-2002 05:32 AM

тАО08-15-2002 05:32 AM

Re: Hacked; recovering

Sorrel,

Got a page via a google search and then clicked on a link which had what I wanted and just copied what came up at the top. Too lazy to bother with figuring out what was the real URL.

Ron
0 Kudos
Reply
Richard Chang
New Member

тАО08-16-2002 05:17 AM

тАО08-16-2002 05:17 AM

Re: Hacked; recovering

Akamai is just a caching web server. A lot of companies buy their service (cnn.com is another that uses them).

The basic gyst of it is, Akamai puts servers in regions of the US. And, depending on where you are located, the content you are trying to view is provided from the server closest to you.

One of the benefits to the Akamai customer is that their servers don't have to handle the load - Akamai has to deal with that.

So, in this particular case, the download you are trying to get was going to come from a Akamai server that is close to you. This is very beneficial if you are on the east coast, and the origin company is on the west coast.


-Rich
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.