From owner-freebsd-questions@FreeBSD.ORG Mon Apr 19 06:22:55 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7B4D516A4CE for ; Mon, 19 Apr 2004 06:22:55 -0700 (PDT) Received: from mta10.adelphia.net (mta10.adelphia.net [68.168.78.202]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2A37143D4C for ; Mon, 19 Apr 2004 06:22:55 -0700 (PDT) (envelope-from Barbish3@adelphia.net) Received: from barbish ([67.20.101.71]) by mta10.adelphia.net (InterMail vM.5.01.06.08 201-253-122-130-108-20031117) with SMTP id <20040419132254.RVIX8065.mta10.adelphia.net@barbish>; Mon, 19 Apr 2004 09:22:54 -0400 From: "JJB" To: "James T. Harrison" , Date: Mon, 19 Apr 2004 09:22:52 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: <000801c4260a$ab688a20$87312330@icsi.local> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal Subject: RE: comments X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Barbish3@adelphia.net List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Apr 2004 13:22:55 -0000 Bud Your MS/windows box is the one that has been compromised. Your problem has nothing to do with FreeBSD org, or the FBSD operating system. You need Norton personal firewall and virus checker to cleanup your system and stop it from happening again. -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of James T. Harrison Sent: Monday, April 19, 2004 8:35 AM To: freebsd-questions@FreeBSD.org Subject: comments My server had some apps running that should not have been there. You have a hacker using your site to gather info on servers. What are your plans to stop? What is your phone number and contact name? Here is part of the script. Notice USA as the country. This is one of many batch files that were found on my server. @echo off echo *------------------------------------------------------------------- *>info.txt echo *--Computer --*>>info.txt echo *------------------------------------------------------------------- *>>info.txt psinfo.exe -d >>info.txt echo *------------------------------------------------------------------- *>>info.txt echo *--List of Current Processes --*>>info.txt echo *------------------------------------------------------------------- *>>info.txt pslist.exe>>info.txt echo *------------------------------------------------------------------- *>>info.txt echo *--Result of speed test from various --*>>info.txt echo *------------------------------------------------------------------- *>>info.txt echo COUNTRY: DENMARK >>info.txt ftpc.exe -n -A -s:ftpc.cmds ftp.dk.FreeBSD.org >Status-1of15 findstr /C:"bytes rec" Status-1of15>>info.txt del ncurses.tar.gz echo *------------------------------------------------------------------- *>>info.txt echo COUNTRY: GERMANY >>info.txt del Status-1of15 ftpc.exe -n -A -s:ftpc.cmds ftp.de.freebsd.org >Status-2of15 findstr /C:"bytes rec" Status-2of15 >>info.txt del ncurses.tar.gz echo *------------------------------------------------------------------- *>>info.txt echo COUNTRY: NETHERLANDS >>info.txt del Status-2of15 ftpc.exe -n -A -s:ftpc.cmds ftp2.nl.freebsd.org >Status-3of15 findstr /C:"bytes rec" Status-3of15 >>info.txt del ncurses.tar.gz echo *------------------------------------------------------------------- *>>info.txt echo COUNTRY: USA >>info.txt del Status-3of15 ftpc.exe -n -A -s:ftpc.cmds ftp1.FreeBSD.org >Status-4of15 findstr /C:"bytes rec" Status-4of15 >>info.txt del ncurses.tar.gz echo *------------------------------------------------------------------- *>>info.txt echo COUNTRY: USA2 >>info.txt del Status-4of15 ftpc.exe -n -A -s:ftpc2.cmds ftp.lucasarts.com >Status-5of15 findstr /C:"bytes rec" Status-5of15 >>info.txt del Indyprev.zip echo *------------------------------------------------------------------- *>>info.txt echo COUNTRY: Canada >>info.txt del Status-5of15 ftpc.exe -n -A -s:ftpca.cmds ftp.crc.ca >Status-6of15 findstr /C:"bytes rec" Status-6of15 >>info.txt del latest-defs.exe echo *------------------------------------------------------------------- *>>info.txt echo COUNTRY: SWEDEN >>info.txt del Status-6of15 ftpc.exe -n -A -s:ftpc.cmds ftp.se.FreeBSD.org >Status-7of15 findstr /C:"bytes rec" Status-7of15 >>info.txt del ncurses.tar.gz echo *------------------------------------------------------------------- *>>info.txt echo COUNTRY: UK >>info.txt del Status-7of15 ftpc.exe -n -A -s:ftpc.cmds ftp.uk.FreeBSD.org >Status-8of15 findstr /C:"bytes rec" Status-8of15 >>info.txt del ncurses.tar.gz echo *------------------------------------------------------------------- *>>info.txt echo COUNTRY: FRANCE >>info.txt del Status-8of15 ftpc.exe -n -A -s:ftpc.cmds ftp8.fr.FreeBSD.org >Status-9of15 findstr /C:"bytes rec" Status-9of15 >>info.txt del ncurses.tar.gz echo *------------------------------------------------------------------- *>>info.txt echo COUNTRY: NL 2 >>info.txt del Status-9of15 ftpc.exe -n -A -s:ftpco.cmds 194.171.240.20 >Status-10of15 findstr /C:"bytes rec" Status-10of15 >>info.txt del patch-2.4.19.gz echo *------------------------------------------------------------------- *>>info.txt echo COUNTRY: NL 3 >>info.txt del Status-10of15 ftpc.exe -n -A -s:ftpce.cmds ftp.euronet.nl >Status-11of15 findstr /C:"bytes rec" Status-11of15 >>info.txt del 5M.bin echo *------------------------------------------------------------------- *>>info.txt echo COUNTRY: NL 4 >>info.txt del Status-11of15 ftpc.exe -n -A -s:ftpcy.cmds ftp.chello.nl >Status-12of15 findstr /C:"bytes rec" Status-12of15 >>info.txt del LT.zip echo *------------------------------------------------------------------- *>>info.txt echo COUNTRY: NO >>info.txt del Status-12of15 ftpc.exe -n -A -s:ftpcx.cmds ftp.no.FreeBSD.org >Status-13of15 findstr /C:"bytes rec" Status-13of15 >>info.txt del MBM5300.EXE echo *------------------------------------------------------------------- *>>info.txt echo COUNTRY: AT >>info.txt del Status-13of15 ftpc.exe -n -A -s:ftpch.cmds ftp.chello.at >Status-14of15 findstr /C:"bytes rec" Status-14of15 >>info.txt del dx5ger.exe echo *------------------------------------------------------------------- *>>info.txt echo COUNTRY: HU >>info.txt del Status-14of15 ftpc.exe -n -A -s:ftpch.cmds ftp.chello.hu >Status-15of15 findstr /C:"bytes rec" Status-15of15 >>info.txt del dx5ger.exe del Status-15of15 echo *---------------------------------- DONE ---------------------------*>>info.txt echo . > "+Speed Test Complete" _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"