From owner-freebsd-questions Fri Jul 27 22:26:28 2001 Delivered-To: freebsd-questions@freebsd.org Received: from central.ajboggs.com (central.ajboggs.com [209.69.173.4]) by hub.freebsd.org (Postfix) with ESMTP id 8415537B406 for ; Fri, 27 Jul 2001 22:26:24 -0700 (PDT) (envelope-from russell@ajboggs.com) Received: (from nobody@localhost) by central.ajboggs.com (8.11.4/8.11.4) id f6S5UGp07988 for freebsd-questions@FreeBSD.ORG; Sat, 28 Jul 2001 01:30:16 -0400 (EDT) From: "Russell J. Lahti" To: freebsd-questions@FreeBSD.ORG Subject: Re: URGENT - Seems like i've been hacked... what to do now? Message-ID: <996298216.3b624de8cf14b@www.ajboggs.com> Date: Sat, 28 Jul 2001 01:30:16 -0400 (EDT) References: <20010728051328.83415.qmail@web20104.mail.yahoo.com> In-Reply-To: <20010728051328.83415.qmail@web20104.mail.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit User-Agent: A.J. Boggs & Company Webmail X-Originating-IP: 24.179.171.140 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > So I should only allow SSH connections? > > Is there anyway to see what has been modified since a > particular date? > > -Sameer Yes use SSH, there are great terminal apps out there that are freeware like putty and tera term pro that will allow you to ssh in from a msft system. At least unplug it from the internet for now, so the rest of us don't have to deal with someone using it to DoS from. :) You can always check for files with the find -mtime option, you can check your wtmp by using "last" and all of that. But you'd probably be better off just re-installing for now, unless you want the experience of trying to track down what was done. If you want to do that, go start reading up on what to do.. but unplug the NIC. Enjoy. -Russell To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message