Date: Sat, 28 Jul 2001 01:30:16 -0400 (EDT) From: "Russell J. Lahti" <russell@ajboggs.com> To: freebsd-questions@FreeBSD.ORG Subject: Re: URGENT - Seems like i've been hacked... what to do now? Message-ID: <996298216.3b624de8cf14b@www.ajboggs.com> In-Reply-To: <20010728051328.83415.qmail@web20104.mail.yahoo.com> References: <20010728051328.83415.qmail@web20104.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> So I should only allow SSH connections? > > Is there anyway to see what has been modified since a > particular date? > > -Sameer Yes use SSH, there are great terminal apps out there that are freeware like putty and tera term pro that will allow you to ssh in from a msft system. At least unplug it from the internet for now, so the rest of us don't have to deal with someone using it to DoS from. :) You can always check for files with the find -mtime option, you can check your wtmp by using "last" and all of that. But you'd probably be better off just re-installing for now, unless you want the experience of trying to track down what was done. If you want to do that, go start reading up on what to do.. but unplug the NIC. Enjoy. -Russell To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?996298216.3b624de8cf14b>