Bad to worse

ADG

Bad to worse

« on: December 18, 2004, 06:49:05 AM »

Well .. can things get any worse? I ran rkhunter and it found nothing so I can't tell how they got into the machine. It was definitely someone because they changed stuff and deleted stuff .. but without logs and anything else there is nothing I can do to find out what happened.

So I "upgraded" e-smith and now it doesn't work at all

... all my data is on the hard drive, and there has been about 1000 changes to the database since the last good backup (lost the last backup withe everything else).

It is now just scrolling Error 0x01 if anyone knows that that means ???

Logged

MSmith

675
+0/-0

Sure, they could get worse.

« Reply #1 on: December 19, 2004, 03:43:29 AM »

Your hard drive could physically fail. Until then, why not use Knoppix to pull your data files from the server, reformat & reinstall?

Logged

...

ADG

Bad to worse

« Reply #2 on: December 19, 2004, 04:57:12 AM »

I don't think it's physically failed, but you certainly can't boot from it.

Logged

Damian

Bad to worse

« Reply #3 on: December 21, 2004, 12:03:03 AM »

Didn't catch the earlier parts of this post so just jumping in here ...

The 0x01 errors could be your boot area not set correctly. If you can get hold of a RedHat 7.X CD iso from the web and burn the CD (or if you already have one), then boot it on your SME server and start in system recovery mode, you should be able to chroot to the SME disk and reinstall the lilo boot area from there.

Also if your data is important to you (I would imagine that it is) then get hold of two identical drives and do the SME install using disk mirroring. We never build an SME box without it.

If you need more help then post.

Damian

Logged

CharlieBrady

6,918
+3/-0

Re: Bad to worse

« Reply #4 on: December 22, 2004, 04:47:52 AM »

Quote from: "ADG"

Well .. can things get any worse? I ran rkhunter and it found nothing so I can't tell how they got into the machine. It was definitely someone because they changed stuff and deleted stuff .. but without logs and anything else there is nothing I can do to find out what happened.

By far the most likely cause is due to an insecure PHP application. Did you have any php appliations installed?

Logged

ADG

Bad to worse

« Reply #5 on: December 23, 2004, 10:55:35 AM »

Thanks .. all good advice ..

Think I only have phpBB2 and the sitestats program installed...

Logged

CharlieBrady

6,918
+3/-0

Bad to worse

« Reply #6 on: January 03, 2005, 05:59:33 AM »

Quote from: "ADG"

Think I only have phpBB2 ...

Chances are that's what the problem was.

Logged

raem

3,972
+4/-0

Bad to worse

« Reply #7 on: January 04, 2005, 01:50:31 AM »

ADG

> ..... I only have phpBB2 and ....

phpBB had a major security vulnerability which in conjunction with a php vulnerability allowed hackers to get root control.
See
http://www.phpbb.com/phpBB/viewtopic.php?t=241300&postdays=0&postorder=asc&start=0

and
http://www.phpbbstyles.com/viewtopic.php?t=1903

and
http://forums.contribs.org/index.php?topic=25275.0

You would be best to rebuild your server from scratch and then copy the databases over (if you really must) and the user data etc.

Logged

...