Date: Sun, 21 Apr 2002 17:56:17 +0200 From: Alson van der Meulen <freebsd@alm.xs4all.nl> To: "Christopher J. Umina" <FJU@Fritzilldo.com> Cc: questions@freebsd.org Subject: Re: no /bin/login?!?! Message-ID: <20020421155617.GA7999@alm.xs4all.nl> In-Reply-To: <004001c1e94c$20984180$0301a8c0@fritz> References: <001201c1e94a$2b550b50$0301a8c0@fritz> <20020421174337.B82499@mars.thuis> <004001c1e94c$20984180$0301a8c0@fritz>
next in thread | previous in thread | raw e-mail | index | archive | help
Christopher J. Umina(FJU@Fritzilldo.com)@2002.04.21 11:49:30 +0000: > I found a few error messages on the screen, I don't know if they could mean > anything. > > 6 login failures from anax.pl and > iroffer exited on signal 4 four times. I guess your box is hacked. iroffer seems to be a file server for irc, which might be used to distribute warez (http://iroffer.org/). Unless you are running that intentionally. The login error is probably because the cracker replaced some binaries, like login, or telnetd, and probably others, with a trojaned one. I suggest you backup all your *data* (not binaries), and reinstall, and look at your configs *carefully* before you restore them. This is the only way to be sure. It could be hacked thru the telnetd security hole (SA 01:49 I think, see http://www.freebsd.org/security for more info). Alson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020421155617.GA7999>