From owner-freebsd-security  Sun Mar  3 18:19:35 2002
Delivered-To: freebsd-security@freebsd.org
Received: from imation.homenetweb.com (noc-p5-3-ky-4.homenetweb.com [216.7.67.90])
	by hub.freebsd.org (Postfix) with ESMTP id 18B0437B400
	for <freebsd-security@FreeBSD.ORG>; Sun,  3 Mar 2002 18:19:32 -0800 (PST)
Received: from noc2 (d2i-dialin-65.kl.terranova.net [216.89.230.65])
	by imation.homenetweb.com (8.12.2/8.12.2) with SMTP id g242JRou023532;
	Sun, 3 Mar 2002 21:19:28 -0500 (EST)
Message-ID: <000c01c1c322$df0f22a0$0101a8c0@noc2>
From: "Richard Ward" <mh@homenetweb.com>
To: "David" <habeeb@cfl.rr.com>, <freebsd-security@FreeBSD.ORG>
References: <006101c1c310$7b823b30$ff7e2341@mercenary>
Subject: Re: http://users.uk.freebsd.org/~juha/
Date: Sun, 3 Mar 2002 21:17:50 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2615.200
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

David,

   From what I can see, it looks as if they've just guessed a possible weak
password in the 'juha' account. Most defacement "hackers" wouldn't pass up
an opportunity to deface the main domain, if they had access to it. I don't
think that users.uk.freebsd.org was compromised to give these people any
special access above a user account. That's just my opinion. However, I
would alert the users.uk.freebsd.org administration about this as soon as
possible; for it shouldn't be taken lightly.

What always bugged me was how poor spelling these so called "hackers"
display.
--
Richard Ward, GM
Home Net Web, Inc.
http://homenetweb.com



----- Original Message -----
From: David <habeeb@cfl.rr.com>
To: <freebsd-security@FreeBSD.ORG>
Sent: Sunday, March 03, 2002 7:06 PM
Subject: http://users.uk.freebsd.org/~juha/


> What is the story with this site being compromised?  Any facts behind
this?
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message