Date: Sun, 25 Nov 2001 15:35:51 +0300 (EAT) From: <ksemat@wawa.eahd.or.ug> To: "Bill A. K." <billak@fox56.tv> Cc: <freebsd-isp@FreeBSD.ORG> Subject: Re: Attack on server, need help ASAP Message-ID: <Pine.LNX.4.33.0111251533340.16543-100000@sanyu1.sanyutel.com> In-Reply-To: <000a01c1751e$b4fe5500$6501a8c0@bill>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 24 Nov 2001, Bill A. K. wrote: > My server was just attacked.........someone tried logging in telnet, and apparently shut down the telnet daemon from trying (over 400 times)....theres NOTHING in the logs, the ips were on the screen, but stupid me started typing stuff and now they're gone. Is there a way to get back what was on the screen, like a history of stdout? Please, someone help, asap, I would really appreciate it. Not a solution to your problem but I may as well ask: 1.Why are you running telnet when there is ssh? 2. Is your Freebsd machine patched against the telnetd exploit which was relased some months ago? if nto start looking for signs of intrusion and thhink of a reinstall. 3. Do a cvsup to the latest release or stable version of freeBSD. Noah. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.33.0111251533340.16543-100000>