Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 11 Aug 2007 05:10:23 -0700 (PDT)
From:      Mohd Ghalib Akhtar <md_ghalib@yahoo.com>
To:        "Heiko Wundram \(Beenic\)" <wundram@beenic.net>, freebsd-questions@freebsd.org
Subject:   Re: server was hacked
Message-ID:  <362502.40629.qm@web43134.mail.sp1.yahoo.com>

next in thread | raw e-mail | index | archive | help
hi,=0Ahow to restore delated file or folder in linux=0A =0ATake care=0AMohd=
.Ghalib Akhtar=0A(India.M)9899868681=0A(Africa.M) +255787896861 =0A=0A=0A=
=0A=0A=0A=0A=0A=0A=0A=0A----- Original Message ----=0AFrom: Heiko Wundram (=
Beenic) <wundram@beenic.net>=0ATo: freebsd-questions@freebsd.org=0ASent: Sa=
turday, August 11, 2007 2:54:29 PM=0ASubject: Re: server was hacked=0A=0A=
=0AAm Samstag 11 August 2007 13:20:31 schrieb Brent:=0A> Im running FBSD 5.=
4 as a web server the server is behind a cisco firewall=0A> /router and the=
 server has alot of CMS jumila / mambo sites on it. I=0A> noticed that when=
 i ran sockstat i was seeing multiple IPs connected to=0A> high ports on th=
e server with a process id of "psybnc" . Did some looking=0A> around & foun=
d that this is a IRC relay program that was installed through=0A> a comprom=
ised mambo site.=0A=0AThat was a know Mambo vulnerability which also hit a =
client of ours. It's not =0Aa root compromise, though, AFAIR.=0A=0A> On FBS=
D how do you checksum binaries on the system to ensure someone hasnt=0A> re=
placed one with there own binary.=0A=0AInstall security/tripwire and config=
ure properly.=0A=0A-- =0AHeiko Wundram=0AProduct & Application Development=
=0A_______________________________________________=0Afreebsd-questions@free=
bsd.org mailing list=0Ahttp://lists.freebsd.org/mailman/listinfo/freebsd-qu=
estions=0ATo unsubscribe, send any mail to "freebsd-questions-unsubscribe@f=
reebsd.org"=0A=0A=0A      _________________________________________________=
___________________________________=0ALuggage? GPS? Comic books? =0ACheck o=
ut fitting gifts for grads at Yahoo! Search=0Ahttp://search.yahoo.com/searc=
h?fr=3Doni_on_mail&p=3Dgraduation+gifts&cs=3Dbz



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?362502.40629.qm>