- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Virus Attack or Have I been Hacked?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-17-2000 06:47 AM
11-17-2000 06:47 AM
Virus Attack or Have I been Hacked?
AND THE SYSTEM DISK ARE SHOWING BUSY BLINKING LIGHT, THE LCD HAS JUST F13F ON DISPLAY.
HOW CAN I GO INTO THE SERVER TO CHECK THE DIRECTORIES. SINCE CONSOLE LOGIN IS NO LONGER WORKING. WHEN I RUN 'HPUX LL' AT ISL>, IN SEE THAT ALL IDS IN /STAND WERE CHANGED TO USER AND GROUP ID NUMBERS. VMUNIX, SYSTEM AND THE *.PREV FILES ARE ALL ZERO. THEY GUYS AT SECURITY-ALERT@HP.COM WERE NOT OF HELP.
HAS ANY BODY SEEN THIS?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-17-2000 07:02 AM
11-17-2000 07:02 AM
Re: Virus Attack or Have I been Hacked?
I would try to recuperate by ftp if you can important config files like passwd hosts ...
onto pc or non HPUX system, to see if there is an explanation, again if ftp works, try to put a kernel, get rid of the resolver and try to boot as a stand alone machine then have a look inside...
I know its not much of an help for now, just think we are with you, keep in touch and if we have better ideas, we shall submit them...
All the best
Victor
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-17-2000 07:13 AM
11-17-2000 07:13 AM
Re: Virus Attack or Have I been Hacked?
rlogin didn't work but remsh YES
Could you try something like this :
remsh BADHOST -n "export DISPLAY=GOODHOST:0.0;xterm"
Regards,
Patrice.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-17-2000 07:18 AM
11-17-2000 07:18 AM
Re: Virus Attack or Have I been Hacked?
Is this situation after a reboot?
It sounds like that the server loading has gone through the roof and processor time is not being given to telnet -etc.
You have to my mind two options :-
1. Leave it and see if it gets better.
2. Hit the big red button (as I would do) bring it to a stand still - disconnect network/comms and reboot.
Good luck
Paula.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-17-2000 07:25 AM
11-17-2000 07:25 AM
Re: Virus Attack or Have I been Hacked?
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-17-2000 07:29 AM
11-17-2000 07:29 AM
Re: Virus Attack or Have I been Hacked?
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-17-2000 07:33 AM
11-17-2000 07:33 AM
Re: Virus Attack or Have I been Hacked?
All files ownership and group properties are stored as the numeric UID/GID number. When you do an ll when the system is running normally, the UID/GID numbers get converted automatically to their normal names.
The UID of 0, which you saw in /stand is the UID for the root user. All of /stand should be owned by root.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-17-2000 07:44 AM
11-17-2000 07:44 AM