Date: Sat, 27 Nov 2010 13:32:07 +0000 From: "Poul-Henning Kamp" <phk@phk.freebsd.dk> To: Jan Muenther <jan.muenther@nruns.com> Cc: freebsd-security@freebsd.org Subject: Re: ssh binary modified Message-ID: <1874.1290864727@critter.freebsd.dk> In-Reply-To: Your message of "Sat, 27 Nov 2010 14:17:17 %2B0100." <4CF104DD.1050405@nruns.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <4CF104DD.1050405@nruns.com>, Jan Muenther writes: >yeah, that box has been taken over. Now, before you nuke it and >reinstall from some trusted media, I'd try and give finding out what >exactly happened a shot. My point is that if they got in through e.g. a >flaw in a custom web app, just newly setting up the machine and >resetting the passwords is not going to make it all go away. And you should seriously consider putting everything you can into jails, to contain any future damage. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1874.1290864727>