I tried switching into another shell, and I get the same fork
error.
[admin admin]$ sh
bash: fork: Try again
[admin admin]$ csh
bash: fork: Try again
[admin admin]$ bash
bash: fork: Try again
[admin admin]$ zsh
bash: fork: Try again
[admin admin]$ echo "Hello"
Hello
$ echo
works as you can see. I was actually thinking of echoing a new /etc/passwd
so it puts me into a different shell, but then I would have to reconstruct
a new /etc/passwd without knowing about the previous one.
brian
On Mon, Jan 10, 2000 at 11:52:24PM -0800, Marc Matteo wrote:
> While it's possible it's a crack, I'd bet against it. The machines seem
> pretty locked down (I did a little checking :)).
>
> What happens if you enter another shell (i.e.: 'sh')?
>
> Marc
> --
> Marc Matteo
> Online Technology Leader
> http://www.sacbee.com
>
> ----- Original Message -----
> From: "Brian Lavender" <brian@brie.com>
> To: "Lug Nuts" <lug-nuts@saclug.org>
> Sent: Monday, January 10, 2000 11:32 PM
> Subject: [lug-nuts] Site cracked?
>
>
> > I have been working on a Cobalt RAQ server and suddenly the thing is on
> > the fritz. I am able to ssh into it, but once I get on, bash forks on me
> > (at least that is the way it looks). Every command forks except for $
> > cd which allows me to change directories. Here is some sample output:
> >
> > bash: fork: Try again
> > [admin admin]$ su
> > bash: fork: Try again
> > [admin admin]$ ls
> > bash: fork: Try again
> > [admin admin]$ pwd
> > /home/sites/home/users/admin
> > [admin admin]$ cd
> > [admin admin]$
> >
> > as you can see both cd and pwd work. I have never encountered this
> problem.
> > The secure web server is still working, along with the administrative
> > server, but from the shell, it sure looks suspicious.
> >
> > Does this look like a crack attack?
> >
> > Here are the IP's:
> > 209.235.50.96
> > 209.235.50.95
> > 209.235.50.94
> >
> > Before these problems occured, the CPU usage and memory usage appeared
> erratic
> > from the web based admin tool.
> >
> > brian
> > --
> > Brian Lavender
> > http://www.brie.com/brian/
> >
> ****************************************************************************
> > * To UNSUBSCRIBE from the list, send a message with "unsubscribe lug-nuts"
> > * in the message body to majordomo@saclug.org. Please direct other
> > * questions, comments, or problems to lug-nuts-owner@saclug.org.
> >
>
> ****************************************************************************
> * To UNSUBSCRIBE from the list, send a message with "unsubscribe lug-nuts"
> * in the message body to majordomo@saclug.org. Please direct other
> * questions, comments, or problems to lug-nuts-owner@saclug.org.
-- Brian Lavender http://www.brie.com/brian/ **************************************************************************** * To UNSUBSCRIBE from the list, send a message with "unsubscribe lug-nuts" * in the message body to majordomo@saclug.org. Please direct other * questions, comments, or problems to lug-nuts-owner@saclug.org.
This archive was generated by hypermail 2b29 : Fri Feb 25 2000 - 14:29:10 PST