Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 11 Aug 2007 05:10:23 -0700 (PDT)
From:      Mohd Ghalib Akhtar <>
To:        "Heiko Wundram \(Beenic\)" <>,
Subject:   Re: server was hacked
Message-ID:  <>

Next in thread | Raw E-Mail | Index | Archive | Help
hi,=0Ahow to restore delated file or folder in linux=0A =0ATake care=0AMohd=
.Ghalib Akhtar=0A(India.M)9899868681=0A(Africa.M) +255787896861 =0A=0A=0A=
=0A=0A=0A=0A=0A=0A=0A=0A----- Original Message ----=0AFrom: Heiko Wundram (=
Beenic) <>=0ATo: Sa=
turday, August 11, 2007 2:54:29 PM=0ASubject: Re: server was hacked=0A=0A=
=0AAm Samstag 11 August 2007 13:20:31 schrieb Brent:=0A> Im running FBSD 5.=
4 as a web server the server is behind a cisco firewall=0A> /router and the=
 server has alot of CMS jumila / mambo sites on it. I=0A> noticed that when=
 i ran sockstat i was seeing multiple IPs connected to=0A> high ports on th=
e server with a process id of "psybnc" . Did some looking=0A> around & foun=
d that this is a IRC relay program that was installed through=0A> a comprom=
ised mambo site.=0A=0AThat was a know Mambo vulnerability which also hit a =
client of ours. It's not =0Aa root compromise, though, AFAIR.=0A=0A> On FBS=
D how do you checksum binaries on the system to ensure someone hasnt=0A> re=
placed one with there own binary.=0A=0AInstall security/tripwire and config=
ure properly.=0A=0A-- =0AHeiko Wundram=0AProduct & Application Development=
=0A_______________________________________________=0Afreebsd-questions@free= mailing list=0A
estions=0ATo unsubscribe, send any mail to "freebsd-questions-unsubscribe@f="=0A=0A=0A      _________________________________________________=
___________________________________=0ALuggage? GPS? Comic books? =0ACheck o=
ut fitting gifts for grads at Yahoo! Search=0A

Want to link to this message? Use this URL: <>