Date: Sat, 27 Nov 2010 14:17:17 +0100 From: Jan Muenther <jan.muenther@nruns.com> To: freebsd-security@freebsd.org Subject: Re: ssh binary modified Message-ID: <4CF104DD.1050405@nruns.com> In-Reply-To: <20101127075543.f4539aec.wmoran@collaborativefusion.com> References: <AANLkTi=eaYSFJygru1NBqkNTBoC=2oKLuDJ1XGkMpEsC@mail.gmail.com> <20101127075543.f4539aec.wmoran@collaborativefusion.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, yeah, that box has been taken over. Now, before you nuke it and reinstall from some trusted media, I'd try and give finding out what exactly happened a shot. My point is that if they got in through e.g. a flaw in a custom web app, just newly setting up the machine and resetting the passwords is not going to make it all go away. You don't have to be a forensics expert to at least have a long good look at the log files. Cheers, Jan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4CF104DD.1050405>