One of my customers is down...

Fairlight fairlite at fairlite.com
Fri Sep 14 10:34:17 PDT 2007 

Y'all catch dis heeyah?  Mike Schwartz been jivin' 'bout like:
> 
>      This morning, whenever they go into a filepro file using an index, they
> are immediately kicked back to the filepro main menu.  They select #4, Index
> Selection, then index "A", or "1", and then type in a value to search for.
> As soon as they press "Esc", they get kicked back to the main menu.
> 
>      I had them remove the indexes from one of their files, run a freechain,
> then rebuild just one automatic index, but they still get kicked out.  I had
> them remove the automatic index and build just one demand index, but they
> still get kicked out.  

What are the timestamps on the relevant binaries that exhibit issues?
Granted, this can be faked, but crackers tend to be sloppy more often than
not.

Check the process table for anything odd running.  Also check for open
ports that shouldn't be there and nuke anything that was put in place. 

>      I had them look through a whole file using record number, browsing all
> the way to the end, but they couldn't see any obvious corruption.   

One could try verifying all the rpm's (if it's an rpm-based dist) to see
what's been tampered with.  I wrote software that'll do that easily in one
step.

>      They say that all of their filepro files act doing this.

Then I don't think it'd be a data issue, it'd be a programmatic issue.

>      Unless any of you have a suggestion, I am going to try to talk them
> through:  1) reinstalling filepro and, if that fails, 2) restoring their
> whole server from their BRU backups.  

If a server gets cracked, I -always- recommend a full reinstall and
re-hardening from scratch, ASAP.  Trying to pin down what's been dinked
with leaves too many things you may not catch.  There's always going to be
a nagging doubt.

You could get them back up and running temporarily, but I'd heartily
recommend a reinstall if it was cracked, and then only restore data files
and custom software (ie., fP, etc.).

mark->
-- 
The latest synth mixdown...
http://media.fairlite.com/Isolation_Voiceless_Cry_Mix.mp3

More information about the Filepro-list mailing list