Date: Sat, 10 May 2003 15:06:53 -0300 From: Tony Meman <none@superig.com.br> Cc: freebsd-security@freebsd.org Subject: Re: Hacked? Message-ID: <3EBD3FBD.2030007@superig.com.br> References: <200305101116.h4ABGMH21903@boyes.its.utas.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
You should search the logs for weird exit msgs from the daemons. You could also look for core dumped files in the file system. If you still can't find a good bet would be in Samba (were you running it? which version?) and OpenSSL/apache. -- none Adam Dewis wrote: > > Doing a complete reeinstall is all good and well, but Installing a > rootkit means that the cracker used a hole to gain the required > permissions to do so. Whcih in praticality means that you will need to > patch the hole as well, unfortunatly I cannot offer any advice on > finding the hole, but mayhaps some other security guru on this list may > be able to steer you in the right direction? > > Adam >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3EBD3FBD.2030007>