From owner-freebsd-net Mon Dec 18 10:52:39 2000 From owner-freebsd-net@FreeBSD.ORG Mon Dec 18 10:52:37 2000 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from apollo.ocsny.com (apollo.ocsny.com [204.107.76.2]) by hub.freebsd.org (Postfix) with ESMTP id 0ED3337B402 for ; Mon, 18 Dec 2000 10:52:28 -0800 (PST) Received: from ocsinternet.com (fw234.ocsny.com [204.107.76.234]) by apollo.ocsny.com (8.9.2/8.9.3) with ESMTP id NAA77404; Mon, 18 Dec 2000 13:52:31 -0500 (EST) Message-ID: <3A3E5C33.793B5684@ocsinternet.com> Date: Mon, 18 Dec 2000 13:49:23 -0500 From: mikel X-Mailer: Mozilla 4.73 [en] (Windows NT 5.0; I) X-Accept-Language: en MIME-Version: 1.0 To: "Zaitsau, Andrei" Cc: net@FreeBSD.ORG Subject: Re: Hacked computer References: <054F7DAA9E54D311AD090008C74CE9BD01F1E7CB@exchange.panasonicfa.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org If you've been rooted, then the logs are probably no good. But check you wtmp for logons, and messages, and well if you don't see anything unusual there then the've prabaly been wiped. Have regained root yet? personally I would pull the box off net and backup theimportant config stuff, then blast it....but hey I tend to be a bit of an extremist in these cases... Cheers, mikel "Zaitsau, Andrei" wrote: > Hello everyone, > I have a problem, in the morning someone hacked into my computer at home. It > is ADSL Gateway running FreeBSD 3.4 , root password is changed by hacker. > Can anyone tell where on the system I can find some tracks of a hacker? > What should I check first? > Which log files? > Anyone? Please? > Thanks. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message