[ic] Urgent Help

Robert Trembath robert@icardigital.com
Mon, 5 Mar 2001 10:26:29 -0600 

I had to reinstall the RPM and edit the interchange.cfg file to fix it. All
works now but I have nothing in the error log to indicate what caused it to
crash. Any ideas?

----- Original Message -----
From: "Murray Gibbins" <Murray@scotweb.ltd.uk>
To: <interchange-users@lists.akopia.com>
Sent: Monday, March 05, 2001 9:28 AM
Subject: Re: [ic] Urgent Help


> Robert Trembath wrote:
> >
> > I think someone was trying to hack our machine this morning. Found some
> > files in the /tmp directory that apache wrote containing this:
> >
> > Not Found
> > The requested URL /orders/orders.txt was not found on this server.
> >
> > Not Found
> > The requested URL /orders/import.txt was not found on this server.
> >
>
> ok that's just a problem with httpd.conf, may not indicate a hack, more
likely a
> problem with a document root inside  virtual host or Alias or Script
alias. Your
> file permissions may be wonky too.
>
>
> > Authorization Required
> > This server could not verify that you are authorized to access the
document
> > requested. Either you suppliÐ8þed the wrong credentials (e.g., bad
> > password), or your browser doesn't understand how to supply the
credentials
> > required.
>
> i wouldn't worry about that. If a real hacker got in then you would not
have
> this type of log file hanging around. But if in doubt may I suggest format
> /dev/hda
>
> > I believe someone was looking for credit card info and config info on
our
> > server. What do you think? I do have the IP's logged but they are
probably
> > bogus.
>
> The correct approach is "My machine is connected to the internet,
therefore I
> will assume that it is hacked (hackable) until it is hacked". The
precautionary
> approach will work best for machines inside DMZ's.
>
> The "Scientific method" will solve all your problems and tell you what's
> happening.
>
> Yours
>
> Murray
>
> http://www.morpheux.org
>
> --
>   ____
>   \__/    Murray Gibbins             murray@scotweb.ltd.uk
>   /  \    Programmer
> _ \__/ _  ================================================
> \\ || //  Scotweb Limited,             info@scotweb.ltd.uk
>  \\||//   13a Albert Terrace,    http://www.scotweb.ltd.uk
>   \||/    Edinburgh EH10 5EA   Tel: +44 (0)  131 270 82 33
>    ||     Scotland. Europe.    Fax: +44 (0) 7020  93 49 04
>
> _______________________________________________
> Interchange-users mailing list
> Interchange-users@lists.akopia.com
> http://lists.akopia.com/mailman/listinfo/interchange-users