Date: Thu, 31 May 2001 18:39:51 -0700 (PDT) From: Brian Behlendorf <brian@collab.net> To: "Karsten W. Rohrbach" <karsten@rohrbach.de> Cc: <freebsd-security@freebsd.org> Subject: Re: Apache Software Foundation Server compromised, resecured. (fwd) Message-ID: <Pine.BSF.4.31.0105311838200.52261-100000@localhost> In-Reply-To: <20010601012752.C85717@mail.webmonster.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 1 Jun 2001, Karsten W. Rohrbach wrote: > this was one "result" of the comromised ssh binary at sourceforge. > i don't want to think about it aloud in public what's next :-( > > last | grep sourceforge > for (every account affected) > pw usermod "account" -h - The shell machine at SF didn't have reverse DNS (or at least it wasn't recorded in the wtmp), so you might want to look for 216.136.171.252 (the machine our friend came in from) or maybe even 216.136/24. Brian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.31.0105311838200.52261-100000>