Date: Thu, 05 Jul 2001 09:45:42 -0500 From: Tony Wells <tony@camel.kdsi.net> To: Rob <rob@robhulme.com> Cc: "Freebsd-Questions@Freebsd. Org" <freebsd-questions@FreeBSD.ORG> Subject: Re: Is my FTP hacked? Message-ID: <3B447D96.630698AA@camel.kdsi.net> References: <LPBBLIHFHEKDFLJEBFJGAEODDKAA.rob@robhulme.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Your pwd.db file should look like garbage when you look at it with an editor; that is because it is a hash file and not just ASCII text. Try 'file /etc/pwd.db' to learn more about what the format of the file is. Rob wrote: > > > I think someone may have hacked into my ftp... I've got this line in my > > /var/log/messages > > > > "Jul 5 10:03:50 www ftpd[8728]: /etc/pwd.db: No such file or > > directory"... > > > > is there any way I can see what account they logged in as and so > > on? or has > > something else happened? > > > > I've disabled FTP for the moment.... > OK - false alarm it seems... I used 'last' to track down who the user was at > 10:03... I've talked to him and he said he was just uploading some files > (for one of our websites)... I trust him, so I guess we weren't trying to be > hacked - but what happened to cause this error? > > If I look at passwd.db with pico /etc/pwd.db it has what looks like a load > of garbage on the first line... > then: > > # > # List of acceptable shells for chpass(1). > # Ftpd will not allow users to connect who are not using > # one of these shells. > > /bin/sh > /bin/csh > /nonexistent > > then the last line looks like a load of the usernames on the system followed > by a *lot* of ÿÿÿÿÿÿÿÿÿÿÿ symbols... > > What is going on ? :) > > -Rob > > -------------------------------- > http://www.robhulme.com > http://www.christianunion.org.uk > > "May the forks be with us." - Blue Raja (Mystery Men) > > Everything you've learned in school as "obvious" becomes less and less > obvious as you begin to study the universe. > For example, there are no solids in the universe. > There's not even a suggestion of a solid. There are no absolute > continuums. > There are no surfaces. There are no straight lines. > ---- R. Buckminster Fuller > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B447D96.630698AA>