From owner-freebsd-questions  Wed Sep  5 17:40:50 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from femail40.sdc1.sfba.home.com (femail40.sdc1.sfba.home.com [24.254.60.34])
	by hub.freebsd.org (Postfix) with ESMTP id 0337037B406
	for <freebsd-questions@FreeBSD.ORG>; Wed,  5 Sep 2001 17:40:47 -0700 (PDT)
Received: from amarildo ([24.42.114.66]) by femail40.sdc1.sfba.home.com
          (InterMail vM.4.01.03.20 201-229-121-120-20010223) with SMTP
          id <20010906004046.XSKJ4874.femail40.sdc1.sfba.home.com@amarildo>
          for <freebsd-questions@FreeBSD.ORG>;
          Wed, 5 Sep 2001 17:40:46 -0700
Message-ID: <000e01c12085$191d62e0$6100a8c0@amarildo>
From: "abby" <art@cristhal.com>
To: <freebsd-questions@FreeBSD.ORG>
Subject: pid account hacked
Date: Wed, 8 Aug 2001 20:40:56 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_000B_01C1204A.6C68C9C0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

This is a multi-part message in MIME format.

------=_NextPart_000_000B_01C1204A.6C68C9C0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I have a question regarding system accounts if I seem a bit non oriented =
its because I am somewhat new to unix security issues well someone =
hacked into one of the system accounts using a root kit I was lead to =
believe but they got in as=20
pid user=20

pid              ttyp0    141.13.3.9       Wed Sep  5 06:09 - 06:11  =
(00:05)

and I Was able to view them through who or w=20
this was totally freaking me out so first thing I Did was delete the =
user I was wondering
if you could give me more information on how this hapend to prevent =
system accounts from being hacked again
someone said I should email here and ask thanx in advance

------=_NextPart_000_000B_01C1204A.6C68C9C0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2600.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>I have a question regarding system =
accounts if I=20
seem a bit non oriented its because I am somewhat new to unix security =
issues=20
well someone hacked into one of the system accounts using a root kit I =
was lead=20
to believe but they got in as </FONT></DIV>
<DIV><FONT face=3DArial size=3D2>pid user </FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial=20
size=3D2>pid&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;=20
ttyp0&nbsp;&nbsp;&nbsp; 141.13.3.9&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
Wed=20
Sep&nbsp; 5 06:09 - 06:11&nbsp; (00:05)</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>and I Was able to view them through who =
or w=20
</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>this was totally freaking me out so =
first thing I=20
Did was delete the user I was wondering</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>if you could give me more information =
on how this=20
hapend to prevent system accounts from being hacked again<BR>someone =
said I=20
should email here and ask thanx in advance</FONT></DIV></BODY></HTML>

------=_NextPart_000_000B_01C1204A.6C68C9C0--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message