Date: Mon, 04 Jan 1999 20:00:21 -0500 From: Mike Alich <hostmaster@cctinc.net> To: freebsd-questions@FreeBSD.ORG Subject: HACKED & SECURITY Message-ID: <36916425.10286B80@cctinc.net>
next in thread | raw e-mail | index | archive | help
I am hoping you can help me... My server got hacked and there was no evidence in the root .history file of there actions. I believe they have a backdoor program on the server they run. I have disabled all shell login except myself. The only inetd running is FTP and qpopper mail server. I only use ssh for server access And I have done binary file restores from the live file system cd to the following: /bin /sbin /usr/bin /usr/sbin /usr/libexec Is there any other file areas (binaries) I need to restore? I have run diff's on all of the above files and they are good. Also do you have any ideas of how they got in. I believe they have been in for a while now. I really cant do a full re-install because there is too much custom work on the server. Any suggestions would be appreciated. Thanks in advanced! -- Mike Alich mike@cctinc.net Cyber Communication Technologies, Inc. Web Hosting and Internet Solutions. http://www.cctinc.net Virtual Web Hosting $14.95 per month To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?36916425.10286B80>