Date: Thu, 11 Aug 2005 15:46:50 +0200 From: Stijn Hoop <stijn@win.tue.nl> To: Ken Hawkins <ken@rosewoodblues.com> Cc: freebsd-security@freebsd.org Subject: Re: newbie with www user security problem Message-ID: <20050811134650.GC26471@pcwin002.win.tue.nl> In-Reply-To: <97525439-C809-4E69-B191-F29585A1A71B@rosewoodblues.com> References: <97525439-C809-4E69-B191-F29585A1A71B@rosewoodblues.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--jRHKVT23PllUwdXP Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Aug 11, 2005 at 09:32:22AM -0400, Ken Hawkins wrote: > we have been hacked by a spammer [snip] > X-AntiAbuse: Board servername - srforum.prosoundweb.com Ouch. You appear to be running a phpBB installation from 2002 (version 2.0.6). That's asking for trouble. A lot of exploits have been found in phpBB since that time, see http://www.phpbb.com/support/documents.php?mode=3Dchangelog and http://www.vuxml.org/freebsd/pkg-phpbb.html There are lots of automated scripts running on already compromised machines that scan other machines for these vulnerabilities. Assuming that is how the spammer got in, there is no telling what he has done after that. You must assume that your machine has been fully compromised. The only way to know for sure that your machine is clean again is to build a new machine from scratch and transfer all your _non-executable_ data to it. You _might_ be able to get away with identifying any and all processes, removing suspicious data from /tmp, /var/tmp and any other OS place, changing passwords on _all_ accounts (but especially sensitive ones like root, your own and www). But you might not find the one backdoor that the spammer left and then you're back to square one again. It's your choice. To prevent this from happening, perform regular port updates and make sure to subscribe to the announcement list of highprofile publicly accessible software that you run. Good luck. --Stijn --=20 A "No" uttered from deepest conviction is better and greater than a "Yes" merely uttered to please, or what is worse, to avoid trouble. -- Mahatma Ghandi --jRHKVT23PllUwdXP Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFC+1bKY3r/tLQmfWcRAjHbAJ99kYDIno6CZacSVDUBLiyyxv6UhwCfe2PD 0zdsXE9ysi1OVTldLWofWTA= =NyMM -----END PGP SIGNATURE----- --jRHKVT23PllUwdXP--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050811134650.GC26471>