Date: Mon, 02 Dec 2002 13:44:59 -0500 From: Jason Andresen <jandrese@mitre.org> To: Wayne M Barnes <stabilizer@klentaq.com> Cc: freebsd-stable@freebsd.org Subject: Re: psybnc and IRC hack Message-ID: <3DEBAA2B.8060104@mitre.org> In-Reply-To: <20021202123616.A33705@klentaq.com> References: <20021202123616.A33705@klentaq.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Wayne M Barnes wrote: >Dear FreeBSD, > > How can I best recover from, and defend myself from, a hacker >who breaks into my system and runs a program called psybnc >without my permission? I think he is using my system as a front/slave. > > For now, I have killed psybnc, deleted the directory of stuff >that he put in, and changed my password. Is that any good? > > Can there be a real vaccination built in to FreeBSD? > The only way you can be sure now is to do a fresh reinstall of the entire OS from CD. The cracker could have installed any number of nasty little surprises for you, including trojan kernel modules, trojaned binaries, or even a trojaned compiler. You should consider your new password compromisied, as passwd may have been trojaned. If you have an offline backup somewhere from before your system compromised, you may use that as well. -- \ |_ _|__ __|_ \ __| Jason Andresen jandrese@mitre.org |\/ | | | / _| Network and Distributed Systems Engineer _| _|___| _| _|_\___| Office: 703-883-7755 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DEBAA2B.8060104>