Date: 21 Sep 2001 16:18:36 -0400 From: Bill Moran <wmoran@iowna.com> To: ybbor@freedom.net Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Freebsd being hacked Message-ID: <20010921163100.BBFD137B40A@hub.freebsd.org> In-Reply-To: <20010921160628.5AD2337B41A@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 21 Sep 2001 09:06:01 -0700, ybbor@freedom.net wrote: > Hello, > > I have a Breebsd server. It was running freebsd 3.x(not exactly sure) and last week somone used that telnet exploit. so i ran that patch on your site. then i downloaded the freebsd 4.4 iso and upgraded my system. > > Today i try to log in to my computer and i can't telnet in to it. So i went to the box, and i can't log in to it. on the screen it says there was an 'su pop to toor'. and that the kernel log was full. it looks like i was hacked, so i unpluged the comptuer from the network and now i don't know what to do. > > how do i log in to a comptuer if someone changed the root password and disabled every other account? Boot into single user mode and you can change any password you want from there. Reboot, at the countdown, hit a key, then enter "boot -s" However, now that your system is compromised, you need to format the disks, and completely reinstall FreeBSD from scratch, and change all the passwords. You have to assume that everything and anything on that system was compromised. And that any data on that system has been accessed by a hostile person! -Bill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010921163100.BBFD137B40A>