From owner-freebsd-security@FreeBSD.ORG Mon Jun 27 10:32:06 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0EBA116A41C for ; Mon, 27 Jun 2005 10:32:06 +0000 (GMT) (envelope-from jan.muenther@nruns.com) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.188]) by mx1.FreeBSD.org (Postfix) with ESMTP id 826B043D1F for ; Mon, 27 Jun 2005 10:32:04 +0000 (GMT) (envelope-from jan.muenther@nruns.com) Received: from port-212-202-171-134.dynamic.qsc.de [212.202.171.134] (helo=[10.0.0.102]) by mrelayeu.kundenserver.de with ESMTP (Nemesis), id 0ML21M-1DmquI0c5u-0006wa; Mon, 27 Jun 2005 12:32:02 +0200 Message-ID: <42BFD5A4.4070208@nruns.com> Date: Mon, 27 Jun 2005 12:32:04 +0200 From: Jan Muenther User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: de-DE, de, en-us, en MIME-Version: 1.0 To: Oleg Rusanov References: <1344959974.20050627142110@molecon.ru> In-Reply-To: <1344959974.20050627142110@molecon.ru> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Provags-ID: kundenserver.de abuse@kundenserver.de login:9a8a46f2b40f7808f7699def63624ac2 Cc: freebsd-security Subject: Re: "sh -i" My server was hacked. How can i found hole on my server? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Jun 2005 10:32:06 -0000 Reinstall from trusted media, then restore backups of your data (data only, mind you). I'd also really advise against using something with a security history like phpBB's. FWIW, faulty PHP apps are one of the most common ways of breaking into Unix-ish boxes for the kids nowadays. Cheers, j.