Date: Thu, 18 Oct 2001 10:09:08 -0600 From: "Tomek" <tomek@mpionline.com> To: <freebsd-questions@FreeBSD.ORG> Subject: Re: I got hacked, I think Message-ID: <018801c157ef$37ec0720$f6f073d1@mpionline.com> References: <20011018131823.Y621-100000@jodie.ncptiddische.net> <011e01c157cf$9b401700$f6f073d1@mpionline.com> <20011018165057.V3734@ns2.wananchi.com> <01e701c157e4$f012abc0$f6f073d1@mpionline.com> <20011018180513.C3734@ns2.wananchi.com> <20011018114805.E70327@acadia.ne.mediaone.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> One reason why a bootup password would help on a system you can't keep > physically secure. Not really a concern because the computer is physically very secure. > I don't have a Broot either. What version of FreeBSD are you running? > I have root and toor as the only uid 0 accounts. Just looking at google will show that MANY people have it. As I mentioned previously, I have: VERSION: FreeBSD 4.3-RELEASE (GENERIC) #0: Sat Apr 21 10:54:49 GMT 2001 > This is probably part of the inn port. This person may have set you We have a news server running, but that is not the problem, the problem is that we have not touched or changed the news server in at least several months, so to have it suddenly record changes is not normal. > I'd say backup everything for evidence/tracking/study/etc. and reinstall. Problem is that I can't find anything, so I am hoping the next time they do something I WILL find something. Its clear they installed sudo, they hacked the system, they are changing file permissions AND covering sudo tracks in logs. Clearly they have not COMPLETELY broken root because they would have deleted their l-x user tracks and just used root instead. I need to find out WHAT this person wants and what they have already done. As for Broot... that concerns me, does anyone else HAVE it, or am I only one? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?018801c157ef$37ec0720$f6f073d1>