Date: Sat, 22 Sep 2001 21:19:22 -0400 From: "jason" <kib@mediaone.net> To: "Rob" <europax@home.com>, <ybbor@freedom.net> Cc: <freebsd-questions@FreeBSD.ORG> Subject: Re: Freebsd being hacked Message-ID: <01c801c143cd$c9dc4fe0$89941bd8@speakeasy.net> References: <20010921160628.5AD2337B41A@hub.freebsd.org> <3BAB66EB.2C80217B@home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
You should first try to boot in single user mode to recover the root password. Do so by pressing any other key when you see the 10 second count down. At the prompt type: boot -S Then after the system boot up to the command prompt mount your drives with: mount -A At that point you should be able to use the passwd command. Also you should NEVER allow telnet access to the root or toor accounts (at least in my opinion). If you need root access from remote then create a regular account and add it to the wheel group. You can login and us the SU command to deal with root tasks. Also be sure that you either delete toor or set a password for it. I personally do not like the account so I delete it after install. That's the extent of my limited expertise. If you need any more help let me know. ----- Original Message ----- From: "Rob" <europax@home.com> To: <ybbor@freedom.net> Cc: <freebsd-questions@FreeBSD.ORG> Sent: Friday, September 21, 2001 12:12 PM Subject: Re: Freebsd being hacked > > ybbor@freedom.net wrote: > > > > Hello, > > > > I have a Breebsd server. It was running freebsd 3.x(not exactly sure) > > and last week somone used that telnet exploit. so i ran that patch on > > your site. then i downloaded the freebsd 4.4 iso and upgraded my > > system. > > > > Today i try to log in to my computer and i can't telnet in to it. So > > i went to the box, and i can't log in to it. on the screen it says > > there was an 'su pop to toor'. and that the kernel log was full. it > > looks like i was hacked, so i unpluged the comptuer from the network > > and now i don't know what to do. > > > > how do i log in to a comptuer if someone changed the root password and > > disabled every other account? > > > > thanks > > -Robby Ticknor > > > > ________________________________________________________________________ > > > > Protect your privacy! - Get Freedom 2.0 at http://www.freedom.net > > I'd reinstall the OS from an ISO disk. Others with more experience in > this might have a better solution. > > Rob. > -- > The Numeric Python EM Project > > www.members.home.net/europax > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01c801c143cd$c9dc4fe0$89941bd8>