[App_rpt-users] Major Allstar Issue

Alan Adamson adamson_alan at hotmail.com
Mon Jun 18 15:37:32 UTC 2012 

Sounds to me like you got hacked!  If it rebooted and you had a keyboard and
monitor connected to it and it came up correctly, but you can't login,
either someone changes your ssh login, *or* you have a volume failing and
the area of the drive where the executable for sshd is located is bad.

One option you could try is to boot with keyboard/monitor and you'd have to
go see how centos does it, but there is a way to boot to single user mode.
If you get there and you can't login, someone changed the root password.

I hope you didn't have telnet access enabled, and I hope you changed the ssh
port number... If not, there were 2 ways someone could have gotten to your
computer...

Sorry for the challenges, but it's either a drive issue or a hacker, only 2
things if it was working and now it's not and you can't login.

Alan

-----Original Message-----
From: app_rpt-users-bounces at ohnosec.org
[mailto:app_rpt-users-bounces at ohnosec.org] On Behalf Of Matt Roberts
Sent: Monday, June 18, 2012 11:32 AM
To: app_rpt-users at ohnosec.org
Subject: [App_rpt-users] Major Allstar Issue

Saturday morning I discovered I was having problems with my Allstar box.  I
wanted to control my node from the CLI, so logged in.  My goal was to
connect to Echolink, but my commands weren't working.  The repeater would
not key! I tried to reboot the computer but to a message telling me the
command didn't exist.  I tried using shutdown, but got no result either.  I
thought maybe the thing to do is reboot the computer from the power switch.
I did that, and could not log-in remotely.  The message I got was "access
denied try later." Later, I remember when my micro node won't boot, you
connect a keyboard to it, and hit F1.  I shutdown the computer from the
power switch again, and performed this action.  The repeater is working, but
when I try to connect remotely, I get "connection refused." I didn't change
the port for SSH.
Also, all three of my nodes have disappeared from the database.  When you
bring up the system wide node list, nodes 28142, 28143, and 28504 indicate
they've been removed from the database.  I never requested that! The 28142
node is my repeater, 28143 is my remote base, and 28504 was originally going
to be used for a hub, but I've decided to make it a RTCM node.  This will
take a while, because I need to gather the funds for the equipment.
I have an ISO image on my PC, but am not sure how to make it into a bootable
CD.  


Matt Roberts
n9gmr at me.com
Call Sign N9GMR
IRLP 4515
EchoLink 640860
Allstar 28142

_______________________________________________
App_rpt-users mailing list
App_rpt-users at ohnosec.org
http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users

More information about the App_rpt-users mailing list