From owner-freebsd-doc@FreeBSD.ORG Fri Jun 22 15:38:52 2012 Return-Path: Delivered-To: freebsd-doc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6960A1065675 for ; Fri, 22 Jun 2012 15:38:52 +0000 (UTC) (envelope-from silent24_2007@yahoo.com) Received: from nm2-vm6.bullet.mail.sg3.yahoo.com (nm2-vm6.bullet.mail.sg3.yahoo.com [106.10.148.109]) by mx1.freebsd.org (Postfix) with SMTP id 9F94A8FC1C for ; Fri, 22 Jun 2012 15:38:51 +0000 (UTC) Received: from [106.10.166.120] by nm2.bullet.mail.sg3.yahoo.com with NNFMP; 22 Jun 2012 15:38:50 -0000 Received: from [106.10.151.251] by tm9.bullet.mail.sg3.yahoo.com with NNFMP; 22 Jun 2012 15:38:50 -0000 Received: from [127.0.0.1] by omp1022.mail.sg3.yahoo.com with NNFMP; 22 Jun 2012 15:38:50 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 456289.57040.bm@omp1022.mail.sg3.yahoo.com Received: (qmail 51925 invoked by uid 60001); 22 Jun 2012 15:38:50 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1340379530; bh=1wOgPwIozwiJNl76tGGeGbkSmMsD3jUZ3W5HdYYoLSY=; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=V4/7SQMjPBW5uzqZzhi4KYMEdj/22fbzWfs24bVKkfbIUs2w8l6Q+Kq+jdOWm4rJr4bqHTcClwet9jJpATLIMfcCbUTzloLI4Kz0KknFvPn9C5X+J6gALOOtQM39YO0GSqX6SyeE+E8pY8FykiJ3MfcbhGlKAMOROUzVsJj4Hm8= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=AA0DmtKLk9AmblrWtNaYmDWGR9DyrOgfXfoTC53II9Zfd9k6x+dDqWTz6HMP/wBTwSqKGbDqNSz/cbk2s8+lP1hupOdJtLg6pMcjtTx2EggwIEqgWLJ+oPPmc1EGKO2T8EDaUJ7SOBkNXbsJpn72AOp7iai5HxwVPxCqouhxlQ4=; X-YMail-OSG: gMKAb1IVM1nFUHgjLQSfGfAVKaTPKTojOX61QP6J7bqUK.K pgByAQh9sEDPd1oo8jG7Yf4N3VcrDQ76JT9jfjphmv31dHld9Ro5TXeIDHCh uFG4EdrUsk2SOcV8UrNZ3OmTsABPUOfzAxcNcP9ATY_MFt5GitYmqIffJ9jg LGz6xUMT2eqCrKsFlkdA3.IPsSa6PKOsCW4DY0lbUOUuOqRGgJ_FDh_X5.YH etAXm8rMYYgY8CEPFjGLCC36A1GbI7ONtNwwuw6amsjxF020yLQGMbNYX749 a1tI0g4rrgcUSeNYOEm8dg9X3RQtM0DOsttZQkGVMIb2Qdtm_APSbF2b9Sh. Y1HANrgNLGiOdb8LY8BhtIgwH_eSK2KiIzs9VfBcedcRtervRpayqHhTPwO9 uRbwXFi8DKEYrS8wSXDlXQAmLpJk3Tu81CBHQ0LMg.9lwElTy.xwF4wmUCke 3EiqVq25Gn_pPbDDB0pANvWZcBLOe4lfQWvUJc4SHreN.kv3o4bnUFRSk_p6 GDild3tQGr7rciMzM37_0G_9yj5IapiyM5vq6c2Ti58he Received: from [121.54.50.52] by web190402.mail.sg3.yahoo.com via HTTP; Fri, 22 Jun 2012 23:38:50 SGT X-Mailer: YahooMailWebService/0.8.118.349524 Message-ID: <1340379530.49640.YahooMailNeo@web190402.mail.sg3.yahoo.com> Date: Fri, 22 Jun 2012 23:38:50 +0800 (SGT) From: RetspaN Code To: "FreeBSD-doc@FreeBSD.org" MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: I have a problem to my server running under FreeBSD 8.1 p-1 release X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: RetspaN Code List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jun 2012 15:38:52 -0000 Hello FreeBSD,=0A=0AI have a problem to my server.=0A=0AI'm running FreeBSD= 8.1 p-1 release=0A=0AWhen freebsd got a vulnerable called=A0OpenSSL multip= le vulnerabilities i get my server reboot and shutdown many times. when i c= heck the log on wtmp i found user and use root login thru terminal, it look= s like this:=0A~^@^@^@^@^@^@^@reboot^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^= @^@^@^@^@^@^@=D0=ED=C9Lttyv0^@^@^@root^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^= @^@^@^@^@^@^@^@^@^@=0A=0Aand intruder load their exploit due to my server v= ulnerable of openssl but i did patch it but already late coz the intruder a= lready load their exploit. and users start to reboot and shutdown my server= everytime i up. then user also delete my /home/files.=0Aand now i get this= last problem. specially when running application psybnc it auto crash and = auto kill the process.=0A=0A[root@CyberTech /usr/src]# fetch http://securit= y.FreeBSD.org/patches/SA-12:04/sysret-81.patch=0Afetch: http://security.Fre= eBSD.org/patches/SA-12:04/sysret-81.patch: Permission denied=0A[root@CyberT= ech /usr/src]#=0A=0AI got this error.=0A=0AHeres my current process:=0A=0A[= root@CyberTech /usr/src]# ps x=0A=A0 PID =A0TT =A0STAT =A0 =A0 =A0TIME COMM= AND=0A=A0 =A0 0 =A0?? =A0DLs =A0143:51.96 [kernel]=0A=A0 =A0 1 =A0?? =A0SLs= =A0 =A00:28.75 /sbin/init --=0A=A0 =A0 2 =A0?? =A0DL =A0 =A0 2:49.23 [g_ev= ent]=0A=A0 =A0 3 =A0?? =A0DL =A0 =A032:31.52 [g_up]=0A=A0 =A0 4 =A0?? =A0DL= =A0 =A027:26.45 [g_down]=0A=A0 =A0 5 =A0?? =A0DL =A0 =A0 0:00.01 [sctp_ite= rator]=0A=A0 =A0 6 =A0?? =A0DL =A0 =A0 0:00.00 [xpt_thrd]=0A=A0 =A0 7 =A0??= =A0DL =A0 =A016:27.57 [pagedaemon]=0A=A0 =A0 8 =A0?? =A0DL =A0 =A0 0:00.00= [vmdaemon]=0A=A0 =A0 9 =A0?? =A0DL =A0 =A0 0:00.04 [pagezero]=0A=A0 =A010 = =A0?? =A0DL =A0 =A0 0:00.00 [audit]=0A=A0 =A011 =A0?? =A0RL =A0 91515:47.03= [idle]=0A=A0 =A012 =A0?? =A0WL =A0 918:54.59 [intr]=0A=A0 =A013 =A0?? =A0D= L =A0 =A011:18.45 [yarrow]=0A=A0 =A014 =A0?? =A0DL =A0 =A0 0:49.58 [usb]=0A= =A0 =A015 =A0?? =A0DL =A0 =A0 0:45.70 [acpi_thermal]=0A=A0 =A016 =A0?? =A0D= L =A0 =A0 0:13.93 [bufdaemon]=0A=A0 =A017 =A0?? =A0DL =A0 =A041:59.16 [sync= er]=0A=A0 =A018 =A0?? =A0DL =A0 =A0 0:25.69 [vnlru]=0A=A0 =A019 =A0?? =A0DL= =A0 =A0 0:15.91 [softdepflush]=0A=A0 =A020 =A0?? =A0DL =A0 =A0 1:50.31 [fl= owcleaner]=0A=A0 112 =A0?? =A0Is =A0 =A0 0:00.00 adjkerntz -i=0A=A02046 =A0= ?? =A0Is =A0 =A0 0:00.04 /sbin/devd=0A=A02233 =A0?? =A0DL =A0 =A0 0:01.48 [= accounting]=0A=A02256 =A0?? =A0Ss =A0 =A013:51.56 /usr/local/sbin/syslog-ng= -p /var/run/syslog.pid=0A=A02608 =A0?? =A0Ss =A0 =A0 2:54.56 /usr/bin/perl= /usr/local/lib/webmin-1.580/miniserv.pl /usr/local/etc/webmin/miniserv.con= f (perl5.10.1)=0A=A02707 =A0?? =A0Ss =A0 =A0 0:08.02 /usr/sbin/cron -s=0A= =A02718 =A0?? =A0Is =A0 =A0 0:00.27 /usr/local/bin/portsentry -tcp=0A=A0272= 0 =A0?? =A0Is =A0 =A0 0:00.00 /usr/local/bin/portsentry -udp=0A44606 =A0?? = =A0Is =A0 =A0 0:04.40 /usr/local/sbin/oidentd -C /usr/local/etc/oidentd.con= f=0A79728 =A0?? =A0Is =A0 =A0 0:00.01 /usr/sbin/sshd -u0=0A85824 =A0?? =A0S= s =A0 =A0 0:00.70 sshd: root@pts/13 (sshd)=0A=A04756 =A0v0 =A0Is+ =A0 =A00:= 00.01 /usr/libexec/getty Pc ttyv0=0A=A04757 =A0v1 =A0Is+ =A0 =A00:00.01 /us= r/libexec/getty Pc ttyv1=0A=A04758 =A0v2 =A0Is+ =A0 =A00:00.01 /usr/libexec= /getty Pc ttyv2=0A=A04759 =A0v3 =A0Is+ =A0 =A00:00.01 /usr/libexec/getty Pc= ttyv3=0A=A04760 =A0v4 =A0Is+ =A0 =A00:00.01 /usr/libexec/getty Pc ttyv4=0A= =A04761 =A0v5 =A0Is+ =A0 =A00:00.01 /usr/libexec/getty Pc ttyv5=0A=A04762 = =A0v6 =A0Is+ =A0 =A00:00.01 /usr/libexec/getty Pc ttyv6=0A=A04763 =A0v7 =A0= Is+ =A0 =A00:00.01 /usr/libexec/getty Pc ttyv7=0A85841 =A013 =A0Is =A0 =A0 = 0:00.05 -csh (csh)=0A87998 =A013 =A0S =A0 =A0 =A00:00.04 bash=0A88267 =A013= =A0R+ =A0 =A0 0:00.00 ps x=0A[root@CyberTech /usr/src]#=0A=0ACan you help = me to fix and how to repair my server to avoid crash and getting an error "= Error Creating Socket"=0A=0APlease help me Sir, Thanks!=0A=0A=0ARegards,=0A= =0AFredFoxs