Date: Fri, 22 Jun 2012 22:59:33 +0700 From: Erich Dollansky <erich@alogreentechnologies.com> To: freebsd-doc@freebsd.org, RetspaN Code <silent24_2007@yahoo.com> Subject: Re: I have a problem to my server running under FreeBSD 8.1 p-1 release Message-ID: <201206222259.34058.erich@alogreentechnologies.com> In-Reply-To: <1340379530.49640.YahooMailNeo@web190402.mail.sg3.yahoo.com> References: <1340379530.49640.YahooMailNeo@web190402.mail.sg3.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, I think that the best advice is that you take a fresh install media and mak= e a=20 fresh install as you are not in control of the machine anymore. Erich On Friday 22 June 2012 22:38:50 RetspaN Code wrote: > Hello FreeBSD, >=20 > I have a problem to my server. >=20 > I'm running FreeBSD 8.1 p-1 release >=20 > When freebsd got a vulnerable called OpenSSL multiple vulnerabilities i g= et > my server reboot and shutdown many times. when i check the log on wtmp i > found user and use root login thru terminal, it looks like this: >=20 ~^@^@^@^@^@^@^@reboot^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@=D0 >=20 =ED=C9Lttyv0^@^@^@root^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^= @^@ >=20 > and intruder load their exploit due to my server vulnerable of openssl but > i did patch it but already late coz the intruder already load their > exploit. and users start to reboot and shutdown my server everytime i up. > then user also delete my /home/files. and now i get this last problem. > specially when running application psybnc it auto crash and auto kill the > process. >=20 > [root@CyberTech /usr/src]# fetch > http://security.FreeBSD.org/patches/SA-12:04/sysret-81.patch fetch: > http://security.FreeBSD.org/patches/SA-12:04/sysret-81.patch: Permission > denied [root@CyberTech /usr/src]# >=20 > I got this error. >=20 > Heres my current process: >=20 > [root@CyberTech /usr/src]# ps x > PID TT STAT TIME COMMAND > 0 ?? DLs 143:51.96 [kernel] > 1 ?? SLs 0:28.75 /sbin/init -- > 2 ?? DL 2:49.23 [g_event] > 3 ?? DL 32:31.52 [g_up] > 4 ?? DL 27:26.45 [g_down] > 5 ?? DL 0:00.01 [sctp_iterator] > 6 ?? DL 0:00.00 [xpt_thrd] > 7 ?? DL 16:27.57 [pagedaemon] > 8 ?? DL 0:00.00 [vmdaemon] > 9 ?? DL 0:00.04 [pagezero] > 10 ?? DL 0:00.00 [audit] > 11 ?? RL 91515:47.03 [idle] > 12 ?? WL 918:54.59 [intr] > 13 ?? DL 11:18.45 [yarrow] > 14 ?? DL 0:49.58 [usb] > 15 ?? DL 0:45.70 [acpi_thermal] > 16 ?? DL 0:13.93 [bufdaemon] > 17 ?? DL 41:59.16 [syncer] > 18 ?? DL 0:25.69 [vnlru] > 19 ?? DL 0:15.91 [softdepflush] > 20 ?? DL 1:50.31 [flowcleaner] > 112 ?? Is 0:00.00 adjkerntz -i > 2046 ?? Is 0:00.04 /sbin/devd > 2233 ?? DL 0:01.48 [accounting] > 2256 ?? Ss 13:51.56 /usr/local/sbin/syslog-ng -p /var/run/syslog.pid > 2608 ?? Ss 2:54.56 /usr/bin/perl > /usr/local/lib/webmin-1.580/miniserv.pl > /usr/local/etc/webmin/miniserv.conf (perl5.10.1) 2707 ?? Ss 0:08.02 > /usr/sbin/cron -s > 2718 ?? Is 0:00.27 /usr/local/bin/portsentry -tcp > 2720 ?? Is 0:00.00 /usr/local/bin/portsentry -udp > 44606 ?? Is 0:04.40 /usr/local/sbin/oidentd -C > /usr/local/etc/oidentd.conf 79728 ?? Is 0:00.01 /usr/sbin/sshd -u0 > 85824 ?? Ss 0:00.70 sshd: root@pts/13 (sshd) > 4756 v0 Is+ 0:00.01 /usr/libexec/getty Pc ttyv0 > 4757 v1 Is+ 0:00.01 /usr/libexec/getty Pc ttyv1 > 4758 v2 Is+ 0:00.01 /usr/libexec/getty Pc ttyv2 > 4759 v3 Is+ 0:00.01 /usr/libexec/getty Pc ttyv3 > 4760 v4 Is+ 0:00.01 /usr/libexec/getty Pc ttyv4 > 4761 v5 Is+ 0:00.01 /usr/libexec/getty Pc ttyv5 > 4762 v6 Is+ 0:00.01 /usr/libexec/getty Pc ttyv6 > 4763 v7 Is+ 0:00.01 /usr/libexec/getty Pc ttyv7 > 85841 13 Is 0:00.05 -csh (csh) > 87998 13 S 0:00.04 bash > 88267 13 R+ 0:00.00 ps x > [root@CyberTech /usr/src]# >=20 > Can you help me to fix and how to repair my server to avoid crash and > getting an error "Error Creating Socket" >=20 > Please help me Sir, Thanks! >=20 >=20 > Regards, >=20 > FredFoxs > _______________________________________________ > freebsd-doc@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-doc > To unsubscribe, send any mail to "freebsd-doc-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201206222259.34058.erich>