From owner-freebsd-questions@FreeBSD.ORG Wed Mar 2 03:12:57 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D67FA16A4CE for ; Wed, 2 Mar 2005 03:12:57 +0000 (GMT) Received: from prosporo.hedron.org (hedron.org [66.11.182.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2D09343D31 for ; Wed, 2 Mar 2005 03:12:57 +0000 (GMT) (envelope-from ean@hedron.org) Received: from hedron.org (unknown [192.168.89.1]) by prosporo.hedron.org (Postfix) with ESMTP id 91171C120 for ; Tue, 1 Mar 2005 22:13:30 -0500 (EST) Date: Tue, 1 Mar 2005 22:12:03 -0500 Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v553) From: Ean Kingston To: freebsd-questions@freebsd.org Content-Transfer-Encoding: 7bit In-Reply-To: <001d01c51ed2$a6afc630$504b4646@Fullersoffice> Message-Id: X-Mailer: Apple Mail (2.553) Subject: Re: recovering root password, was Help!Help!Help! X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Mar 2005 03:12:58 -0000 On Tuesday, March 1, 2005, at 09:50 PM, Replies wrote: > Hi, > > I have just spent over the last two years developing a unique > classified ads service which was online and had Free BSD as the > security on it. We ended up with a very aggressive and belligerent > programmer who left us but left us some nasty little bugs behind to > really screw us up.. who we now can't find. > > I need to know how to change or eliminate a root password. > > As I still have our "test server" in my possession is there any way to > actually remove the folder that the passwords are held in.....the > reason I ask this is that when we actually changed the password on our > "production server" it released some sort of worm that totally crashed > and eliminated our online site, and all our data we have spent two > years developing. It also started trying to access other sites which > we only found out about this when our site crashed and we got > compalints our from our ISP that our server was trying to agressively > access other servers out there on the net. > > The Only saving grace is that we had it all backed up on our test > server but it has the same problem...I expect...I believe that he has > probably left us the same worm in our test server....the unfortunate > thing is that because we do not know the root password we are worried > that if we try to crack or eliminate it the same thing may > happen...and then we are automatically out of business. > > Is there any way around this....I can prove I am the owner of the > site...the URL and the server and any other information you may need > if necessary.... > First, make another backup of your test server. You may want to do this by building a new system with a fresh install of FreeBSD, physically removing the hard drive from your test server, installing it as a second drive (not the boot drive) in your newly created server, and do the backup (to tape, cd, or dvd). Then, after the backup, change the root password in the test servers hard drive. If you mount the root partition from the test server's hard drive as /mnt you could use vipw -d /mnt/etc to do it. Finally, take the advice you got from Chris. > > I really need help as this is 2/12 years work as it stands gone. > > Thanks > God Bless > Freddy > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org"