Date: Fri, 27 Jul 2001 21:19:44 -0700 (PDT) From: Bsd Newbie <bsdneophyte@yahoo.com> To: freebsd-questions@FreeBSD.ORG Subject: URGENT - Seems like i've been hacked... what to do now? Message-ID: <20010728041944.9507.qmail@web20103.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
I woke up from a long nap and decided to log into my BSD box... but something didn't seem right. It looked as if someone had rebooted the machine and logged on with my account and changed to SU. The time seemed odd, 3:27pm. I am sure I didn't use he computer at that time. I mean I have a horrible short term memory, but of this I'm pretty sure. This leads me to the conclusion that I've been hacked or something. It really boggles my mind how anyone was able to get a hold of both the user and su passwords. I mean I never logon using my account from anywhere other than the console. Is there anyway of seeing what the IP address was of the person that logged into my machine? How can I tell what the person did to the machine? I don't see anything in my root mailbox. Could this person have configured a back door to log themselves in from now on? How can I find it and destroy it? In short... what do I do now that i've been hacked? I need your advice badly. I'm going to be out this weekend and since I won't be here i'm going to take the machine off-line. ----- I saw something about a telnetd security hole... could that have been used against me? __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010728041944.9507.qmail>